Submitted URL: https://notepad.pw/
Effective URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Submission: On June 07 via manual from CA — Scanned from CA

Summary

This website contacted 82 IPs in 7 countries across 100 domains to perform 322 HTTP transactions. The main IP is 151.139.128.11, located in United States and belongs to STACKPATH-CDN, US. The main domain is notepad.pw. The Cisco Umbrella rank of the primary domain is 706219.
TLS certificate: Issued by R3 on May 6th 2023. Valid for: 3 months.
This is the only time notepad.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 151.139.128.11 20446 (STACKPATH...)
1 2607:f8b0:400... 15169 (GOOGLE)
9 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a02:6ea0:c45... 60068 (CDN77 ^_^)
2 2607:f8b0:400... 15169 (GOOGLE)
5 2606:4700::68... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
3 2600:1901:0:3... 15169 (GOOGLE)
11 34.160.152.31 396982 (GOOGLE-CL...)
4 2607:f8b0:400... 15169 (GOOGLE)
1 2600:9000:23c... 16509 (AMAZON-02)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 3 18.164.116.98 16509 (AMAZON-02)
4 34.111.152.239 396982 (GOOGLE-CL...)
2 2606:4700:440... 13335 (CLOUDFLAR...)
5 2607:f8b0:400... 15169 (GOOGLE)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 2607:f8b0:400... 15169 (GOOGLE)
6 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 142.250.65.198 15169 (GOOGLE)
2 34.160.128.112 15169 (GOOGLE)
2 130.211.23.194 15169 (GOOGLE)
3 18.164.108.196 16509 (AMAZON-02)
1 3 13.226.34.62 16509 (AMAZON-02)
1 1 2600:9000:23c... 16509 (AMAZON-02)
1 2 108.139.47.49 16509 (AMAZON-02)
1 23.64.21.88 16625 (AKAMAI-AS)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 18.211.132.19 14618 (AMAZON-AES)
1 2 2620:100:a001::c 19750 (AS-CRITEO)
2 4 2620:116:800b... 14618 (AMAZON-AES)
2 18.164.98.157 16509 (AMAZON-02)
2 74.119.119.139 19750 (AS-CRITEO)
7 8 35.71.131.137 16509 (AMAZON-02)
1 2a04:4e42:400... 54113 (FASTLY)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 108.138.128.124 16509 (AMAZON-02)
8 52.4.33.45 14618 (AMAZON-AES)
8 34.107.140.113 396982 (GOOGLE-CL...)
2 2602:803:c002... 26667 (RUBICONPR...)
2 104.18.25.185 13335 (CLOUDFLAR...)
2 35.190.39.111 15169 (GOOGLE)
1 2 34.120.135.53 396982 (GOOGLE-CL...)
1 2600:9000:21d... 16509 (AMAZON-02)
1 2 44.213.57.151 14618 (AMAZON-AES)
2 4 141.95.33.111 16276 (OVH)
2 5 34.202.191.141 14618 (AMAZON-AES)
1 162.19.138.116 16276 (OVH)
3 24 52.46.128.147 16509 (AMAZON-02)
2 14 35.244.159.8 15169 (GOOGLE)
1 3 2600:1f18:4e9... 14618 (AMAZON-AES)
17 29 142.250.80.34 15169 (GOOGLE)
7 8 68.67.160.186 29990 (ASN-APPNEX)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
14 2607:f8b0:400... 15169 (GOOGLE)
9 2607:f8b0:400... 15169 (GOOGLE)
10 10 35.211.178.172 19527 (GOOGLE-2)
1 1 23.215.40.23 16625 (AKAMAI-AS)
3 3 54.242.205.90 14618 (AMAZON-AES)
2 2 34.171.234.26 396982 (GOOGLE-CL...)
3 12 192.40.39.223 27381 (CASALE-MEDIA)
1 1 20.127.253.7 8075 (MICROSOFT...)
6 11 3.233.8.239 14618 (AMAZON-AES)
3 50.16.16.77 14618 (AMAZON-AES)
2 104.127.172.242 16625 (AKAMAI-AS)
2 5 198.148.27.140 19189 (PULSEPOINT)
3 4 34.200.65.202 14618 (AMAZON-AES)
2 2 23.92.190.74 10913 (INTERNAP-BLK)
2 19 63.251.114.136 32475 (SINGLEHOP...)
6 52.73.67.166 14618 (AMAZON-AES)
2 2 52.223.22.214 16509 (AMAZON-02)
2 3 35.190.60.146 15169 (GOOGLE)
2 2 107.178.254.65 15169 (GOOGLE)
1 1 34.98.67.3 396982 (GOOGLE-CL...)
2 2 2620:112:f002... 6336 (TURN-US-ASN)
2 2 151.101.194.49 54113 (FASTLY)
7 10 69.173.151.100 26667 (RUBICONPR...)
6 6 162.248.18.32 62713 (AS-PUBMATIC)
2 2 162.248.18.37 62713 (AS-PUBMATIC)
2 2 8.28.7.84 62713 (AS-PUBMATIC)
1 1 67.202.105.21 32748 (STEADFAST)
1 1 63.251.28.233 13789 (INTERNAP-...)
2 2 2606:ae80:145... 25751 (VALUECLICK)
3 3 64.74.236.31 22075 (AS-OUTBRAIN)
1 1 23.197.21.62 16625 (AKAMAI-AS)
2 2 54.147.151.176 14618 (AMAZON-AES)
1 1 35.190.90.30 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2 8.43.72.98 26667 (RUBICONPR...)
1 67.220.228.203 ()
1 2620:1ec:21::14 8068 (MICROSOFT...)
7 23.215.41.73 ()
4 4 185.184.8.90 204995 (RTB-HOUSE...)
2 2 35.210.53.219 ()
3 3 18.205.123.156 14618 (AMAZON-AES)
2 2 35.207.24.140 15169 (GOOGLE)
3 3 207.198.113.204 13768 (COGECO-PEER1)
2 3 34.111.113.62 396982 (GOOGLE-CL...)
1 1 169.197.150.7 398989 (DEEPINTENT)
4 4 199.127.204.171 26120 (RHYTHMONE)
2 142.250.65.226 ()
1 2607:f8b0:400... ()
1 1 69.166.1.10 ()
1 1 199.38.167.131 ()
1 2 51.222.39.185 ()
1 23.215.41.170 ()
1 2 35.227.252.103 ()
1 1 74.121.140.211 ()
1 1 50.16.251.137 ()
1 146.75.34.132 ()
2 64.202.112.127 ()
322 82
Apex Domain
Subdomains
Transfer
39 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218
ad.doubleclick.net — Cisco Umbrella Rank: 182
cm.g.doubleclick.net — Cisco Umbrella Rank: 248
googleads.g.doubleclick.net — Cisco Umbrella Rank: 54
googleads4.g.doubleclick.net
184 KB
30 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 353
aax.amazon-adsystem.com — Cisco Umbrella Rank: 443
s.amazon-adsystem.com — Cisco Umbrella Rank: 335
aax-eu.amazon-adsystem.com
80 KB
23 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 127
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 154
133 KB
21 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 724
ce.lijit.com — Cisco Umbrella Rank: 1019
30 KB
18 openx.net
oajs.openx.net — Cisco Umbrella Rank: 1359
google-bidout-d.openx.net — Cisco Umbrella Rank: 1367
us-u.openx.net — Cisco Umbrella Rank: 491
u.openx.net — Cisco Umbrella Rank: 723
rtb.openx.net
4 KB
16 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 526
eus.rubiconproject.com — Cisco Umbrella Rank: 627
pixel.rubiconproject.com — Cisco Umbrella Rank: 375
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1154
token.rubiconproject.com — Cisco Umbrella Rank: 636
20 KB
16 pub.network
a.pub.network — Cisco Umbrella Rank: 5554
d.pub.network — Cisco Umbrella Rank: 5880
c.pub.network — Cisco Umbrella Rank: 5678
384 KB
15 yahoo.com
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1358
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 454
ups.analytics.yahoo.com — Cisco Umbrella Rank: 334
4 KB
14 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 589
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 490
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 612
dsum.casalemedia.com — Cisco Umbrella Rank: 1549
11 KB
13 notepad.pw
notepad.pw — Cisco Umbrella Rank: 706219
live.notepad.pw
57 KB
11 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 566
7 KB
10 pubmatic.com
image8.pubmatic.com — Cisco Umbrella Rank: 712
image2.pubmatic.com — Cisco Umbrella Rank: 971
image4.pubmatic.com — Cisco Umbrella Rank: 1167
ads.pubmatic.com Failed
3 KB
10 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 356
5 KB
9 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 263
205 KB
8 outbrain.com
widgets.outbrain.com
widget-pixels.outbrain.com
odb.outbrain.com
mcdp-sadc1.outbrain.com Failed
102 KB
8 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 244
8 KB
8 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 686
sync-amz.ads.yieldmo.com — Cisco Umbrella Rank: 6153
sync-pm.ads.yieldmo.com — Cisco Umbrella Rank: 6845
5 KB
8 t13.io
s2s.t13.io — Cisco Umbrella Rank: 5352
3 KB
8 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 385
4 KB
6 yellowblue.io
cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 3806
cs.yellowblue.io — Cisco Umbrella Rank: 2975
3 KB
6 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 785
id5-sync.com — Cisco Umbrella Rank: 427
38 KB
6 intentiq.com
api.intentiq.com — Cisco Umbrella Rank: 1616
sync.intentiq.com — Cisco Umbrella Rank: 1246
syncv4.intentiq.com — Cisco Umbrella Rank: 18002
5 KB
6 ad.gt
id.hadron.ad.gt — Cisco Umbrella Rank: 2356
477 B
5 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 625
5 KB
5 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 1396
creativecdn.com — Cisco Umbrella Rank: 492
4 KB
5 websitepolicies.io
www.websitepolicies.io — Cisco Umbrella Rank: 203643
cdn.websitepolicies.io — Cisco Umbrella Rank: 85010
11 KB
4 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1195
pixel.quantserve.com — Cisco Umbrella Rank: 973
cms.quantserve.com — Cisco Umbrella Rank: 817
10 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 413
mug.criteo.com — Cisco Umbrella Rank: 2161
dis.criteo.com Failed
1 KB
4 optimise.net
optimise.net — Cisco Umbrella Rank: 7209
1 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 57
21 KB
3 outbrainimg.com
tcheck.outbrainimg.com
log.outbrainimg.com
images.outbrainimg.com Failed
1 KB
3 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 630
2 KB
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 511
1 KB
3 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 729
2 KB
3 clickagy.com
aorta.clickagy.com — Cisco Umbrella Rank: 2283
1 KB
3 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 569
2 KB
3 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 588
1 KB
3 google.com
adservice.google.com — Cisco Umbrella Rank: 106
www.google.com — Cisco Umbrella Rank: 3
2 KB
3 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1009
bcp.crwdcntrl.net — Cisco Umbrella Rank: 948
sync.crwdcntrl.net — Cisco Umbrella Rank: 937
13 KB
3 rlcdn.com
api.rlcdn.com Failed
id.rlcdn.com — Cisco Umbrella Rank: 727
idsync.rlcdn.com — Cisco Umbrella Rank: 433
1 KB
3 btloader.com
btloader.com — Cisco Umbrella Rank: 1063
api.btloader.com — Cisco Umbrella Rank: 1168
82 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 206
134 KB
3 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 157
3 KB
3 cumbersomecarpenter.com
cumbersomecarpenter.com — Cisco Umbrella Rank: 77414
23 KB
2 onetag-sys.com
onetag-sys.com
486 B
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 1152
804 B
2 admedo.com
pool.admedo.com
743 B
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 991
1 KB
2 dotomi.com
pulsepoint-match.dotomi.com — Cisco Umbrella Rank: 8002
620 B
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 748
621 B
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 1017
875 B
2 pippio.com
pippio.com — Cisco Umbrella Rank: 840
879 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 406
739 B
2 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 953
1 KB
2 rtbhouse.com
esp.rtbhouse.com — Cisco Umbrella Rank: 1513
335 B
2 amazon.dev
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 826
455 B
2 floors.dev
api.floors.dev — Cisco Umbrella Rank: 9079
910 B
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1143
1 KB
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1528
95 KB
2 gstatic.com
fonts.gstatic.com
28 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 75
129 KB
2 wpcc.io
wpcc.io — Cisco Umbrella Rank: 117530
758 B
1 ipredictive.com
sync.ipredictive.com
469 B
1 mathtag.com
sync.mathtag.com
651 B
1 rfihub.com
a.rfihub.com
1 KB
1 sonobi.com
sync.go.sonobi.com
872 B
1 2mdn.net
s0.2mdn.net
63 KB
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1292
584 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 1156
329 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 390
516 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 1219
636 B
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 578
751 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 629
489 B
1 33across.com
ssc-cms.33across.com — Cisco Umbrella Rank: 1135
503 B
1 linksynergy.com
tags.rd.linksynergy.com — Cisco Umbrella Rank: 4646
392 B
1 inmobi.com
sync.inmobi.com — Cisco Umbrella Rank: 1420
622 B
1 media.net
cs.media.net — Cisco Umbrella Rank: 1595
665 B
1 google.ca
adservice.google.ca — Cisco Umbrella Rank: 13447
531 B
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1101
397 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1130
1 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 1497
8 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 377
896 B
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1326
17 KB
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 2540
10 KB
1 videoplayerhub.com
freestar-io.videoplayerhub.com — Cisco Umbrella Rank: 6892
462 B
1 adsafeprotected.com
static.adsafeprotected.com — Cisco Umbrella Rank: 634
481 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67
1 KB
0 rtbsystem.com Failed
cm.rtbsystem.com Failed
0 bing.com Failed
c.bing.com Failed
0 smartadserver.com Failed
ssbsync.smartadserver.com Failed
0 smaato.net Failed
s.ad.smaato.net Failed
0 360yield.com Failed
ice.360yield.com Failed
0 exelator.com Failed
loadus.exelator.com Failed
0 geistm.com Failed
id.geistm.com Failed
0 eyeota.net Failed
ps.eyeota.net Failed
0 adition.com Failed
dsp.adfarm1.adition.com Failed
0 agkn.com Failed
aa.agkn.com Failed
0 krxd.net Failed
beacon.krxd.net Failed
0 im-apps.net Failed
sync-jp.im-apps.net Failed
0 demdex.net Failed
dpm.demdex.net Failed
322 100
Domain Requested by
29 cm.g.doubleclick.net 17 redirects google-bidout-d.openx.net
sync-amz.ads.yieldmo.com
eus.rubiconproject.com
googleads.g.doubleclick.net
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
widgets.outbrain.com
24 s.amazon-adsystem.com 3 redirects c.amazon-adsystem.com
google-bidout-d.openx.net
s.amazon-adsystem.com
u.openx.net
match.sharethrough.com
cs-server-s2s.yellowblue.io
sync-amz.ads.yieldmo.com
bh.contextweb.com
ssum-sec.casalemedia.com
eus.rubiconproject.com
ce.lijit.com
19 ce.lijit.com 2 redirects s.amazon-adsystem.com
a.pub.network
ce.lijit.com
14 pagead2.googlesyndication.com notepad.pw
tpc.googlesyndication.com
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
11 match.sharethrough.com 6 redirects s.amazon-adsystem.com
match.sharethrough.com
11 us-u.openx.net 2 redirects google-bidout-d.openx.net
u.openx.net
10 x.bidswitch.net 10 redirects widgets.outbrain.com
10 c.pub.network notepad.pw
9 cdnjs.cloudflare.com notepad.pw
cdnjs.cloudflare.com
9 notepad.pw 1 redirects notepad.pw
8 dsum-sec.casalemedia.com 2 redirects ssum-sec.casalemedia.com
googleads.g.doubleclick.net
8 ib.adnxs.com 7 redirects googleads.g.doubleclick.net
widgets.outbrain.com
8 s2s.t13.io notepad.pw
ce.lijit.com
u.openx.net
8 c2shb.pubgw.yahoo.com notepad.pw
8 match.adsrvr.org 7 redirects notepad.pw
widgets.outbrain.com
7 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
googleads.g.doubleclick.net
6 widgets.outbrain.com securepubads.g.doubleclick.net
widgets.outbrain.com
6 image8.pubmatic.com 6 redirects widgets.outbrain.com
6 pixel.rubiconproject.com 3 redirects eus.rubiconproject.com
6 id.hadron.ad.gt notepad.pw
5 bh.contextweb.com 2 redirects s.amazon-adsystem.com
bh.contextweb.com
widgets.outbrain.com
5 ads.yieldmo.com 2 redirects sync-amz.ads.yieldmo.com
5 securepubads.g.doubleclick.net www.googletagservices.com
notepad.pw
5 a.pub.network notepad.pw
a.pub.network
4 creativecdn.com 4 redirects widgets.outbrain.com
4 token.rubiconproject.com 4 redirects
4 ups.analytics.yahoo.com 3 redirects u.openx.net
widgets.outbrain.com
4 id5-sync.com 2 redirects notepad.pw
widgets.outbrain.com
4 optimise.net notepad.pw
4 live.notepad.pw notepad.pw
4 www.google-analytics.com www.googletagmanager.com
notepad.pw
3 sync.1rx.io 3 redirects
3 pixel.tapad.com 2 redirects u.openx.net
3 pixel-sync.sitescout.com 3 redirects widgets.outbrain.com
3 aorta.clickagy.com 3 redirects
3 b1sync.zemanta.com 3 redirects widgets.outbrain.com
3 cs.yellowblue.io cs-server-s2s.yellowblue.io
3 cs-server-s2s.yellowblue.io s.amazon-adsystem.com
cs-server-s2s.yellowblue.io
3 ssum-sec.casalemedia.com 1 redirects s.amazon-adsystem.com
ssum-sec.casalemedia.com
widgets.outbrain.com
3 match.prod.bidr.io 3 redirects
3 pr-bh.ybp.yahoo.com 1 redirects google-bidout-d.openx.net
ssum-sec.casalemedia.com
3 api.intentiq.com 1 redirects notepad.pw
3 c.amazon-adsystem.com a.pub.network
notepad.pw
3 www.googletagservices.com a.pub.network
securepubads.g.doubleclick.net
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
3 sb.scorecardresearch.com 1 redirects a.pub.network
3 cumbersomecarpenter.com a.pub.network
notepad.pw
3 cdn.websitepolicies.io notepad.pw
wpcc.io
2 log.outbrainimg.com widgets.outbrain.com
2 rtb.openx.net 1 redirects u.openx.net
2 onetag-sys.com 1 redirects
2 googleads4.g.doubleclick.net googleads.g.doubleclick.net
2 googleads.g.doubleclick.net 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
pagead2.googlesyndication.com
2 rtb.mfadsrvr.com 2 redirects widgets.outbrain.com
2 pool.admedo.com 2 redirects
2 cms.quantserve.com 2 redirects widgets.outbrain.com
2 pixel-us-east.rubiconproject.com 2 redirects widgets.outbrain.com
2 www.google.com tpc.googlesyndication.com
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
2 pm.w55c.net 2 redirects
2 pulsepoint-match.dotomi.com 2 redirects
2 sync-pm.ads.yieldmo.com cs-server-s2s.yellowblue.io
sync-amz.ads.yieldmo.com
2 image4.pubmatic.com 2 redirects
2 image2.pubmatic.com 2 redirects
2 sync-tm.everesttech.net 2 redirects
2 ad.turn.com 2 redirects
2 pippio.com 2 redirects
2 id.rlcdn.com 2 redirects widgets.outbrain.com
2 eb2.3lift.com 2 redirects
2 ap.lijit.com 2 redirects
2 eus.rubiconproject.com s.amazon-adsystem.com
eus.rubiconproject.com
2 u.openx.net s.amazon-adsystem.com
a.pub.network
widgets.outbrain.com
2 um.simpli.fi 2 redirects
2 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 oajs.openx.net 1 redirects
2 esp.rtbhouse.com notepad.pw
2 htlb.casalemedia.com notepad.pw
2 fastlane.rubiconproject.com notepad.pw
2 mug.criteo.com
2 aax.amazon-adsystem.com notepad.pw
2 gum.criteo.com 1 redirects
2 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev notepad.pw
2 cdn.id5-sync.com notepad.pw
securepubads.g.doubleclick.net
2 syncv4.intentiq.com 1 redirects
2 api.btloader.com notepad.pw
2 api.floors.dev notepad.pw
2 ad-delivery.net
2 cdn.confiant-integrations.net a.pub.network
cdn.confiant-integrations.net
2 fonts.gstatic.com fonts.googleapis.com
2 www.googletagmanager.com notepad.pw
www.googletagmanager.com
2 www.websitepolicies.io 2 redirects
2 wpcc.io 2 redirects
1 odb.outbrain.com widgets.outbrain.com
1 sync.ipredictive.com 1 redirects
1 sync.mathtag.com 1 redirects
1 widget-pixels.outbrain.com notepad.pw
1 tcheck.outbrainimg.com widgets.outbrain.com
1 a.rfihub.com 1 redirects
1 sync.go.sonobi.com 1 redirects
1 s0.2mdn.net 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
1 sync.targeting.unrulymedia.com 1 redirects
1 match.deepintent.com 1 redirects
1 sync.crwdcntrl.net 1 redirects widgets.outbrain.com
1 px.ads.linkedin.com eus.rubiconproject.com
1 aax-eu.amazon-adsystem.com eus.rubiconproject.com
1 dsum.casalemedia.com ssum-sec.casalemedia.com
1 odr.mookie1.com 1 redirects
1 stags.bluekai.com 1 redirects
1 ads.stickyadstv.com 1 redirects
1 ssc-cms.33across.com 1 redirects
1 idsync.rlcdn.com u.openx.net
widgets.outbrain.com
1 tags.rd.linksynergy.com 1 redirects
1 sync-amz.ads.yieldmo.com s.amazon-adsystem.com
1 sync.inmobi.com 1 redirects
1 cs.media.net 1 redirects
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.ca securepubads.g.doubleclick.net
1 google-bidout-d.openx.net oa.openxcdn.net
1 pixel.quantserve.com
1 lb.eu-1-id5-sync.com notepad.pw
1 bcp.crwdcntrl.net notepad.pw
1 rules.quantcount.com secure.quantserve.com
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 cdn.jsdelivr.net securepubads.g.doubleclick.net
1 secure.quantserve.com a.pub.network
1 secure.cdn.fastclick.net notepad.pw
1 sync.intentiq.com 1 redirects
1 ad.doubleclick.net
1 cdn.hadronid.net notepad.pw
1 btloader.com
1 freestar-io.videoplayerhub.com 1 redirects
1 static.adsafeprotected.com notepad.pw
1 d.pub.network notepad.pw
1 fonts.googleapis.com notepad.pw
0 cm.rtbsystem.com Failed widgets.outbrain.com
0 c.bing.com Failed widgets.outbrain.com
0 ssbsync.smartadserver.com Failed widgets.outbrain.com
0 s.ad.smaato.net Failed widgets.outbrain.com
0 ice.360yield.com Failed widgets.outbrain.com
0 loadus.exelator.com Failed widgets.outbrain.com
0 id.geistm.com Failed widgets.outbrain.com
0 ps.eyeota.net Failed widgets.outbrain.com
0 dsp.adfarm1.adition.com Failed widgets.outbrain.com
0 dis.criteo.com Failed widgets.outbrain.com
0 aa.agkn.com Failed widgets.outbrain.com
0 beacon.krxd.net Failed widgets.outbrain.com
0 sync-jp.im-apps.net Failed widgets.outbrain.com
0 dpm.demdex.net Failed widgets.outbrain.com
0 ads.pubmatic.com Failed a.pub.network
0 images.outbrainimg.com Failed
0 mcdp-sadc1.outbrain.com Failed widgets.outbrain.com
0 api.rlcdn.com Failed notepad.pw
322 152
Subject Issuer Validity Valid
notepad.pw
R3
2023-05-06 -
2023-08-04
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-08-03 -
2023-08-02
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
cumbersomecarpenter.com
R3
2023-05-17 -
2023-08-15
3 months crt.sh
d.pub.network
GTS CA 1D4
2023-04-20 -
2023-07-19
3 months crt.sh
cdn.websitepolicies.io
R3
2023-06-03 -
2023-09-01
3 months crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M01
2023-02-24 -
2023-09-04
6 months crt.sh
*.scorecardresearch.com
Sectigo RSA Domain Validation Secure Server CA
2022-12-15 -
2023-12-28
a year crt.sh
optimise.net
GTS CA 1D4
2023-05-26 -
2023-08-24
3 months crt.sh
confiant-integrations.net
GTS CA 1P5
2023-05-25 -
2023-08-23
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
*.hadronid.net
GTS CA 1P5
2023-04-11 -
2023-07-10
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
api.floors.dev
GTS CA 1D4
2023-05-22 -
2023-08-20
3 months crt.sh
api.btloader.com
GTS CA 1D4
2023-04-14 -
2023-07-13
3 months crt.sh
c.pub.network
GTS CA 1D4
2023-04-20 -
2023-07-19
3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01
2023-02-28 -
2024-02-17
a year crt.sh
*.intentiq.com
Amazon RSA 2048 M02
2023-04-11 -
2024-05-08
a year crt.sh
secure.cdn.fastclick.net
DigiCert TLS RSA SHA256 2020 CA1
2022-12-02 -
2023-12-02
a year crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
Amazon RSA 2048 M02
2022-12-27 -
2024-01-25
a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-05-12 -
2023-08-10
3 months crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2022-08-09 -
2023-09-09
a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01
2023-03-16 -
2024-03-08
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4
2022-12-23 -
2024-01-24
a year crt.sh
invstatic101.creativecdn.com
GTS CA 1D4
2023-04-28 -
2023-07-28
3 months crt.sh
oa.openxcdn.net
GTS CA 1D4
2023-05-28 -
2023-08-26
3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M01
2022-11-07 -
2023-12-06
a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-05-23 -
2023-11-15
6 months crt.sh
s2s.t13.io
GTS CA 1D4
2023-05-17 -
2023-08-15
3 months crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2023-03-05 -
2024-04-03
a year crt.sh
esp.rtbhouse.com
GTS CA 1D4
2023-05-17 -
2023-08-15
3 months crt.sh
quantserve.com
R3
2023-04-14 -
2023-07-13
3 months crt.sh
*.id5-sync.com
R3
2023-04-18 -
2023-07-17
3 months crt.sh
*.eu-1-id5-sync.com
R3
2023-04-18 -
2023-07-17
3 months crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01
2023-03-03 -
2024-02-19
a year crt.sh
*.openx.net
GeoTrust RSA CA 2018
2022-07-21 -
2023-08-21
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-04-04 -
2023-09-27
6 months crt.sh
*.google.ca
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
*.google.com
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
casalemedia.com
Go Daddy Secure Certificate Authority - G2
2022-12-13 -
2024-01-13
a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M01
2023-03-01 -
2023-08-12
5 months crt.sh
*.ads.yieldmo.com
Amazon RSA 2048 M01
2023-03-26 -
2024-04-23
a year crt.sh
*.contextweb.com
DigiCert TLS RSA SHA256 2020 CA1
2023-04-10 -
2024-05-09
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2023-05-06 -
2024-05-04
a year crt.sh
*.yellowblue.io
Amazon ECDSA 256 M02
2023-04-18 -
2024-05-16
a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2023-02-21 -
2023-08-16
6 months crt.sh
www.google.com
GTS CA 1C3
2023-05-19 -
2023-08-11
3 months crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01
2023-01-27 -
2024-01-27
a year crt.sh
*.outbrain.com
DigiCert TLS RSA SHA256 2020 CA1
2023-02-09 -
2024-02-11
a year crt.sh
*.outbrainimg.com
DigiCert TLS RSA SHA256 2020 CA1
2023-03-02 -
2024-03-02
a year crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1
2022-09-14 -
2023-10-15
a year crt.sh

This page contains 31 frames:

Primary Page: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Frame ID: 2AF86631B8531A18C1E9A45FCD739412
Requests: 114 HTTP requests in this frame

Frame: https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Gr
Frame ID: 071DD6CB888904BD5D137A921B0C309C
Requests: 3 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&dcc=t
Frame ID: 008F2F5496D643C2CB4A0E483E1C4B0E
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 306115C25B23A1F6937C6B12454F1D41
Requests: 6 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: 19F75100CB9F9B1AF564DE8F73B5F28F
Requests: 5 HTTP requests in this frame

Frame: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 288615AD6D42BFDC4415EDFE9073C7D8
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Frame ID: DC9A14DF7328365FDDC2984219C3352C
Requests: 10 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 114A30F47BC75119EFBBE271F6A20437
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-40b25cSReN4GvyNr7eBfg3UboK5ojvgUu4-lqG0D2A
Frame ID: AE22FA23DF87B8AB69BC5CA0243917FB
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Frame ID: 4D75C22AB6DF4DB6317D014C01429AE2
Requests: 6 HTTP requests in this frame

Frame: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Frame ID: 7452D61C6CFA6E0211706EBCBA0F1031
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: B9C7E2057345BE6EE305127FC00853DF
Requests: 11 HTTP requests in this frame

Frame: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Frame ID: 90E22AA08A3A9AE7ECA1268AC8A5FFD6
Requests: 4 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS02Z0s5T3RWRTJ1TFU1OEN1Vmp2a3IzQkZLZlhNYnl4WH5B
Frame ID: 27C253ABB68C7197DD0D7930D690E28C
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=7815982874283791367&ex=appnexus.com
Frame ID: 07F87808BECF52CA7ADC6B9A2FC735F1
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Frame ID: 0E002058209CE5FA2E9FFD761DCC47D0
Requests: 7 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Frame ID: 34B6FA7C10A64EDA8123E3E99E6F5FB2
Requests: 8 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1210305347838173658572
Frame ID: 7969ECE3909E877E1BA19853422A8497
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: C376852E042681B7E2AB76276DF2CDC1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 8629D0741FA78F8286EE495118CC7E3D
Requests: 2 HTTP requests in this frame

Frame: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Frame ID: 11E8E506C6295EC55922F1E6F1E0324A
Requests: 12 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssWk7Exgja-LLFScISf5dydFDNfEeueYad9Wq26NB27DipEZDo3WPzhovsIsyV1gFTjsBCqAk77CREV62rEX5D2mfA2gAvxeWJqFU4tKlXfvwKdoX_5AjGI73K-i2y5bhUFAMez48kFFD8UZbg6Jm3XB1NwInsVcb_st40byLfgjpnuDiHOHytPpwgxTlY7b25CQF0j3y6J3iuwnuJ7A99QA-hdUgxIE9_nh71eRcTWcvDuyYUWh8tUPvcLIVkufl4wH75AK3H6dvaH57j2d6ncL_5KsyFBhyTaQMvM9rAgkr55TGcTpz7e8SEDRQysBJ9Ulm8M5Tvp1gLwOEJH7vxkqR7ZuM3iQK6JQu1JiaiWW7DiiZZKZeK0&sai=AMfl-YRFlA1uR1DbooehpeW5rTz8G0jCSjpnK8YAR4gowCKOqvzjQY7Vmx8-OnLJGF_977wEyjp66I4tntI_27XgH5RMKcizjAhH-0CMstR-Zizp-u4JrKYxWxKd57Zj_w&sig=Cg0ArKJSzML_E1I4V_gJEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 61E1189CE8149CC91E256A2EC032E4AC
Requests: 14 HTTP requests in this frame

Frame: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 5E16ADC47EDD68F9BE1E46C40D480080
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CObZu_YDEKS-mI8EGLHoktsBMAE&v=APEucNWGYDr-v56KtdHBw4lJanJm7qQDRhX1aSOcf4Fb-DhOYTZW7wD1hhrktydJ7bAjMXOHK_75dE-mwN8QQC8EkKrZ5V4-Nw
Frame ID: E945BBC051556028F1F28C416DE769A7
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 989E01A4D3E1BE60EFFEB47FF679CDA9
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5CD7B968F74061753C8ED7B84167A3C4
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Frame ID: 31D2C350B54F7E31F3391C1A35118A52
Requests: 8 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=d574a69e-d272-437f-a78d-3dfb0ea56701
Frame ID: 202023D96FC72F41EFA0C55618AE90B3
Requests: 1 HTTP requests in this frame

Frame: https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Frame ID: FA6EC63989FDED78022AA83640E44FA7
Requests: 2 HTTP requests in this frame

Frame: https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Frame ID: 2E9E7ED1B0C48FE973A83325BD6C04C2
Requests: 34 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Frame ID: 063D966BC1C1F84E2477B0CE28D9E6CD
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

notepad.pw / uSxZEEteQ7lmCihnRoNJ | The napkin of the internet.

Page URL History Show full URLs

  1. https://notepad.pw/ HTTP 307
    https://notepad.pw/uSxZEEteQ7lmCihnRoNJ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
  • \bangular.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • socket\.io.*\.js

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+ionicons(?:\.min)?\.css

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • cookieconsent\.min\.js

Overall confidence: 100%
Detected patterns
  • widgets\.outbrain\.com/outbrain\.js

Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

322
Requests

62 %
HTTPS

31 %
IPv6

100
Domains

152
Subdomains

82
IPs

7
Countries

1914 kB
Transfer

5450 kB
Size

149
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://notepad.pw/ HTTP 307
    https://notepad.pw/uSxZEEteQ7lmCihnRoNJ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://wpcc.io/lib/1.0.2/cookieconsent.min.css HTTP 301
  • https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.css HTTP 301
  • https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css
Request Chain 13
  • https://wpcc.io/lib/1.0.2/cookieconsent.min.js HTTP 301
  • https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.js HTTP 301
  • https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js
Request Chain 41
  • https://freestar-io.videoplayerhub.com/gallery.js HTTP 301
  • https://btloader.com/tag?h=freestar-io&upapi=true
Request Chain 50
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1686100048867&ns_c=UTF-8&cs_ucfr=&c7=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&c8=notepad.pw%20%2F%20uSxZEEteQ7lmCihnRoNJ%20%7C%20The%20napkin%20of%20the%20internet.&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1686100048867&ns_c=UTF-8&cs_ucfr=&c7=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&c8=notepad.pw%20%2F%20uSxZEEteQ7lmCihnRoNJ%20%7C%20The%20napkin%20of%20the%20internet.&c9=
Request Chain 64
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&tsrnd=280_1686100050828&vrref=notepad.pw&jsver=5.34&abtp=95&abtg=A HTTP 302
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&tsrnd=280_1686100050828&vrref=notepad.pw&jsver=5.34&abtp=95&abtg=A&ripv6=2607:5300:60:7867::8 HTTP 302
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&tsrnd=280_1686100050828&vrref=notepad.pw&jsver=5.34&abtp=95&abtg=A&ripv6=2607:5300:60:7867::8&ckls=true&ci=gB79tSvTxQ&nc=false&trid=319029266
Request Chain 80
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnotepad.pw%2F&domain=notepad.pw&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=CwjDkXwvQ1dXNFR3ZGRGa2FSUDFCcGQ0MHR6d0FLaXdjS2VGTkNWMy9NcWRSQlE0SVpHUVNTUHE3ZThMdWxpT0pLQkRhbDlLb3RvdlEvMnNjWkNXckJaSW9iYWFsR1BtNXB0Q1RRSmVqZFp0UjA1ZU1JQjUvemtEaDhRMnc3R29DU000NGRNUHFKR0JBdVJyQTJoV3Y2Mk1lYm9EN2dHYjFmTkpmU3FPVHFVaFJYbGEvcmpKRC83N09HdHVMdGJUbUp3TFVuU2FDTFJ1RzFWT1JYTXd4Z05Hc2pSSUJDTUxaNjhNNGRXMXYrdWtTRktvPXw&cppv=2
Request Chain 82
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&cttl=43200000 HTTP 302
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&cttl=43200000&ckls=true&ci=Facu28oFEq&nc=false&trid=c59a0162-5b7e-4dc5-b999-b6f064baf9e5
Request Chain 106
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&rid=esp&cc=1
Request Chain 110
  • https://ads.yieldmo.com/pbsync?gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dyieldmo%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
  • https://s2s.t13.io/setuid?bidder=yieldmo&gpp=&gpp_sid=&f=i&uid=gaa9be8318803ee25e3d&gdpr=&gdpr_consent=&us_privacy=
Request Chain 113
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&dcc=t
Request Chain 116
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=963ea554-8ea2-c012-2c6b-135768036e54 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=963ea554-8ea2-c012-2c6b-135768036e54&dcc=t
Request Chain 117
  • https://match.adsrvr.org/track/cmf/openx?oxid=cee8d929-9208-7be8-ec65-91c00030a5b4&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=3cb465a7-33d3-4284-ad3f-52bfa548d86e&ttd_puid=cee8d929-9208-7be8-ec65-91c00030a5b4&gdpr=0&gdpr_consent=
Request Chain 118
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI4NzBhZTMtNWI3Zi0yNTRjLWY5ODUtY2I3OWNhZDI2YmQ0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI4NzBhZTMtNWI3Zi0yNTRjLWY5ODUtY2I3OWNhZDI2YmQ0&google_tc=
Request Chain 119
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL47GtfMt3OFNV9Gh5mSNKQ&google_cver=1
Request Chain 120
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs2s.t13.io%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526gpp%253D%2526gpp_sid%253D%2526f%253Di%2526uid%253D%2524UID HTTP 302
  • https://s2s.t13.io/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=7815982874283791367
Request Chain 131
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D HTTP 302
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=d9b2fb28-39ce-46e8-87db-89c7433cb362
Request Chain 132
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3291016511455375000V10
Request Chain 133
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID HTTP 303
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&_bee_ppp=1 HTTP 303
  • https://s.amazon-adsystem.com/ecm3?id=AACa5U7I_7EAACHSRjBZpw&ex=beeswax.com
Request Chain 134
  • https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=F85E199DA9AF4AFEBDD5457935717FEC&ex=simpli.fi&status=ok
Request Chain 135
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Request Chain 137
  • https://sync.inmobi.com/TAM?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D HTTP 302
  • https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D HTTP 302
  • https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-40b25cSReN4GvyNr7eBfg3UboK5ojvgUu4-lqG0D2A
Request Chain 141
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint HTTP 302
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Request Chain 142
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS02Z0s5T3RWRTJ1TFU1OEN1Vmp2a3IzQkZLZlhNYnl4WH5B
Request Chain 143
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=7815982874283791367&ex=appnexus.com
Request Chain 144
  • https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com HTTP 301
  • https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com HTTP 302
  • https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Request Chain 146
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1210305347838173658572
Request Chain 150
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
  • https://id.rlcdn.com/464246.gif?partner_uid=9b2ea64f-5f4f-4d88-b31c-113339abc46c HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=CPaqHBIvCisIARCUaxokOWIyZWE2NGYtNWY0Zi00ZDg4LWIzMWMtMTEzMzM5YWJjNDZjEAAaDQjTsP-jBhIFCOgHEABCAEoA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=5f0074577ef22fb53c641325bba81aa35e4f54dcd50201559596e69259b07304791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA1ZjAwNzQ1NzdlZjIyZmI1M2M2NDEzMjViYmE4MWFhMzVlNGY1NGRjZDUwMjAxNTU5NTk2ZTY5MjU5YjA3MzA0NzkxNDI2YjU0MTdkY2UyMRAAGgwI07D_owYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA1ZjAwNzQ1NzdlZjIyZmI1M2M2NDEzMjViYmE4MWFhMzVlNGY1NGRjZDUwMjAxNTU5NTk2ZTY5MjU5YjA3MzA0NzkxNDI2YjU0MTdkY2UyMRAAGgwI07D_owYSBAgCEABCAEoA&google_gid=CAESECJxPjyqIV31olLmnnxNVA0&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=a663e10e-13d2-4f94-8c31-661d0b506785
Request Chain 151
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=7815982874283791367
Request Chain 152
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=2923935608525020492&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 153
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=ZH-YUwAPzWGz7QBL HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZH-YUwAPzWGz7QBL&_test=ZH-YUwAPzWGz7QBL
Request Chain 154
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D HTTP 302
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D HTTP 302
  • https://s2s.t13.io/setuid?bidder=grid&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=c16a41c7-4743-4474-9cc0-204cc718bc2e
Request Chain 159
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
Request Chain 160
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LIL0FQ4J-B-K8AN&gdpr=0
Request Chain 161
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
Request Chain 162
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
Request Chain 163
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUQzMDIzQjQtMTE5RS00NEVDLUE1MEYtNzFBRTM1NDJDRDU1&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160648&pmc=1&pr=https%3A%2F%2Fsync-pm.ads.yieldmo.com%2Fsync%3Fpn_id%3Dpub%26id%3D8077D456-AB2D-4723-BFBF-C06A08DCDD97%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
Request Chain 164
  • https://ssc-cms.33across.com/ps/?ri=0015a00002hdV5tAAE&ru=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11580%26puid%3D33XUSERID33X HTTP 302
  • https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212180027127482
Request Chain 165
  • https://ups.analytics.yahoo.com/ups/58760/sync?redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://cs.yellowblue.io/cs?aid=11591&id=y-Q.Kxo2JE2uLjizOvelGTx5e7P77nIJ8X~A&gdpr_in_effect=0
Request Chain 166
  • https://ads.stickyadstv.com/user-matching?id=3663&gdpr=0&gdpr_consent= HTTP 302
  • https://cs.yellowblue.io/cs?aid=11601&id=41e527ed69fd61b2a14b2b5e972d3a&gdpr_consent=&gdpr=0
Request Chain 167
  • https://match.sharethrough.com/universal/v1?supply_id=5926d422&gdpr=0&gdpr_consent= HTTP 302
  • https://cs.yellowblue.io/cs?aid=11587&uid=75edbeff-d036-4ef2-8cfc-787161973880&gdpr=0
Request Chain 168
  • https://us-u.openx.net/w/1.0/cm?id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D HTTP 302
  • https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=26e8c5bf-45e7-46ad-a722-cd52219971f7
Request Chain 172
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo_dbm&google_cm&pn_id=c HTTP 302
  • https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEC1FSczlkcnkioCBFXfWHQs&google_cver=1
Request Chain 173
  • https://ib.adnxs.com/getuid?https://ads.yieldmo.com/v000/sync?userid=$UID&pn_id=an HTTP 302
  • https://ads.yieldmo.com/v000/sync?userid=7815982874283791367&pn_id=an
Request Chain 174
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160648&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160648%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync-pm.ads.yieldmo.com%252Fsync%253Fpn_id%253Dpub%2526id%253D%2523PMUID%2526gdpr%253DPM_GDPR%2526gdpr_consent%253DPM_CONSENT HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160648&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160648%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync-pm.ads.yieldmo.com%252Fsync%253Fpn_id%253Dpub%2526id%253D%2523PMUID%2526gdpr%253DPM_GDPR%2526gdpr_consent%253DPM_CONSENT&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODA3N0Q0NTYtQUIyRC00NzIzLUJGQkYtQzA2QTA4RENERDk3&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160648&pmc=1&pr=https%3A%2F%2Fsync-pm.ads.yieldmo.com%2Fsync%3Fpn_id%3Dpub%26id%3D8077D456-AB2D-4723-BFBF-C06A08DCDD97%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
Request Chain 175
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=yieldmo&ttd_tpi=1&ttd_puid=gaa9be8318803ee25e3d HTTP 302
  • https://ads.yieldmo.com/v000/sync?tdid=3cb465a7-33d3-4284-ad3f-52bfa548d86e
Request Chain 176
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=cTI3S3Rjel82NnlueHpodVVPd3hhUQ&gdpr=0&gdpr_consent= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEDi7cOvTR33x4zPGT8aG7c8&google_cver=1
Request Chain 177
  • https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid= HTTP 302
  • https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=4efd797f2241146a&is_secure=true&networkId=14200&version=1&nuid= HTTP 302
  • https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAHQKxeNNuRYgMzHn6EAAAAAAA&expiration=1686186452&nuid=&is_secure=true
Request Chain 179
  • https://match.adsrvr.org/track/cmf/casale HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&expiration=1688692051&gdpr=0&gdpr_consent=
Request Chain 180
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMKpRVz_4ZvMSe_Cu8hOoW4&google_cver=1
Request Chain 182
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZH-YU0MnngF9U4.-BkqG6QAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
Request Chain 183
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
  • https://stags.bluekai.com/site/23178?id=pDDtIf2CLiRZz_B3Uym4&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3SOVWT6Y3NL5SHG4C7NFSD2MJXEZSXQY3IMFXGOZJ5NFXGIZLYEZSXQ5DFOJXGC3C7OVZWK4S7NFSD24CEIR2ESZRSINGGSUS2PJPUEM2VPFWTI HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3SOVWT6Y3NL5SHG4C7NFSD2MJXEZSXQY3IMFXGOZJ5NFXGIZLYEZSXQ5DFOJXGC3C7OVZWK4S7NFSD24CEIR2ESZRSINGGSUS2PJPUEM2VPFWTI HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=pDDtIf2CLiRZz_B3Uym4
Request Chain 184
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=LoKjzVEo1Q6HE85
Request Chain 185
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB
Request Chain 186
  • https://x.bidswitch.net/sync?ssp=index HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c16a41c7-4743-4474-9cc0-204cc718bc2e&ssp=index&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10594155178242939413&ssp=index&gdpr=&gdpr_consent= HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=&us_privacy=
Request Chain 191
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LIL0FQ4J-B-K8AN HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=LIL0FQ4J-B-K8AN&ex=d-rubiconproject.com&status=ok
Request Chain 192
  • https://ap.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 301
  • https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
  • https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Request Chain 195
  • https://match.adsrvr.org/track/cmf/rubicon HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=&expires=30
Request Chain 196
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDU0OWVlMzY5MjMyODliNDE3ZGNiOTFjNzllZGI0YzFlNWY1NmJjNw
Request Chain 197
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=oPS8lIAWRx618bnc-96EWQ&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oPS8lIAWRx618bnc-96EWQ
Request Chain 199
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/q6rLJtSDn0YmWYhvde3uNA?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VjjyKJRE2oIAXZHmz6bvonDNKGWffulIy1dXJQ--~A
Request Chain 200
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElMMEZRNEotQi1LOEFO HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEExHiYUBpWIWRUB7QLloVNk&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElMMEZRNEotQi1LOEFO&google_push=
Request Chain 201
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBpdWTGKhThx9XXMjoN6vQ&google_cver=1
Request Chain 202
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIL0FQ4J-B-K8AN
Request Chain 208
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=49&3pid=c7gHZ6CzcKcL&ev=1&pid=558511&gdpr_consent=&gdpr=0
Request Chain 209
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1 HTTP 302
  • https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
Request Chain 210
  • https://cms.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=fVtQ9C9XUqFmWlSieQpKp38JUaZmC16nclcTGFUm
Request Chain 211
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=fmx&bsw_custom_parameter=c16a41c7-4743-4474-9cc0-204cc718bc2e HTTP 302
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=fmx&bsw_custom_parameter=c16a41c7-4743-4474-9cc0-204cc718bc2e HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=b83ace26-fe42-4bc8-b3fd-d82479a796c6&user_group=1&ssp=fmx&bsw_param=c16a41c7-4743-4474-9cc0-204cc718bc2e HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
Request Chain 212
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=GxfjdTZHltIVK_yrTUyjYD5o&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
Request Chain 213
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=87&3pid=ba658bda-4254-4c02-9d25-6617f85ca7bf
Request Chain 214
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AACa5U7I_7EAACHSRjBZpw&gdpr=0
Request Chain 215
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253D4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://ce.lijit.com/merge?pid=16&3pid=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=
Request Chain 216
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=80&3pid=LIL0FQ4J-B-K8AN&gdpr=0
Request Chain 217
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D92%263pid%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=92&3pid=7815982874283791367&gdpr=0&gdpr_consent=
Request Chain 219
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
  • https://match.deepintent.com/usersync/129/store?id=&ext1=fmx&ext2=c16a41c7-4743-4474-9cc0-204cc718bc2e HTTP 303
  • https://x.bidswitch.net/sync?expires=720&dsp_id=422&user_id=di_1f23856a56584a64ba710&ssp=fmx&bsw_param=c16a41c7-4743-4474-9cc0-204cc718bc2e HTTP 302
  • https://ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
Request Chain 220
  • https://um.simpli.fi/lj_match?r=1686100052112&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=2&3pid=F85E199DA9AF4AFEBDD5457935717FEC
Request Chain 221
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=GxfjdPZHCg0YPLD4SlG5kJLQ&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
Request Chain 222
  • https://sync.1rx.io/usersync2/rmpssp?sub=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=sovrn&zcc=1&cb=1686100052213 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=1026410282 HTTP 302
  • https://sync.1rx.io/usersync/turn/2923935608525020492?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D97%263pid%3DRX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005 HTTP 302
  • https://ce.lijit.com/merge?pid=97&3pid=RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005
Request Chain 223
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1 HTTP 302
  • https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
Request Chain 236
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1
Request Chain 237
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZH-YU0MnngF9U4.-BkqG6QAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
Request Chain 238
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEOLLJbdNBr9aLWjR52ZKq8o&google_cver=1
Request Chain 239
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgxNTk4Mjg3NDI4Mzc5MTM2Nw%3D%3D
Request Chain 251
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECGA7BP0nNoVW4vtWrz-lzw&google_cver=1&google_push=ATf1kGPqQQ5DzE6BJxtj44Ih1Ni4tzERkkRw95G_zlOd12npue4tQwkhyk6H6ZWKgiCdNHenouc2QCBzyK8_TP3OubS6cr73BQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=ATf1kGPqQQ5DzE6BJxtj44Ih1Ni4tzERkkRw95G_zlOd12npue4tQwkhyk6H6ZWKgiCdNHenouc2QCBzyK8_TP3OubS6cr73BQ&google_hm=plHMFdUmH8QWW6QI48jdQQ
Request Chain 252
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJKgYuK89fUreM2AMDHH8Mk&google_cver=1&google_push=ATf1kGPqKJ-n_Qn63HcbgpKj5qqEFQycG3xMP-9ebrJVGXcHpNi7MDnTSXCBJlHr-VjISK2dshqWhpb1obflX5hyRP-DOntDMQ HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGPqKJ-n_Qn63HcbgpKj5qqEFQycG3xMP-9ebrJVGXcHpNi7MDnTSXCBJlHr-VjISK2dshqWhpb1obflX5hyRP-DOntDMQ&google_hm=cEREdElmMkNMaVJael9CM1V5bTQ=
Request Chain 253
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DATf1kGPZKokfL6pIQOM42P9i23zPBLSbp3Za5riO-mF6fgnViRbaMKEQsxusROmatofrGr_QMrm3S4ITi0Ciev5Fyjh84uDEFQ%26google_hm%3D%5BUID%5D&google_gid=CAESEIci3FR76iaX-6ZydBj7iIA&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=ATf1kGPZKokfL6pIQOM42P9i23zPBLSbp3Za5riO-mF6fgnViRbaMKEQsxusROmatofrGr_QMrm3S4ITi0Ciev5Fyjh84uDEFQ&google_hm=1b415060-9496-48ed-9d03-d65f7cbbcb4b
Request Chain 254
  • https://ads.yieldmo.com/exptsync?google_gid=CAESEJb7s69ubLg66KCD63q7ymU&google_cver=1&google_push=ATf1kGNkEGit7NmUThfElHlBzfwIVtnLEsCpAaedC6nIcThaGB0BTeNexv1fo2GeS9gLJayl8Bw7RmuA62hKjxJ1CwxTj2bNPA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGNkEGit7NmUThfElHlBzfwIVtnLEsCpAaedC6nIcThaGB0BTeNexv1fo2GeS9gLJayl8Bw7RmuA62hKjxJ1CwxTj2bNPA&google_hm=Z2FhOWJlODMxODgwM2VlMjVlM2Q=
Request Chain 255
  • https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEAZ8IkCh5EkrZkUV8UnTrJ4&google_cver=1&google_push=ATf1kGM-w7jJfj0OZ6awIwuqVlbMYRBDd1PvyPOxfGsJMOnsokNCQMMzVC7GLp3obH0wATk1bhnd2a0A2DuB7d9hnbVupRi0KcIo HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NzVlZGJlZmYtZDAzNi00ZWYyLThjZmMtNzg3MTYxOTczODgw&google_push=ATf1kGM-w7jJfj0OZ6awIwuqVlbMYRBDd1PvyPOxfGsJMOnsokNCQMMzVC7GLp3obH0wATk1bhnd2a0A2DuB7d9hnbVupRi0KcIo
Request Chain 256
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMOtcSakTR_3j-l4n14eIN8&google_cver=1&google_push=ATf1kGOWxnI_MKiuGXxBC7pTMiLzTDRLT32JTtIboJbIyf6RkXMR3FAkfiYkWY9gyuAhR3bFlDVUn1wu99aHw0qdzgRiegN_w8TA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOWxnI_MKiuGXxBC7pTMiLzTDRLT32JTtIboJbIyf6RkXMR3FAkfiYkWY9gyuAhR3bFlDVUn1wu99aHw0qdzgRiegN_w8TA&google_hm=NDE4MzUzNDM5Nzc4NzEzMzU3OA==
Request Chain 257
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEPKnbEFd3b-lYLYL2HGzeDY&google_cver=1&google_push=ATf1kGP3KJFaCdBzN7OToRVIf0Roa3j-E2cwbevvV-Tataje-k1F8PrWXMSKUXrKXuDytMjpHEmvvl1zQ75KKURXvoOOBW4Go1E HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGP3KJFaCdBzN7OToRVIf0Roa3j-E2cwbevvV-Tataje-k1F8PrWXMSKUXrKXuDytMjpHEmvvl1zQ75KKURXvoOOBW4Go1E HTTP 302
  • https://onetag-sys.com/match/?int_id=19&google_error=5
Request Chain 268
  • https://aorta.clickagy.com/pixel.gif?ch=4&cm=d166edcc-c072-47a6-9af0-0a81e402ab85&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:f21217002e595075617a00b02bb9c17a
Request Chain 269
  • https://rtb.openx.net/sync/dds HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=Eb5TFTuOwsYKEd130ymfDg==&ox_sc=1&ox_init=1 HTTP 302
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Request Chain 270
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=536872786&val=5f64647f-d855-4a00-b3ff-959a5f67dcd7
Request Chain 271
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID} HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073028&val=69bd76e9-9f3f-4482-8c61-3267af700f91
Request Chain 272
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072977&val=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=

322 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request uSxZEEteQ7lmCihnRoNJ
notepad.pw/
Redirect Chain
  • https://notepad.pw/
  • https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
31 KB
13 KB
Document
General
Full URL
https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
f984088ce31e693a3c993d64dc2ce177c8ffb938e12fded55c75424a013c2103

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 01:07:27 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
fbs
x-hw
1686100047.cds142.fr8.hn,1686100047.cds249.fr8.sc,1686100047.cdn2-redis02-fra1.stackpath.systems.-.wx,1686100047.cds249.fr8.p

Redirect headers

access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 01:07:27 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
pragma
no-cache
server
fbs
x-hw
1686100046.cds142.fr8.hn,1686100046.cds233.fr8.sc,1686100047.waf1-node03-fra02.stackpath.systems.-.wx,1686100047.cds233.fr8.p
css
fonts.googleapis.com/
5 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::200a Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4e6a1772116a9df50a616452fa3b92615fc7617363e1a6e7cc16fc2a2cb8ff1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 06 Jun 2023 23:10:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Jun 2023 01:07:27 GMT
global.css
notepad.pw/content/css/
6 KB
2 KB
Stylesheet
General
Full URL
https://notepad.pw/content/css/global.css?229
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
gzip
last-modified
Mon, 02 Oct 2017 03:48:05 GMT
server
fbs
etag
"59d1b6f5-1821"
x-hw
1686100047.cds142.fr8.hn,1686100047.cds221.fr8.sc,1686100047.waf1-node02-fra02.stackpath.systems.-.wx,1686100047.cds221.fr8.p
content-type
text/css
access-control-allow-origin
*
accept-ranges
bytes
normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/
2 KB
1 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
18003122
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
742
last-modified
Mon, 04 May 2020 16:13:31 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03f2b-8a8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=26PUuw0lrBbVxYxVaELMAayUo608YBUlM7rbK8I3Pnb41oIPgbdqW3wZ4723j1nuCwWEvebN%2F8PbIS5e3O0MnFKCdCdJWCmy45RBWhqXlou2sRcvR9778BaTPdDW%2F4%2FacYdZ0KPk1%2F2IRVmHQf9WOl8N"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff90eb4c7156-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/
50 KB
7 KB
Stylesheet
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3482437
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6642
last-modified
Mon, 04 May 2020 16:11:20 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ea8-c854"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gaa6Aoqj0ZoBo32tkkuoB3dc%2FX9gYN06qcspEB9RdVo8nWNGghfGa994ta1gr2t%2Bl0kxYzWvHeXArXUUWwgSEiVuIjB4TzqVOEIl7G2v8NzZf0oCla02n3Pvxf9i7rrwwUc5eQy25SQsc9K38maTTofT"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff90eb537156-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
logo-dark.png
notepad.pw/content/images/
22 KB
22 KB
Image
General
Full URL
https://notepad.pw/content/images/logo-dark.png
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
last-modified
Thu, 30 Aug 2018 21:59:20 GMT
server
fbs
etag
"5b8868b8-57f4"
x-hw
1686100047.cds142.fr8.hn,1686100047.cds131.fr8.sc,1686100048.waf1-node01-fra02.stackpath.systems.-.wx,1686100048.cds131.fr8.p
content-type
image/png
access-control-allow-origin
*
accept-ranges
bytes
content-length
22516
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/
82 KB
26 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
2875171
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
26646
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-1499c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FPK%2BgFgIo00aYdOf0S%2F4JoZUPp%2FV6BMpU5D3ZYClrfDwJJ4Xt6vwKaxUPuI3DapbEf0rnu8dXXGChdjyouL7uyBZMnJ4B381rxB5RYYpP4ue1Z%2BticJxmYt%2Fyqrg5bYpMIBsz25rX3%2BCaOrp58vDEuvr"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff914c2f7156-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
angular.min.js
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/
156 KB
49 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
627137
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
49420
last-modified
Mon, 04 May 2020 16:04:55 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d27-27130"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJ02hiSNBCo7%2F6fugHeF0x1cHguQ42jIEAGbmJgHIiUWjaQ%2FZr76kR6jO23aOCQe26hIH2QiXV5FyqoDVMJ3U%2BEcmNHc2GOuUwmXPuE7AzU8znjcSYa2ZwogvgMzPdOe3AS8VuuQfKRVre%2BwtZNgq03y"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff9179774bc5-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
angular-cookies.min.js
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/
1 KB
1 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
16910093
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
677
last-modified
Mon, 04 May 2020 16:04:55 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d27-5a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ui6nB26UBr4KXKgp5LcGeh3G3R9N%2FU1spGaiVH%2FryzxFIUbHHU0yBVgRRjRZFu7lrOSOR6%2BksFOU3n1z7xDZAS50kNFIkRyQNdJO%2FHb6dpzDFfNHMlqEbfHzsixlcQWxFT41Lo6iek2FnXKqiqvuSS%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff91c9f24bc5-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
socket.io.min.js
cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/
68 KB
19 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
33980
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
19101
last-modified
Mon, 04 May 2020 16:16:21 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fd5-10ec3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDk8C89JAEk%2FnYsAjciz8Z6VEdfMQuWQPYzdF5C%2FWdw3jHOxmvZWb2W%2FBL9RT6M4cO6CjdHbpBHQxe7N52XEalJfgQ722VOKKQ6OU7nymCZ4nzUKCJvn7pPAfjhoUEBj3YDhvIBuyjbOqXwgY6KYwXoT"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff91ea284bc5-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
app.min.js
notepad.pw/content/js/
8 KB
3 KB
Script
General
Full URL
https://notepad.pw/content/js/app.min.js?366
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
gzip
last-modified
Thu, 30 Aug 2018 22:33:49 GMT
server
fbs
etag
"5b8870cd-2089"
x-hw
1686100047.cds142.fr8.hn,1686100047.cds163.fr8.sc,1686100047.cdn2-redis02-fra1.stackpath.systems.-.wx,1686100047.cds163.fr8.p
content-type
application/javascript
access-control-allow-origin
*
accept-ranges
bytes
store.min.js
cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/
3 KB
2 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
14236255
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
994
last-modified
Mon, 04 May 2020 16:16:28 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fdc-a35"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u0mGhcJVkvIBAfOM09CZ5%2B4hu3nWDwRaOyOkcptBG4bxpsbr3SfxHglG7di9zcBADnRZ8O39q%2BYpKlzdwmjLZI7gHFReOKoL3zGAeJhPuhNdopPQ5MOVemc%2FxtDBEoXnPHlWsEPESiwV%2FujpDgOzD9MP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff92cb7f4bc5-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
clipboard.min.js
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/
11 KB
4 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1311325
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3005
last-modified
Mon, 04 May 2020 16:09:13 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03e29-2aa5"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FnCGVrqrGnglErU8jVOalP1co1mfjkJr0nJ%2B4QNXTdkoBim1DQ6NFlPmK%2FxmwA0MYn8fDk%2Bp9STZN0fywnVYJHAV4K9Veagp0BzW4uc%2F27z58COoHUjrNV0LWbIeedM1PFKZGuM6Z1XOtcSgM%2FsfqPsE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff92eba84bc5-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
cookieconsent.min.css
cdn.websitepolicies.io/lib/cookieconsent/
Redirect Chain
  • https://wpcc.io/lib/1.0.2/cookieconsent.min.css
  • https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.css
  • https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css
4 KB
2 KB
Stylesheet
General
Full URL
https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Server
2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
BunnyCDN-NY1-885 /
Resource Hash
a5e6f8c443f2972a9dc8895ab7376db278062c4972aca7cc3957dc46bddff1ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

expires
Sun, 04 Dec 2022 17:47:52 GMT
date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
885
cdn-cachedat
11/04/2022 17:47:52
cdn-pullzone
403741
alt-svc
h3=":443", h3-29=":443"
x-xss-protection
1; mode=block
last-modified
Fri, 04 Nov 2022 17:45:55 GMT
server
BunnyCDN-NY1-885
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"63654fd3-1023"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JuNlUBio6wR%2F6yuO1e3C5pGBLwk%2FVC1J3qXZf7mSt7CriOMR%2BaJK7jkhQwoAItvD7tl6ts%2F1OpJwcXg1l6a2HGbnaveOeZnd9EzA7CFBYHQ71ALZEwRG0nxu2jUbWlNwmiWGyOx%2BY6qq"}],"group":"cf-nel","max_age":604800}
cdn-uid
16d357c7-5d61-4073-b136-11d78241bb5e
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=2592000
cdn-cache
HIT
cdn-requestid
8986090d27f111d5860bd7c5b383ab71
cf-ray
764f2d626e748c1e-EWR
cdn-requestcountrycode
CA
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True

Redirect headers

date
Wed, 07 Jun 2023 01:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P2e4VygB1gM0kcgSnN3hXukgbshTiqntZtBGigdZNxDPg33XTEOirMOLViBP4K1Wz6oax9TUsZbtRh5L5BaSI%2BdCU0l7TLuwgi0GkVWdKQ0mVITKNmZvX79n5c7BKm1a%2FHJ33CG%2FTEVV%2BSKIBb%2BXKJq2zTvK"}],"group":"cf-nel","max_age":604800}
location
https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css
cache-control
max-age=3600
cf-ray
7d34ff943bda5b5f-IAD
alt-svc
h3=":443"; ma=86400
expires
Wed, 07 Jun 2023 02:07:28 GMT
cookieconsent.min.js
cdn.websitepolicies.io/lib/cookieconsent/
Redirect Chain
  • https://wpcc.io/lib/1.0.2/cookieconsent.min.js
  • https://www.websitepolicies.io/lib/1.0.2/cookieconsent.min.js
  • https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js
13 KB
6 KB
Script
General
Full URL
https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Server
2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
BunnyCDN-NY1-885 /
Resource Hash
73c99e6dcaeb871bb0b4958181aecd48c231c639b3a61230a548d5866ba64748
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-encoding
br
age
408
cdn-pullzone
403741
cdn-proxyver
1.03
etag
W/"62866b77-32cc"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=2592000
cdn-requestcountrycode
CA
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
expires
Thu, 24 Nov 2022 17:58:52 GMT
date
Wed, 07 Jun 2023 01:07:28 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
885
cdn-cachedat
10/25/2022 18:05:40
alt-svc
h3=":443", h3-29=":443"
x-xss-protection
1; mode=block
last-modified
Thu, 19 May 2022 16:08:23 GMT
server
BunnyCDN-NY1-885
cdn-requestpullcode
200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GngVb%2FSgbZXZQa%2FVKFhc0tZ1vqmHbuJYO%2FzS4TmOJGfgRMYO8fiejrJG1lAX5nglZbEfF4xMR9U8nfObv0LJ0pmnUsF9VQroeUiLJ2ORYvREDVJAc4dagt1rz%2Bw2OlTfDU9fF8qpRe4V"}],"group":"cf-nel","max_age":604800}
cdn-uid
16d357c7-5d61-4073-b136-11d78241bb5e
cdn-requestid
36da77deb2e8a6694add20d6e3c67022
cf-ray
75fce1ba4fcdcf0d-SJC
cdn-status
200
cdn-requestpullsuccess
True

Redirect headers

date
Wed, 07 Jun 2023 01:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyYG9ZfHA4x9U9VN%2FMUEllJ2wRLfFZNjaleDMBU0RTTQu8lHVK2TL%2FYGXkDFZ7ZTVyEWRg6S1JDShGCAZaeW01pRkaoUqW2ibF22W8pvV2irC2OcaeLo5nOiweP%2FbjuFwnDObUKEBkAA9F5JnzPEPv%2BUa770"}],"group":"cf-nel","max_age":604800}
location
https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js
cache-control
max-age=3600
cf-ray
7d34ff943bdc5b5f-IAD
alt-svc
h3=":443"; ma=86400
expires
Wed, 07 Jun 2023 02:07:28 GMT
gtm.js
www.googletagmanager.com/
129 KB
50 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-ML9KQJN
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d6c7b602a1154e624f534cd51b19b385fd624a2042ec17a548178a67da71cc18
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50574
x-xss-protection
0
last-modified
Wed, 07 Jun 2023 00:12:10 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 07 Jun 2023 01:07:27 GMT
pubfig.min.js
a.pub.network/notepad-pw/
104 KB
38 KB
Script
General
Full URL
https://a.pub.network/notepad-pw/pubfig.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5988eaae22120f97f63bc18a49f364e7863566e39a3c2151ce6982c171b13237

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
gzip
cf-cache-status
HIT
age
19994
x-guploader-uploadid
ADPycdvWcBqk9PHQwbn28RfkgK5sWi12gw5XhqrVLz0VE9Tx9_LWfrYHvc7Qibyq48ObySHJDLusIJC7O02euOZNmdC815FL_LKL
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
last-modified
Thu, 01 Jun 2023 17:29:45 GMT
server
cloudflare
etag
W/"37da57316391212310f91673b6700d9c"
vary
Accept-Encoding
x-goog-generation
1685640585338186
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=n9moQg==, md5=N9pXMWORISMQ+RZztnANnA==
access-control-expose-headers
*
cache-control
public, max-age=1800
x-goog-stored-content-length
106580
cf-ray
7d34ff933996ca67-YUL
expires
Wed, 07 Jun 2023 01:37:27 GMT
/
notepad.pw/sbbi/ Frame 071D
25 KB
11 KB
Document
General
Full URL
https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Gr&sbbgs=h4335e9a286694cb06a0d40f1cd2663e0c45&ddl=1
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
b1f394404c3edaa9c55d673191a35e6c39af1fb01682181e49e19d6044902c72

Request headers

Referer
https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 01:07:27 GMT
server
fbs
x-accel-expires
0
x-hw
1686100047.cds142.fr8.hn,1686100047.cds217.fr8.sc,1686100047.cdn2-redis01-fra1.stackpath.systems.-.i,1686100047.cds217.fr8.p
/
notepad.pw/sbbi/
43 B
251 B
Image
General
Full URL
https://notepad.pw/sbbi/?sbbpg=utMedia&vii=eh249343d5eec98a125876a639b40cbb70a60a10ed44608f910ced42a6e6134ej0wcy4n5
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-origin
*
x-accel-expires
0
date
Wed, 07 Jun 2023 01:07:27 GMT
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
server
fbs
x-hw
1686100047.cds142.fr8.hn,1686100047.cds270.fr8.sc,1686100047.waf1-node03-fra02.stackpath.systems.-.i,1686100047.cds270.fr8.p
content-type
image/gif
ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/
184 KB
96 KB
Font
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Origin
https://notepad.pw
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:27 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
11470658
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
97438
last-modified
Mon, 04 May 2020 16:11:20 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ea8-2e05c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KE%2FWYXGdyBLAThU1hGvOLsGr7prhyLeHud9gFsQ9rEKad21R2W44%2FqGfPmrlqSz%2Fdt7gapJNIW7AabAZn43%2F6NcwRdeHHXQHllkckbfuHAjBvbuDfKhRSkE7HgGJZ%2FSL%2BffDqTTHyD91axSjeAwdlTlG"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7d34ff931b227148-YUL
expires
Mon, 27 May 2024 01:07:27 GMT
o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v28/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/notosans/v28/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://notepad.pw
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sat, 03 Jun 2023 21:41:17 GMT
x-content-type-options
nosniff
age
271570
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14256
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:19:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 02 Jun 2024 21:41:17 GMT
a3e4bc1a5a7119b0d3893de50a070626dbefe1-prod.js
cumbersomecarpenter.com/scripts/
63 KB
23 KB
Script
General
Full URL
https://cumbersomecarpenter.com/scripts/a3e4bc1a5a7119b0d3893de50a070626dbefe1-prod.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
15917ae3b94b66bc36e1fd8f18752570c3d0d9d64bbfed23764670288b08e791
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
via
1.1 google
date
Wed, 07 Jun 2023 01:07:28 GMT
x-datacenter
gce-us-east1
etag
"d76112874e03aa5e1e0eca6e46a9e1462b2b2689136f4a186f7325ee064c4529"
x-buildname
hoothoot
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-us-east1-mr6f
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
x-buildnumber
879221765
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
init
d.pub.network/v2/
26 KB
5 KB
Fetch
General
Full URL
https://d.pub.network/v2/init?siteId=1413&env=PROD
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
06561bda77a1dd4753097c553958f27be60447681b02526b6c91544b6e8d039e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
gzip
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
content-type
application/json
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
analytics.js
www.google-analytics.com/
51 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-ML9KQJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 07 Jun 2023 00:11:08 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
3380
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Wed, 07 Jun 2023 02:11:08 GMT
js
www.googletagmanager.com/gtag/
223 KB
79 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-0E2CT7YLRP&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-ML9KQJN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1a8919931b8b4ccc1fcb054f13f9fe77de773ffcd4d39c02f2c528b0c6f95552
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
80659
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 07 Jun 2023 01:07:28 GMT
collect
www.google-analytics.com/j/
3 B
204 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=408505991&t=pageview&_s=1&dl=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&ul=en-us&de=UTF-8&dt=notepad.pw%20%2F%20uSxZEEteQ7lmCihnRoNJ%20%7C%20The%20napkin%20of%20the%20internet.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=769174539&gjid=611966756&cid=1878714221.1686100048&tid=UA-153530698-1&_gid=875372470.1686100048&_r=1&_slc=1&gtm=45He3650n81ML9KQJN&z=435236381
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:28 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/
0
56 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-0E2CT7YLRP&gtm=45je3650&_p=408505991&cid=1878714221.1686100048&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1686100048&sct=1&seg=0&dl=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&dt=notepad.pw%20%2F%20uSxZEEteQ7lmCihnRoNJ%20%7C%20The%20napkin%20of%20the%20internet.&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0E2CT7YLRP&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:28 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookieconsent.min.css
cdn.websitepolicies.io/lib/cookieconsent/
4 KB
2 KB
Stylesheet
General
Full URL
https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css
Requested by
Host: wpcc.io
URL: https://wpcc.io/lib/1.0.2/cookieconsent.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
BunnyCDN-NY1-885 /
Resource Hash
a5e6f8c443f2972a9dc8895ab7376db278062c4972aca7cc3957dc46bddff1ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

expires
Sun, 04 Dec 2022 17:47:52 GMT
date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid
885
cdn-cachedat
11/04/2022 17:47:52
cdn-pullzone
403741
alt-svc
h3=":443", h3-29=":443"
x-xss-protection
1; mode=block
last-modified
Fri, 04 Nov 2022 17:45:55 GMT
server
BunnyCDN-NY1-885
cdn-proxyver
1.03
cdn-requestpullcode
200
etag
W/"63654fd3-1023"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JuNlUBio6wR%2F6yuO1e3C5pGBLwk%2FVC1J3qXZf7mSt7CriOMR%2BaJK7jkhQwoAItvD7tl6ts%2F1OpJwcXg1l6a2HGbnaveOeZnd9EzA7CFBYHQ71ALZEwRG0nxu2jUbWlNwmiWGyOx%2BY6qq"}],"group":"cf-nel","max_age":604800}
cdn-uid
16d357c7-5d61-4073-b136-11d78241bb5e
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
max-age=2592000
cdn-cache
HIT
cdn-requestid
2883288aca07fadb11d0d53c1463dcf9
cf-ray
764f2d626e748c1e-EWR
cdn-requestcountrycode
CA
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
skeleton.gif
static.adsafeprotected.com/
43 B
481 B
Image
General
Full URL
https://static.adsafeprotected.com/skeleton.gif?adunitid=dqovp&adnum=741956
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:0:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-amz-version-id
iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
date
Tue, 06 Jun 2023 10:54:06 GMT
via
1.1 92672fff57a11d8cf4f64313a69242d0.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
age
1609339
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
43
last-modified
Mon, 17 Aug 2020 23:55:15 GMT
server
AmazonS3
etag
"45cf913e5d9d3c9b2058033056d3dd23"
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
d8iY-OT531fWyBd9i2Vu7rS6HFmGC--7Mny_-kX3tAGmio3_Bvi1UA==
/
live.notepad.pw/socket.io/
101 B
610 B
XHR
General
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=OYJPFdr
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1ef3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f6b6eac774c17644b4f4816d3039d16137665087c384e5d5b3d4b015fae7949

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 vegur
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LjsX8JGx3U0jJIaueHkU91P4Zk%2F9Z%2Fs7AgcNBWEOYJeoKDhG9n1g0rXOkJaGgnuGlzfR8VKtf1caaxKLASaLacjuEzafmcIBmi3sxnltpMT0azxV1N8UQ0ExOeBEDMdbngkZoQpQ%2BQzaULpgMUA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
cf-ray
7d34ff96eaf4594a-IAD
alt-svc
h3=":443"; ma=86400
content-length
101
/
notepad.pw/sbbi/ Frame 071D
532 B
461 B
Document
General
Full URL
https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Gr&sbbgs=h4335e9a286694cb06a0d40f1cd2663e0c45&ddl=1
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
eebc1e16930f8c02d8df7b36daf1d89122876c974d5599cc37d6f6c4b6c7519d

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://notepad.pw
Referer
https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Gr&sbbgs=h4335e9a286694cb06a0d40f1cd2663e0c45&ddl=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 01:07:28 GMT
server
fbs
x-accel-expires
0
x-hw
1686100048.cds142.fr8.hn,1686100048.cds237.fr8.sc,1686100048.waf1-node01-fra02.stackpath.systems.-.i,1686100048.cds237.fr8.p
/
live.notepad.pw/socket.io/
5 B
293 B
XHR
General
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=OYJPFfj&sid=tBtRCPOIGoDdcaSWAkFJ
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1ef3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 vegur
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fd%2FgfFGasDCRw7pjK7Q6iTtcFd9QPvYBdnYu1l%2B5fxfeS8zatMMQ0Oi7HVFBjH1%2BUwPAEcVAE8LrMxGfiOgdh2%2BcxM5JXP7hVAE5W0fn1FbWaHuTNSHoK7fgnB4On3Y6KTjyEprJS%2FOH%2FoOTodU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
cf-ray
7d34ff973b1c594a-IAD
alt-svc
h3=":443"; ma=86400
content-length
5
/
live.notepad.pw/socket.io/
2 B
503 B
XHR
General
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=OYJPFgQ&sid=tBtRCPOIGoDdcaSWAkFJ
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:1ef3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 vegur
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S4pM2KZl3CBaxBPmi%2FUVDNhP2LOEqmD%2FEjq7NN52hFLCsXFAW2e57cKK0CKUPGpdXCRr9HBmnD%2BmhC04uP4PcBj15E4%2FsTMhNm9B8%2BT6xUpDe5QNdz0jJuyovvmPgnMNdhyBrs8ZpW8oWABtPdQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
cf-ray
7d34ff97784859c8-IAD
alt-svc
h3=":443"; ma=86400
/
live.notepad.pw/socket.io/
4 B
476 B
XHR
General
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=OYJPFgQ.0&sid=tBtRCPOIGoDdcaSWAkFJ
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::6815:1ef3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 vegur
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=krZdrz%2F3UNCtZm%2B3qjC9cQR6uj1XCR1xR30UMkFl1aSrvgUanOopTB%2BSL3IsGS5c2FLE%2F57KgEr8CphvPNDCS%2BKuEORNmlJNZkOSXkWClnFDxcmAksecfvh%2FoLJaQXaURMw7X4l02ag8WNY5zuw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
cf-ray
7d34ff97784959c8-IAD
alt-svc
h3=":443"; ma=86400
content-length
4
beacon.js
sb.scorecardresearch.com/
4 KB
2 KB
Script
General
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-98.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 03:47:08 GMT
content-encoding
gzip
via
1.1 97e44a27a616410da5792d77e9d25f52.cloudfront.net (CloudFront)
last-modified
Thu, 09 Mar 2023 09:22:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
age
76820
x-amz-server-side-encryption
AES256
etag
W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
INDRqix_qcvXF1r9sn4EKCaC4LuWr93NF5c55_kx_P7Ok6AF-oRIfw==
pubfig.engine.js
a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/
447 KB
133 KB
Script
General
Full URL
https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/notepad-pw/pubfig.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
28058f974e5807bfbb316a68d4e32b9d891b9a7eefdd834dd8d52f7bdbb7a261

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
gzip
cf-cache-status
HIT
age
24721
x-guploader-uploadid
ADPycdt8o7zP8ZX5TXr_RmY5uMEGWzEsjFyKuJ8N7VfggxD9llMfj_p0qceTwhonMi0OazHMMoNdnmkPDpV90DxeSpPPq0l8gTdA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Thu, 01 Jun 2023 16:50:11 GMT
server
cloudflare
etag
W/"25e8c27c0476c5103ecc21c8c8437c39"
vary
Accept-Encoding
x-goog-hash
crc32c=lqzNcA==, md5=JejCfAR2xRA+zCHIyEN8OQ==
x-goog-generation
1685638211607924
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
457287
cf-ray
7d34ff977fa6ca67-YUL
expires
Wed, 07 Jun 2023 02:07:28 GMT
o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v28/
14 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/notosans/v28/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c2a54278c4cb87438f4a1c73242d727fc3eea82dc59abb393dd3937b17ce1d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://notepad.pw
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Sat, 03 Jun 2023 07:11:05 GMT
x-content-type-options
nosniff
age
323783
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14100
x-xss-protection
0
last-modified
Wed, 26 Apr 2023 23:32:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 02 Jun 2024 07:11:05 GMT
/
notepad.pw/sbbi/ Frame 071D
7 KB
3 KB
Document
General
Full URL
https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Gr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
fbs /
Resource Hash
a30596690396eb97e9bcc62ba28042f9256665c41526ce5ddab8e6ce935b1e54

Request headers

Referer
https://notepad.pw/sbbi/?sbbpg=sbbShell&gprid=Gr&sbbgs=h4335e9a286694cb06a0d40f1cd2663e0c45&ddl=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 07 Jun 2023 01:07:28 GMT
server
fbs
x-accel-expires
0
x-hw
1686100048.cds142.fr8.hn,1686100048.cds324.fr8.sc,1686100048.waf1-node02-fra02.stackpath.systems.-.i,1686100048.cds324.fr8.p
/
optimise.net/ Frame
0
0
Preflight
General
Full URL
https://optimise.net/?k=0&d=notepad.pw&t=desktop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.152.111.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
access-control-allow-origin
https://notepad.pw
access-control-expose-headers
fs-client-rtt
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Wed, 07 Jun 2023 01:07:28 GMT
expires
0
fs-client-rtt
10
pragma
no-cache
strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
/
optimise.net/
539 B
564 B
Fetch
General
Full URL
https://optimise.net/?k=0&d=notepad.pw&t=desktop
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.152.111.34.bc.googleusercontent.com
Software
/
Resource Hash
e9fe5d51a31188be5d39bf8f8b1e454068933ac1b96f073fd399d76afd4627ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
date
Wed, 07 Jun 2023 00:38:11 GMT
fs-client-rtt
12
age
1757
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
539
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
content-type
application/json
access-control-allow-origin
https://notepad.pw
access-control-expose-headers
fs-client-rtt
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization
expires
0
config.js
cdn.confiant-integrations.net/qaKtxuL1KR_2Tfmz0NmPaAudsBc/gpt_and_prebid/
81 KB
19 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/qaKtxuL1KR_2Tfmz0NmPaAudsBc/gpt_and_prebid/config.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:99f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d47ab8b853eb7bc984b66b4ab30a1c214fe6bd59bcc40c2744476b337ba8ab56

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 07 Jun 2023 00:11:34 GMT
server
cloudflare
x-amz-request-id
1YHD28C4C9XNE5Y2
age
382
etag
W/"2e0b80624019e17fe75ac1fd53f18274"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
7d34ff98491133ef-YUL
alt-svc
h3=":443"; ma=86400
x-amz-id-2
O3T3qkswJcDFSp4eI+nlxQMTDgMKiLbzJ1wYeeHy2nk6ZTsu8dMRdrw+NuATE+p6+QpD26mFboU=
gpt.js
www.googletagservices.com/tag/js/
76 KB
25 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e92773045a6b526ce37b536c557e0cf9728c71a3b60ce7cb3f2060982754e3d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25524
x-xss-protection
0
server
cafe
etag
174 / 19515 / 31075092 / config-hash: 5032195517386799799
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 07 Jun 2023 01:07:28 GMT
tag
btloader.com/
Redirect Chain
  • https://freestar-io.videoplayerhub.com/gallery.js
  • https://btloader.com/tag?h=freestar-io&upapi=true
475 KB
82 KB
Script
General
Full URL
https://btloader.com/tag?h=freestar-io&upapi=true
Protocol
H2
Server
2606:4700:20::681a:78b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86ad42807f9939d3efabe3a79f19916fb9bcf014212ee9d169fa58c24e2a0fd6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 07 Jun 2023 00:51:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
926
etag
W/"05e6e4187798fed887cc5c00c259cde8"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m7dk8uLL2lekiMTEg0OmDBXD%2FUeEftTXHIsAP8b51oMFO1%2BeirHz3daGXyzK8RtFpWgOVl6CEw%2FgZDpWem3M%2BVn6fCQO0lLCU%2F1uNc9nmL2Wz5j5h5IwlbTNS%2B5OAAtaO51NRYjrujjGKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray
7d34ff994bf15934-IAD

Redirect headers

date
Wed, 07 Jun 2023 01:07:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VXNtJGpGTLXVXG7QyYy0RJYI1ajf16gIJegJqliIGT3A1pgcaIHPl5jAhYn655EJH%2Fn8NbeYD0IPSGdAs1RfKJN0qpc5kZAewN1dKNUS7YB%2FO0elXkFwAMV5P%2FadzEW6x8zlqquLAaXfjgYs8c9yGwGnHNZKxww2HJxd7g%3D%3D"}],"group":"cf-nel","max_age":604800}
location
https://btloader.com/tag?h=freestar-io&upapi=true
cache-control
max-age=3600
cf-ray
7d34ff98acc65b58-IAD
expires
Wed, 07 Jun 2023 02:07:28 GMT
hadron.js
cdn.hadronid.net/
55 KB
10 KB
Script
General
Full URL
https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&ref=&_it=freestar&partner_id=474
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:246e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9e9d6c9d3b76ddbbaf7cd44bbcb5e7c0eb9cdb69bb4c3895117f2341474b75f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 22 May 2023 16:51:11 GMT
server
cloudflare
x-amz-request-id
CYR3MH29WZT1YS7G
age
6859
etag
W/"82b3b53182a6a8dbe6684806275e839a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
cf-ray
7d34ff98ada85a39-IAD
x-amz-id-2
pr+Q8VZpaGu8DMcuENZeqcR0lrPEBfaCAARteKZNkCZ9cp1Mx8GlJmbnFEfNaQF40cm7aA9jb9o=
prebid-analytics-7.48.2.js
a.pub.network/core/
593 KB
192 KB
Script
General
Full URL
https://a.pub.network/core/prebid-analytics-7.48.2.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a7468c8590db5b9d0bf5301cbe0f6ab2825cd7425b8afdf0fc1f219cddfea50

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
gzip
cf-cache-status
HIT
age
24720
x-guploader-uploadid
ADPycdspwLMpBWvb7pq9bDqVGpyxkgc3h075k6UWoLX8rQBn7h66cayXgCynnGAhbWccJUcuO_2gz7Mk3D96Sfxlj0cmRgvdcMZB
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Wed, 31 May 2023 19:58:10 GMT
server
cloudflare
etag
W/"d9426714d573a19f2e5851f8dba89346"
vary
Accept-Encoding
x-goog-hash
crc32c=9WAIIw==, md5=2UJnFNVzoZ8uWFH426iTRg==
x-goog-generation
1685563090540655
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
x-goog-stored-content-length
607426
cf-ray
7d34ff982862ca67-YUL
expires
Thu, 08 Jun 2023 01:07:28 GMT
3b7a75132e38e0e31cfe3dec6a6597bb06a95872f4206670382bc7
cumbersomecarpenter.com/confirm/
198 B
225 B
Fetch
General
Full URL
https://cumbersomecarpenter.com/confirm/3b7a75132e38e0e31cfe3dec6a6597bb06a95872f4206670382bc7
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
71def38900e14a55588ad551dfaff69945e688e5b5e7419d2e95fd3b0ab08e8d
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 google
x-buildnumber
879221765
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
198
x-datacenter
gce-us-east1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://notepad.pw
x-hostname
fen-hoothoot-us-east1-mr6f
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires
Wed, 07 Jun 2023 01:07:27 GMT
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202305161109/
247 KB
76 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202305161109/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/qaKtxuL1KR_2Tfmz0NmPaAudsBc/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:99f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9b8757ef83403b67a3f6d10da0c8f4259179fe48a775020aeb65ab9e1791cc3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 16 May 2023 15:12:41 GMT
server
cloudflare
x-amz-request-id
FT4HVGQB7CCRFX0J
age
1846068
etag
W/"c445da83949e16f2c7f56d37a9f719f0"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7d34ff98898f33ef-YUL
alt-svc
h3=":443"; ma=86400
x-amz-id-2
nO4SmJlCFWE3tYLd1eHTnRzftKXrxOvU4kwqYbbPBc9j7s8g5EWJxiHO9/oA0MLoZxzVGL5i6BU=
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/
406 KB
126 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d69c318c5a18ce860870df13878596d3d7bb7efd57b77a0f32b5478d1cfe1c52
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 10:41:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
51967
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128351
x-xss-protection
0
server
cafe
etag
10410007902637205610
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Wed, 05 Jun 2024 10:41:21 GMT
hadron.json
id.hadron.ad.gt/v1/ Frame
0
0
Preflight
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=notepad.pw&url=https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST, OPTIONS, GET
cache-control
max-age=31536000 public, no-transform
cf-cache-status
DYNAMIC
cf-ray
7d34ff99bbb75a52-IAD
content-length
0
content-type
application/json
date
Wed, 07 Jun 2023 01:07:28 GMT
debug
OPTIONS block
expires
Thu, 06 Jun 2024 01:07:28 GMT
server
cloudflare
hadron.json
id.hadron.ad.gt/v1/
95 B
310 B
XHR
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=freestar&partner_id=474&sync=0&domain=notepad.pw&url=https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49552038fd4b93a14b230f5cc664423ae4d787a17ad159568af0baf240adf538

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:29 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
private,max-age=30
access-control-allow-credentials
true
debug
NON-OPTIONS
access-control-allow-headers
authorization
cf-ray
7d34ff9a3c305a52-IAD
0fa0661f3fcf9f9c18a1639690c226c0bd9439a6a05865bd9499b3
cumbersomecarpenter.com/
3 B
27 B
Fetch
General
Full URL
https://cumbersomecarpenter.com/0fa0661f3fcf9f9c18a1639690c226c0bd9439a6a05865bd9499b3
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 google
x-buildnumber
879221765
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
x-datacenter
gce-us-east1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://notepad.pw
x-hostname
fen-hoothoot-us-east1-mr6f
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1686100048867&ns_c=UTF-8&cs_ucfr=&c7=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&c8=notepad.pw%20%2F%20u...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1686100048867&ns_c=UTF-8&cs_ucfr=&c7=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&c8=notepad.pw%20%2F%20...
0
225 B
Image
General
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1686100048867&ns_c=UTF-8&cs_ucfr=&c7=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&c8=notepad.pw%20%2F%20uSxZEEteQ7lmCihnRoNJ%20%7C%20The%20napkin%20of%20the%20internet.&c9=
Protocol
H2
Server
18.164.116.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-98.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 97e44a27a616410da5792d77e9d25f52.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P6
x-amz-cf-id
GrjhU7XKEZYM3eCu1sFjIFc6zy9RntslDKBuizWrS2-Tat3TaXZbgQ==
x-cache
Miss from cloudfront

Redirect headers

date
Wed, 07 Jun 2023 01:07:28 GMT
via
1.1 97e44a27a616410da5792d77e9d25f52.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
location
/b2?c1=2&c2=23384447&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1686100048867&ns_c=UTF-8&cs_ucfr=&c7=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&c8=notepad.pw%20%2F%20uSxZEEteQ7lmCihnRoNJ%20%7C%20The%20napkin%20of%20the%20internet.&c9=
content-length
0
x-amz-cf-id
Adh-lnT0I-TsPK2aosse4FXueli4E_BK29VEcUhxtZkq6-PfeHQvqA==
px.gif
ad-delivery.net/
43 B
863 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
494901
x-guploader-uploadid
ADPycdtOSeUQd3aIMKuh3JXZx2LGFUxNplUM1Qv91zdxmw6eN5SU4HvBMQ3m4EN2UOP9rT0yNC0YjAuxPBFysiLKAna7sA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HpfmEQJxk1K56YBAF7TxkymRiX17KLKQqzcuL6%2BKqkhmDTFdhpVhU%2BmvE8bsuKgv7G%2BmtFr4CL3Y2FD3BFgOXiUr4GEUnnaOLRywMa6pcZYB01maNmd7Ct8ltiqFbQPPmF0c5aG5kSMfHxw4fg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
7d34ff9a6ec6177e-IAD
expires
Thu, 08 Jun 2023 01:07:29 GMT
favicon.ico
ad.doubleclick.net/
1 KB
571 B
Image
General
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.198 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:10:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
14219
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Wed, 07 Jun 2023 21:10:30 GMT
px.gif
ad-delivery.net/
43 B
338 B
Image
General
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.7911725170465442
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:29 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
494901
x-guploader-uploadid
ADPycdtOSeUQd3aIMKuh3JXZx2LGFUxNplUM1Qv91zdxmw6eN5SU4HvBMQ3m4EN2UOP9rT0yNC0YjAuxPBFysiLKAna7sA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3M%2FUWdSOBNrXpyLgTX5AAIolH5RrQ9tfO6V7hBSJ4s5IdmvgCTTL%2BjWftNedKO8PyeBPUWtA4pQH%2BY08k0cfLPHhoCI6y8KLnFOyu4AsATgE0jWqPMNj0DfjKa3mGFYwIB5YrgFmsbDztrJiQA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
7d34ff9a6ec7177e-IAD
expires
Thu, 08 Jun 2023 01:07:29 GMT
floors
api.floors.dev/sgw/v1/ Frame
0
0
Preflight
General
Full URL
https://api.floors.dev/sgw/v1/floors
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.128.112 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
112.128.160.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-api-key
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
access-control-allow-origin
https://notepad.pw
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Wed, 07 Jun 2023 01:07:29 GMT
expires
0
pragma
no-cache
strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
floors
api.floors.dev/sgw/v1/
889 B
910 B
Fetch
General
Full URL
https://api.floors.dev/sgw/v1/floors
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.128.112 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
112.128.160.34.bc.googleusercontent.com
Software
/
Resource Hash
cf2bfd3d70c08597ae7544a00faede24fe517518beaf3c756fd23e977cb35961
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
x-api-key
4e799501-b8b6-4ef1-bad5-225b3dd1aa8d
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:30 GMT
strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
access-control-max-age
3600
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
content-type
application/json
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization, x-api-key
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
country
api.btloader.com/
16 B
194 B
Fetch
General
Full URL
https://api.btloader.com/country
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
8bd69d0dddab8bc553263c254faad469c2a3e08bfb0b737e763f7feabe571225

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:29 GMT
via
1.1 google
vary
Origin
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=300, stale-while-revalidate=600, stale-if-error=600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
pv
api.btloader.com/
0
66 B
XHR
General
Full URL
https://api.btloader.com/pv?tid=B3olVDXj&w=5697845637152768&o=5714937848528896&cv=2.1.12-7-gb1eec29&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&sid=RSqZqoIqQW&upapi=true
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.23.194 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
194.23.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-origin
*
date
Wed, 07 Jun 2023 01:07:29 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
vary
Origin
analytics.min.js
a.pub.network/core/analytics/1.1.1/
13 KB
5 KB
Script
General
Full URL
https://a.pub.network/core/analytics/1.1.1/analytics.min.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56962bc48f2acb175c71b59298782cc1e841afb9f725986955105139e52078e9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:29 GMT
content-encoding
gzip
cf-cache-status
HIT
age
24721
x-guploader-uploadid
ADPycduoTmLX5_0I7QT1NKVxEgz-XCkRfVzK6bLPtrWMOZITj8S9t5ecbJpk6zbJgFcSSMQjmw1FLatRLN80cDHeXW6sXA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Tue, 21 Mar 2023 16:29:06 GMT
server
cloudflare
etag
W/"9faa51c72267d7040ea861c2a59c266f"
vary
Accept-Encoding
x-goog-hash
crc32c=Yy7HVA==, md5=n6pRxyJn1wQOqGHCpZwmbw==
x-goog-generation
1679416146332026
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
13155
cf-ray
7d34ff9e6889ca67-YUL
expires
Wed, 07 Jun 2023 02:07:29 GMT
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://notepad.pw
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 07 Jun 2023 01:07:30 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
4c7b884f7ad813ab071f360126fe9457cd75ff86ccee28c672a9bc04777c9a5c

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:30 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
apstag.js
c.amazon-adsystem.com/aax2/
228 KB
56 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.108.196 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-108-196.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e5455fe11eef6ea9da6fd8b89ec7d0376cf18b8d863a31fd6f4e13225055049a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 00:15:44 GMT
content-encoding
gzip
via
1.1 c35f767218cbd1125d801b52fa785c8c.cloudfront.net (CloudFront), 1.1 931eba134e92940e6c080405fee84c64.cloudfront.net (CloudFront)
last-modified
Mon, 22 May 2023 19:17:48 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3, JFK50-P6
age
3107
x-amz-server-side-encryption
AES256
etag
W/"164d5b26a12963e375c4bac3b8c240e8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-id
Xpw659SF9ddyEN2F6lOFFlfHhCS3LJlNM4gJIzqUO86nDn3uEfZSQQ==
IIQUniversalID.js
a.pub.network/core/intentIQ/20221212/
50 KB
11 KB
Script
General
Full URL
https://a.pub.network/core/intentIQ/20221212/IIQUniversalID.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:15ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffe6df855df9c4400aba3d207778f8bd6d901f504eb04b59563af178a3fc8167

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:30 GMT
content-encoding
gzip
cf-cache-status
HIT
age
24722
x-guploader-uploadid
ADPycdtDytSzokQk4zSGgjBnNJFXh2Jay_rfoWlTUwBnYTUyuH3iPqcTM1wkusSJKSCxWR2lbTaiSRmm_23KzAnyA9Mepf4VXuDN
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
last-modified
Mon, 12 Dec 2022 17:21:03 GMT
server
cloudflare
etag
W/"e8c1710cf2b1133bdc7a544516a77279"
vary
Accept-Encoding
x-goog-generation
1670865663919795
content-type
text/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=HDHmSg==, md5=6MFxDPKxEzvcelRFFqdyeQ==
access-control-expose-headers
*
cache-control
public, max-age=3600
x-goog-stored-content-length
51441
cf-ray
7d34ffa579a2ca67-YUL
expires
Wed, 07 Jun 2023 02:07:30 GMT
ProfilesEngineServlet
api.intentiq.com/profiles_engine/
92 B
924 B
XHR
General
Full URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&jsver=5.34&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&iiqcallcount=0&iiqfailcount=0&iiqnodata=false&iiqlocalstorageenabled=true&tsrnd=669_1686100050827&cttl=43200000&rrtt=0&dud=0&abtg=A&iiqppcc=0&vrref=notepad.pw
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.34.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-34-62.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
9da0fed77a1053951bc483aa73ea62fb3804786473defd3fb401678489608e7a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 ea5efad48fd2ca3e2050f885ef5ad57c.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
patent
https://www.almondnet.com/ip
alt-svc
h3=":443"; ma=86400
pragma
no-cache
server
Apache-Coyote/1.1
vary
Origin
access-control-allow-methods
POST, GET
content-type
text/html
access-control-allow-origin
https://notepad.pw
access-control-max-age
3600
access-control-allow-credentials
true
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Accept, X-Requested-With, remember-me
x-amz-cf-id
e6vE90oNMwb1Y9DL31dfwV5GINXQh7DvMpQ6ztIcLHNLlYbEKUMEKA==
expires
Thu, 01 Jan 1970 00:00:00 GMT
ProfilesEngineServlet
syncv4.intentiq.com/profiles_engine/
Redirect Chain
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&tsr...
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&t...
  • https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&t...
43 B
958 B
Image
General
Full URL
https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&tsrnd=280_1686100050828&vrref=notepad.pw&jsver=5.34&abtp=95&abtg=A&ripv6=2607:5300:60:7867::8&ckls=true&ci=gB79tSvTxQ&nc=false&trid=319029266
Protocol
H2
Server
108.139.47.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-47-49.jfk50.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 043cf9310ff19c0e58a0b6e76877f570.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
JFK50-P1
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=86400
content-length
43
x-amz-cf-id
Pw7leDYRfXiz2qCv2ql_dqo6I4cSKHrYI2ULkvLm9xOd1kBYPF3GHw==
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 043cf9310ff19c0e58a0b6e76877f570.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-amz-cf-pop
JFK50-P1
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location
https://syncv4.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=1434517136&rnd=926995&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&iiqpciddate=1686100050827&tsrnd=280_1686100050828&vrref=notepad.pw&jsver=5.34&abtp=95&abtg=A&ripv6=2607:5300:60:7867::8&ckls=true&ci=gB79tSvTxQ&nc=false&trid=319029266
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
patent
https://www.almondnet.com/ip
alt-svc
h3=":443"; ma=86400
content-length
43
x-amz-cf-id
sdw0YSNRt7P9OPiMGWJAeCexxZfOZueZTjYP_2UPFpQ6Dl8VpTmvJQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
config
c.amazon-adsystem.com/cdn/prod/
1 KB
1 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fnotepad.pw&pubid=0ab198dd-b265-462a-ae36-74e163ad6159
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.108.196 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-108-196.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
e3f5130c846dd2b8362310a320f23c7f7969ac5cc50143e5d39ec4355a498597

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:21:20 GMT
via
1.1 931eba134e92940e6c080405fee84c64.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P6
age
13570
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://notepad.pw
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
1037
x-amz-cf-id
Kmxz1yXlDwk5-QsLNGoZ9XF3zDL8c1rxDAxcQrO_lEKklYrY4wQJ2g==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.108.196 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-108-196.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-amz-version-id
Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding
gzip
via
1.1 5a588475f9a075d76c33229107634f8e.cloudfront.net (CloudFront)
date
Wed, 07 Jun 2023 01:07:32 GMT
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
last-modified
Fri, 26 May 2023 01:35:48 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
aWYf3kc6enOTBMhc3afWiPXH6N3BE5qviWVZ5Z4465AFXc4tiEZKGQ==
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/
54 KB
17 KB
Script
General
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.64.21.88 London, United Kingdom, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-64-21-88.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
last-modified
Mon, 23 Jan 2023 19:40:17 GMT
server
Apache
etag
"d734-5f2f3919e751f-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17407
expires
Wed, 07 Jun 2023 01:22:31 GMT
id5-api.js
cdn.id5-sync.com/api/1.0/
58 KB
17 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ffd682978600218b840e3c6f9aeee91c676f7867e43723056e5873043332cb7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 06 Jun 2023 14:15:50 GMT
server
cloudflare
x-amz-request-id
MNT8HRGGNJPC89ZN
age
3254
etag
W/"bd84c027369eea0cf742a8ca6f03b75c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
7d34ffa7ffdd17b8-IAD
x-amz-id-2
YFREhi0Ft4tGjOSHXRlbIhSvSYzCJElcgUmX+NimIbq/2rlZj6lnvPBzvL5FHEnUdEYI+MfGOMSn2KNT8Lomww==
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/
0
455 B
XHR
General
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.132.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-132-19.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Wed, 07 Jun 2023 01:07:31 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame
0
0
Preflight
General
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.211.132.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-132-19.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
rtd
id.hadron.ad.gt/api/v1/ Frame
0
0
Preflight
General
Full URL
https://id.hadron.ad.gt/api/v1/rtd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
7d34ffa73f0e5a52-IAD
content-length
0
content-type
application/json
date
Wed, 07 Jun 2023 01:07:31 GMT
debug
rtd-nx-ny
server
cloudflare
rtd
id.hadron.ad.gt/api/v1/ Frame
0
0
Preflight
General
Full URL
https://id.hadron.ad.gt/api/v1/rtd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
cf-cache-status
DYNAMIC
cf-ray
7d34ffa74f115a52-IAD
content-length
0
content-type
application/json
date
Wed, 07 Jun 2023 01:07:31 GMT
debug
rtd-nx-ny
server
cloudflare
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnotepad.pw%2F&domain=notepad.pw&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 07 Jun 2023 01:07:30 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
401580
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
quant.js
secure.quantserve.com/
22 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/pubfig/aad127a7a07479f79ad2ca704a251a5d6f32cb6d/pubfig.engine.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:1456:d0e1:7db4:a56b , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
etag
"sLp6xTjO7svFVaOemhLWUQ=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Wed, 14 Jun 2023 01:07:31 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/svg+xml
bid
aax.amazon-adsystem.com/e/dtb/
221 B
657 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&pid=xeR92MfZSFo1X&cb=0&ws=1600x1200&v=23.517.1921&t=1000&slots=%5B%7B%22sd%22%3A%22notepad_970x90_728x90_320x50_Sticky%22%2C%22s%22%3A%5B%221x1%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_Sticky%22%7D%5D&schain=1.0%2C1!freestar.com%2C1070%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22060dg9iefi9ld8dfc9glgge7hc6bjaiica7kq6unou60k4koi6q0qqm2ti0gweuui%22%7D%7D
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.98.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-98-157.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
d8e6a9b3d33e6cc38a76282cc624bb880c06d512313beb690881bcb98e78c9e7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 b5fe18267507cb61755963d8928a60f4.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-amz-rid
V61MCHWPTSYM8M5F9EGR
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
timing-allow-origin
*
content-length
221
x-amz-cf-id
88B4AsH8q1x6jxEyBncyl4c7WG0X5CA-QXbdLLkoblDY9J0qWNIb1w==
bid
aax.amazon-adsystem.com/e/dtb/
221 B
657 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&pid=xeR92MfZSFo1X&cb=1&ws=1600x1200&v=23.517.1921&t=1000&slots=%5B%7B%22sd%22%3A%22notepad_970x90_728x90_320x50_320x100_ATF%22%2C%22s%22%3A%5B%22468x60%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F15184186%2C3281838%2Fnotepad_970x90_728x90_320x50_320x100_ATF%22%7D%5D&schain=1.0%2C1!freestar.com%2C1070%2C1%2C%2C%2C&pubid=0ab198dd-b265-462a-ae36-74e163ad6159&gdprl=%7B%22status%22%3A%22no-cmp%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22060dg9iefi9ld8dfc9glgge7hc6bjaiica7kq6unou60k4koi6q0qqm2ti0gweuui%22%7D%7D
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.98.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-98-157.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
6b4b1eb81b3ccc816c9daf9c0c95f7be3d060cb879f7095745c32b47031ad6c7
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 b5fe18267507cb61755963d8928a60f4.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-amz-rid
P6K0N0QJH8SDH2FN7151
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
timing-allow-origin
*
content-length
221
x-amz-cf-id
g09wOb50BwVu5qhHXLcmjSrfutt-FyG8doUxsCpLmljx6VnDHQgsgA==
rtd
id.hadron.ad.gt/api/v1/
27 B
82 B
XHR
General
Full URL
https://id.hadron.ad.gt/api/v1/rtd
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33c1ab6a01b4049878497c2874d8cbb72e14ee7cf14fafec3c09b45f9874b67e

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
debug
rtd-nx-ny
access-control-allow-headers
*
content-length
27
cf-ray
7d34ffa79f5f5a52-IAD
rtd
id.hadron.ad.gt/api/v1/
27 B
85 B
XHR
General
Full URL
https://id.hadron.ad.gt/api/v1/rtd
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33c1ab6a01b4049878497c2874d8cbb72e14ee7cf14fafec3c09b45f9874b67e

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
cf-cache-status
DYNAMIC
server
cloudflare
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
*
debug
rtd-nx-ny
access-control-allow-headers
*
content-length
27
cf-ray
7d34ffa79f625a52-IAD
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fnotepad.pw%2F&domain=notepad.pw&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=CwjDkXwvQ1dXNFR3ZGRGa2FSUDFCcGQ0MHR6d0FLaXdjS2VGTkNWMy9NcWRSQlE0SVpHUVNTUHE3ZThMdWxpT0pLQkRhbDlLb3RvdlEvMnNjWkNXckJaSW9iYWFsR1BtNXB0Q1RRSmVqZFp0UjA1ZU1JQjUvemtEaDhRMn...
356 B
648 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=CwjDkXwvQ1dXNFR3ZGRGa2FSUDFCcGQ0MHR6d0FLaXdjS2VGTkNWMy9NcWRSQlE0SVpHUVNTUHE3ZThMdWxpT0pLQkRhbDlLb3RvdlEvMnNjWkNXckJaSW9iYWFsR1BtNXB0Q1RRSmVqZFp0UjA1ZU1JQjUvemtEaDhRMnc3R29DU000NGRNUHFKR0JBdVJyQTJoV3Y2Mk1lYm9EN2dHYjFmTkpmU3FPVHFVaFJYbGEvcmpKRC83N09HdHVMdGJUbUp3TFVuU2FDTFJ1RzFWT1JYTXd4Z05Hc2pSSUJDTUxaNjhNNGRXMXYrdWtTRktvPXw&cppv=2
Protocol
H2
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
323058a0aa254af268a274e6bc5216bbdcdc827c009c6478dcf511e9b65b14e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
1671200
expires
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:30 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
access-control-allow-methods
GET
access-control-allow-origin
https://notepad.pw
location
https://mug.criteo.com/sid?cpp=CwjDkXwvQ1dXNFR3ZGRGa2FSUDFCcGQ0MHR6d0FLaXdjS2VGTkNWMy9NcWRSQlE0SVpHUVNTUHE3ZThMdWxpT0pLQkRhbDlLb3RvdlEvMnNjWkNXckJaSW9iYWFsR1BtNXB0Q1RRSmVqZFp0UjA1ZU1JQjUvemtEaDhRMnc3R29DU000NGRNUHFKR0JBdVJyQTJoV3Y2Mk1lYm9EN2dHYjFmTkpmU3FPVHFVaFJYbGEvcmpKRC83N09HdHVMdGJUbUp3TFVuU2FDTFJ1RzFWT1JYTXd4Z05Hc2pSSUJDTUxaNjhNNGRXMXYrdWtTRktvPXw&cppv=2
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
630045
content-length
0
expires
0
envelope
api.rlcdn.com/api/identity/
0
0

ProfilesEngineServlet
api.intentiq.com/profiles_engine/
Redirect Chain
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&cttl=43200000
  • https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&cttl=43200000&ckls=true&ci=Facu28oFEq&...
80 B
812 B
XHR
General
Full URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&cttl=43200000&ckls=true&ci=Facu28oFEq&nc=false&trid=c59a0162-5b7e-4dc5-b999-b6f064baf9e5
Protocol
H2
Server
13.226.34.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-34-62.ewr53.r.cloudfront.net
Software
Apache-Coyote/1.1 /
Resource Hash
00c70cff3fd21f8dd2e78511e7a61494a5957ba6daab50490314784fe1c7f481

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 ea5efad48fd2ca3e2050f885ef5ad57c.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
patent
https://www.almondnet.com/ip
alt-svc
h3=":443"; ma=86400
pragma
no-cache
server
Apache-Coyote/1.1
vary
Origin
access-control-allow-methods
POST, GET
content-type
text/html
access-control-allow-origin
https://notepad.pw
access-control-max-age
3600
access-control-allow-credentials
true
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Accept, X-Requested-With, remember-me
x-amz-cf-id
1w04HSQMUySxISG1JT42GKdZdiijvhb0xr-UVQdwk756OPl7I2T-8Q==
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 ea5efad48fd2ca3e2050f885ef5ad57c.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
patent
https://www.almondnet.com/ip
alt-svc
h3=":443"; ma=86400
content-length
43
pragma
no-cache
server
Apache-Coyote/1.1
vary
Origin
access-control-allow-methods
POST, GET
content-type
image/gif
location
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=1434517136&pt=17&dpn=1&iiqidtype=2&iiqpcid=0660ef1b-0798-44cc-9434-0aa1c035fb04&cttl=43200000&ckls=true&ci=Facu28oFEq&nc=false&trid=c59a0162-5b7e-4dc5-b999-b6f064baf9e5
access-control-allow-origin
https://notepad.pw
access-control-max-age
3600
access-control-allow-credentials
true
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Accept, X-Requested-With, remember-me
x-amz-cf-id
k-TeWr1iO8184NUZQS-n8Pxd0qQQx2Fymnp6E-3MjKBuS9NF0fL4Gw==
expires
Thu, 01 Jan 1970 00:00:00 GMT
rid
match.adsrvr.org/track/
109 B
540 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=6bjin1p&fmt=json
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
5a217a6233baa473011dee13badc4d4a3adb47833c0e9c926b4e222c083e32f9

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://notepad.pw
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Fri, 07 Jul 2023 01:07:31 GMT
esp.js
cdn.id5-sync.com/api/1.0/
59 KB
17 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6df03d6bd1a8ca1ce49d6b92d5fd80d5c1358191040696703718ce2054b1b2b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 06 Jun 2023 14:15:50 GMT
server
cloudflare
x-amz-request-id
V4GK4QPV62PB8M8Z
age
3255
etag
W/"8c1740edd46834c66e82586d99a9e74c"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
7d34ffa7ffde17b8-IAD
x-amz-id-2
9Ie32ExBRwSWV7XTNjfDAqZvJUwgc31KKciib0cpdNfl6iSRt02hQ1fWNQSLNCCaCvA4MtBmKe4=
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/
732 B
896 B
Script
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 07 Jun 2023 01:07:31 GMT
x-content-type-options
nosniff
content-encoding
br
age
6478
x-jsd-version
master
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
439
x-served-by
cache-fra-eddf8230042-FRA, cache-yul12821-YUL
x-jsd-version-type
branch
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/
2 KB
2 KB
Script
General
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 00:16:13 GMT
via
1.1 google
age
3078
x-guploader-uploadid
ADPycdtx6bg-byopTu8e37N5_ZHN0DRbSMg7VBUMPi1rQCn5IqABd8OXroVw5a91x3Qi3LZBuUy35QqXhFXDnJW16NNKNA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1938
last-modified
Thu, 27 Apr 2023 19:53:17 GMT
server
UploadServer
etag
"0a4a90264145ed4c5c647dae5dfb0429"
x-goog-generation
1682625197861193
x-goog-hash
crc32c=jhvysQ==, md5=CkqQJkFF7UxcZH2uXfsEKQ==
content-type
text/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
1938
accept-ranges
bytes
expires
Wed, 07 Jun 2023 01:16:13 GMT
esp.js
oa.openxcdn.net/
24 KB
8 KB
Script
General
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Fri, 19 May 2023 23:15:03 GMT
content-encoding
gzip
age
1561948
x-guploader-uploadid
ADPycdtN0isEc5QSyz-7igCp3CdeQ5DOCcg6MFW504fz-H4BXTZsQLogi-2JnB1NeYZfqyAqxkhypOs108gwREU1dCrhEg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Sat, 18 May 2024 23:15:03 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16589/
38 KB
12 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-124.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 20:50:11 GMT
content-encoding
gzip
via
1.1 534f7e815b25f5cd40ef32ea39fc9a8c.cloudfront.net (CloudFront)
last-modified
Wed, 31 May 2023 20:34:33 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
15441
etag
W/"550ead3a95bd6cfcd917d45c5f8f4553"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=86400
x-amz-cf-id
0pBblXXjCSlYTaELbvmJ8XYc2fm_ZZChDJxwg9mBe-nLkMqVwmeD1g==
bidRequest
c2shb.pubgw.yahoo.com/ Frame
0
0
Preflight
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://notepad.pw
access-control-max-age
600
age
0
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
server
ATS/9.1.10.57
bidRequest
c2shb.pubgw.yahoo.com/ Frame
0
0
Preflight
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://notepad.pw
access-control-max-age
600
age
0
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
server
ATS/9.1.10.57
cookie_sync
s2s.t13.io/
2 KB
836 B
XHR
General
Full URL
https://s2s.t13.io/cookie_sync
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
c91c370adc1a26d939df0936521af0aa7a90cf340308cf2f1ac56a4bedeea3b4

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
via
1.1 google
content-type
application/json
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
617
expires
0
auction
s2s.t13.io/openrtb2/
1 KB
546 B
XHR
General
Full URL
https://s2s.t13.io/openrtb2/auction
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
1de73eb8bbaafba4f0c0df290c5ff936d026bc180b84919b9ac7885f8edc5c0d

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
via
1.1 google
x-prebid
pbs-java/1.114.0
content-type
application/json
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
458
expires
0
bidRequest
c2shb.pubgw.yahoo.com/
66 B
285 B
XHR
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
7726d9d585fae7a7c2043351068557aa322f3744fd3cf9593127c49c60c08ab2

Request headers

Referer
https://notepad.pw/
x-openrtb-version
2.5
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
server
ATS/9.1.10.57
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/
66 B
285 B
XHR
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
b1c4706a9dc2e10615dbb97ea0bac27212753e77de3d721b6650339550d0da4e

Request headers

Referer
https://notepad.pw/
x-openrtb-version
2.5
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
server
ATS/9.1.10.57
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
content-length
84
fastlane.json
fastlane.rubiconproject.com/a/api/
565 B
890 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=55%2C221&rp_schain=1.0,1!freestar.com,1070,1,9f6b48ec-de35-49e6-aae2-78684080a216,,&eid_audigent.com=060dg9iefi9ld8dfc9glgge7hc6bjaiica7kq6unou60k4koi6q0qqm2ti0gweuui%5E1&rf=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&kw=notepadonline%2Cnotepad%2Ccloud%2Cfreenotepad%2Csavenotes%2Cnotes%2Conlinenotepad%2Ccloudnotepad%2Cwrite%2Cnote%2Cwriting%2Cpublish%2Cwebpage%2Cmarkdown&tg_v.id=76844f8d-4135-4cc9-b57d-ce338d267e97&tg_i.domain=notepad.pw&tg_i.page=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&tg_i.name=notepad-pw&tg_i.cat=IAB19&tg_i.sectioncat=IAB19&tg_i.pagecat=IAB19&tg_i.fs_optimized=false&tg_i.fs_ad_product=stickyFooter&tg_i.pbadslot=%2F15184186%2Fnotepad_970x90_728x90_320x50_Sticky%2Fnotepad_970x90_728x90_320x50_Sticky&tk_flint=pbjs_lite_v7.48.0&x_source.tid=23505263-f3b7-43d1-a4aa-7abe4f877077&l_pb_bid_id=195922a65d6de5d&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=23505263-f3b7-43d1-a4aa-7abe4f877077&rp_maxbids=1&p_gpid=%2F15184186%2Fnotepad_970x90_728x90_320x50_Sticky%2Fnotepad_970x90_728x90_320x50_Sticky&slots=1&rand=0.7189244669603194
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
a79fc2b881d270478835377ae9375c123c6911c17f8c2902eae4d0689479d34d

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://notepad.pw
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
565
expires
Wed, 17 Sep 1975 21:32:10 GMT
pbjs
htlb.casalemedia.com/openrtb/
37 B
543 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=538329
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34aff0229000197ac182288139f7bd04cb2d5e23ab4b6d37c2ba454c1138dc78

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Nz24bhh2REwhKdN71HD5Tu%2BBiZb8WavFESJiCRti8hq4tIsZdNYO8GuP6GQCwX2aTP8cJJ%2Be%2BMzCyPbAuM1wra2%2BE1voStTr09hDWX6TPTlgIOwJ5qKyoS5oLDS6rRyQgzY1OGD"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://notepad.pw
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7d34ffa80a46a238-YYZ
alt-svc
h3=":443"; ma=86400
content-length
37
expires
0
bidRequest
c2shb.pubgw.yahoo.com/ Frame
0
0
Preflight
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://notepad.pw
access-control-max-age
600
age
0
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
server
ATS/9.1.10.57
auction
s2s.t13.io/openrtb2/
1 KB
527 B
XHR
General
Full URL
https://s2s.t13.io/openrtb2/auction
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
da634ce7864c0ed82184e805f97112842458eb7ab26d82b0f16780e635392971

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
via
1.1 google
x-prebid
pbs-java/1.114.0
content-type
application/json
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
459
expires
0
pbjs
htlb.casalemedia.com/openrtb/
37 B
313 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=538329
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9395ff8458051d8bac1886bcfb165c33a7f6976a9678bfa7db4210b4b91c62e

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoY8TnGcSWrcN1s89rpMrPIE7gFBlTIpmIMRd2Nj%2B9QA8OjNugJFUhFp55JuJU%2Bmh5HwR2f%2FCt%2FB7WMW2Y3REsxDCeQYxmYwQkuSwxqDfqzA56OozlqiktJ%2BzUGHCU7PQ6ZAyKjP"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://notepad.pw
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7d34ffa80a49a238-YYZ
alt-svc
h3=":443"; ma=86400
content-length
37
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/
567 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=16924&site_id=151312&zone_id=1498292&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!freestar.com,1070,1,9f6b48ec-de35-49e6-aae2-78684080a216,,&eid_audigent.com=060dg9iefi9ld8dfc9glgge7hc6bjaiica7kq6unou60k4koi6q0qqm2ti0gweuui%5E1&rf=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&kw=notepadonline%2Cnotepad%2Ccloud%2Cfreenotepad%2Csavenotes%2Cnotes%2Conlinenotepad%2Ccloudnotepad%2Cwrite%2Cnote%2Cwriting%2Cpublish%2Cwebpage%2Cmarkdown&tg_v.id=76844f8d-4135-4cc9-b57d-ce338d267e97&tg_i.domain=notepad.pw&tg_i.page=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&tg_i.name=notepad-pw&tg_i.cat=IAB19&tg_i.sectioncat=IAB19&tg_i.pagecat=IAB19&tg_i.fs_optimized=false&tg_i.fs_ad_product=banner&tg_i.pbadslot=%2F15184186%2Fnotepad_970x90_728x90_320x50_320x100_ATF%2Fnotepad_970x90_728x90_320x50_320x100_ATF&tk_flint=pbjs_lite_v7.48.0&x_source.tid=384ecbf2-5b4e-4ddb-b1c9-0db37a5f482d&l_pb_bid_id=44230d40775b465&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=384ecbf2-5b4e-4ddb-b1c9-0db37a5f482d&rp_maxbids=1&p_gpid=%2F15184186%2Fnotepad_970x90_728x90_320x50_320x100_ATF%2Fnotepad_970x90_728x90_320x50_320x100_ATF&slots=1&rand=0.6680473121955042
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
feb093f173be5d927aefe7ff084083559160f8b7620ca5762c437c020d24f83d

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://notepad.pw
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
567
expires
Wed, 17 Sep 1975 21:32:10 GMT
bidRequest
c2shb.pubgw.yahoo.com/
66 B
284 B
XHR
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
4bea3f2380e43853dc5987ca89b789793ee7644a7994e683bedef415cc385a63

Request headers

Referer
https://notepad.pw/
x-openrtb-version
2.5
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
server
ATS/9.1.10.57
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/
66 B
507 B
XHR
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
604c8ac85733ea3011ecf899d26755382dfc03b76d425899f02e6e0e5e3f1576

Request headers

Referer
https://notepad.pw/
x-openrtb-version
2.5
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
server
ATS/9.1.10.57
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
content-length
84
bidRequest
c2shb.pubgw.yahoo.com/ Frame
0
0
Preflight
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://notepad.pw
access-control-max-age
600
age
0
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
server
ATS/9.1.10.57
encrypt
esp.rtbhouse.com/
241 B
335 B
Fetch
General
Full URL
https://esp.rtbhouse.com/encrypt
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
d3f1f119eab957ff7b3c38932ab2e6a2c96fd4851169e77dec853ac30531dfc0

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
server
Google Frontend
content-type
application/json
access-control-allow-origin
*
x-cloud-trace-context
52c5202a25429c39833b1a60830196b5
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
241
encrypt
esp.rtbhouse.com/ Frame
0
0
Preflight
General
Full URL
https://esp.rtbhouse.com/encrypt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET
access-control-allow-origin
https://notepad.pw
access-control-max-age
600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
content-type
text/plain; charset=utf-8
date
Wed, 07 Jun 2023 01:07:31 GMT
server
Google Frontend
vary
Origin
via
1.1 google
x-cloud-trace-context
400e635e8e2eeb98410bef54be1e66db
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&rid=esp
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&rid=esp&cc=1
85 B
202 B
Fetch
General
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&rid=esp&cc=1
Protocol
H2
Server
34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
53.135.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
7640ea68730a2bc40616a49c2bfcbde39bc05f50662be6b27b434de566f7b9bb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-pS7baZscX4kjZc/ydH33e8qWZmo"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://notepad.pw
location
/esp?url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
rules-p-UeXruRVtZz7w6.js
rules.quantcount.com/
2 KB
1 KB
Script
General
Full URL
https://rules.quantcount.com/rules-p-UeXruRVtZz7w6.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:6600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:06:51 GMT
content-encoding
gzip
via
1.1 58138fe3ecbee18734b57632af81590a.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
age
41
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Thu, 07 Dec 2017 17:06:25 GMT
server
AmazonS3
etag
W/"cbc97d16c77ea1fcbbf42d246001e982"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-id
WdEbgLub75pyIcJsX0C7PA5c53xA0jrelx6QmpiHsFpp6e6enpTR5Q==
map
bcp.crwdcntrl.net/6/
235 B
690 B
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.213.57.151 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-213-57-151.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ce93b22a842452f93c21916876a56758877c3501f51f54482104e909780dc2c6

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://notepad.pw
cache-control
no-cache
x-server
10.40.4.133
access-control-allow-credentials
true
content-length
235
expires
0
increment
id5-sync.com/api/esp/
0
319 B
XHR
General
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.111 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203177.ip-141-95-33.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://notepad.pw
date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
setuid
s2s.t13.io/
Redirect Chain
  • https://ads.yieldmo.com/pbsync?gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dyieldmo%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f...
  • https://s2s.t13.io/setuid?bidder=yieldmo&gpp=&gpp_sid=&f=i&uid=gaa9be8318803ee25e3d&gdpr=&gdpr_consent=&us_privacy=
86 B
411 B
Image
General
Full URL
https://s2s.t13.io/setuid?bidder=yieldmo&gpp=&gpp_sid=&f=i&uid=gaa9be8318803ee25e3d&gdpr=&gdpr_consent=&us_privacy=
Protocol
H2
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
via
1.1 google
content-type
image/png
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=utf-8
location
https://s2s.t13.io/setuid?bidder=yieldmo&gpp=&gpp_sid=&f=i&uid=gaa9be8318803ee25e3d&gdpr=&gdpr_consent=&us_privacy=
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
0
v1
lb.eu-1-id5-sync.com/lb/
33 B
397 B
XHR
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.116 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31533567.ip-162-19-138.eu
Software
/
Resource Hash
90223887289d9f9207ca6e8a12ec69c4c422fd481ef18a3742b64bf862de29be
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://notepad.pw
date
Wed, 07 Jun 2023 01:07:30 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
pixel;r=312503806;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.clou...
pixel.quantserve.com/
35 B
372 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=312503806;labels=keywords.notepad%20online%2Ckeywords.notepad%2Ckeywords.cloud%2Ckeywords.free%20notepad%2Ckeywords.save%20notes%2Ckeywords.notes%2Ckeywords.online%20notepad%2Ckeywords.cloud%20notepad%2Ckeywords.write%2Ckeywords.note%2Ckeywords.writing%2Ckeywords.publish%2Ckeywords.webpage%2Ckeywords.markdown%2Ctitle.notepad.pw;rf=0;a=p-UeXruRVtZz7w6;url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ;uht=2;fpan=1;fpa=P0-172073062-1686100051172;pbc=;ns=0;ce=1;qjs=1;qv=c818c8ec-20230509111053;cm=;gdpr=0;ref=;d=notepad.pw;dst=0;et=1686100051297;tzo=0;ogl=type.website%2Ctitle.notepad%252Epw%2Cdescription.Save%20your%20notes%20online%20for%20free%20and%20share%20them%20with%20friends!%2Curl.https%3A%2F%2Fnotepad%252Epw%2Cimage.https%3A%2F%2Fnotepad%252Epw%2Fog-icon%252Epng;ses=b1c39b47-dc83-4ed5-86ad-303124e70907;mdl=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:1456:d0e1:7db4:a56b , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
iu3
s.amazon-adsystem.com/ Frame 008F
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&dcc=t
391 B
1 KB
Document
General
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
1e9e62fa4a2bebc6cd0311b93fde6ec82d8d468c6daac0883272ff130d6421bc
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
391
Content-Type
text/html;charset=ISO-8859-1
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
E2AZHBZJASYKNPE68SRY

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
6TKYZNY79HWNYB9VBX9B
pd
google-bidout-d.openx.net/w/1.0/ Frame 3061
594 B
813 B
Document
General
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
15a10961eed18ca044eb50fc117a606e972504d595f464b78f0ef359d017ef32

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
386
content-type
text/html
date
Wed, 07 Jun 2023 01:07:31 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
5a2fbf6d-02a4-e9a1-ddb2-8735ff6768fd
pr-bh.ybp.yahoo.com/sync/openx/ Frame 3061
43 B
602 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/5a2fbf6d-02a4-e9a1-ddb2-8735ff6768fd?gdpr=0
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:57e7:e371:5d38:89ec Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
dcm
s.amazon-adsystem.com/ Frame 3061
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=963ea554-8ea2-c012-2c6b-135768036e54
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=963ea554-8ea2-c012-2c6b-135768036e54&dcc=t
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=963ea554-8ea2-c012-2c6b-135768036e54&dcc=t
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
WZZP2YWEQY8H5N1NBN2E
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
QQFB82V1XRP4G4M8MXBK
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=963ea554-8ea2-c012-2c6b-135768036e54&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 3061
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=cee8d929-9208-7be8-ec65-91c00030a5b4&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=3cb465a7-33d3-4284-ad3f-52bfa548d86e&ttd_puid=cee8d929-9208-7be8-ec65-91c00030a5b4&gdpr=0&gdpr_consent=
43 B
323 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=3cb465a7-33d3-4284-ad3f-52bfa548d86e&ttd_puid=cee8d929-9208-7be8-ec65-91c00030a5b4&gdpr=0&gdpr_consent=
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=3cb465a7-33d3-4284-ad3f-52bfa548d86e&ttd_puid=cee8d929-9208-7be8-ec65-91c00030a5b4&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
335
pixel
cm.g.doubleclick.net/ Frame 3061
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI4NzBhZTMtNWI3Zi0yNTRjLWY5ODUtY2I3OWNhZDI2YmQ0
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI4NzBhZTMtNWI3Zi0yNTRjLWY5ODUtY2I3OWNhZDI2YmQ0&google_tc=
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI4NzBhZTMtNWI3Zi0yNTRjLWY5ODUtY2I3OWNhZDI2YmQ0&google_tc=
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZTI4NzBhZTMtNWI3Zi0yNTRjLWY5ODUtY2I3OWNhZDI2YmQ0&google_tc=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 3061
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc=
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL47GtfMt3OFNV9Gh5mSNKQ&google_cver=1
43 B
106 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL47GtfMt3OFNV9Gh5mSNKQ&google_cver=1
Requested by
Host: google-bidout-d.openx.net
URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Protocol
H2
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://google-bidout-d.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL47GtfMt3OFNV9Gh5mSNKQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
s2s.t13.io/
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs2s.t13.io%252Fsetuid%253Fbidder%253Dadnxs%2526gdpr%253D%2526gdpr_consent%253D%2526us_privacy%253D%2526gpp%253D%2526gpp_sid%253D%2526f%25...
  • https://s2s.t13.io/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=7815982874283791367
86 B
117 B
Image
General
Full URL
https://s2s.t13.io/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=7815982874283791367
Protocol
H3
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
via
1.1 google
content-type
image/png
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0

Redirect headers

Date
Wed, 07 Jun 2023 01:07:31 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
14473093-3115-4b54-be75-3a858024bc13
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://s2s.t13.io/setuid?bidder=adnxs&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=7815982874283791367
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=CwjDkXwvQ1dXNFR3ZGRGa2FSUDFCcGQ0MHR6d0FLaXdjS2VGTkNWMy9NcWRSQlE0SVpHUVNTUHE3ZThMdWxpT0pLQkRhbDlLb3RvdlEvMnNjWkNXckJaSW9iYWFsR1BtNXB0Q1RRSmVqZFp0UjA1ZU1JQjUvemtEaDhRMnc3R29DU000NGRNUHFKR0JBdVJyQTJoV3Y2Mk1lYm9EN2dHYjFmTkpmU3FPVHFVaFJYbGEvcmpKRC83N09HdHVMdGJUbUp3TFVuU2FDTFJ1RzFWT1JYTXd4Z05Hc2pSSUJDTUxaNjhNNGRXMXYrdWtTRktvPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 07 Jun 2023 01:07:31 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
561917
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
pr
s.amazon-adsystem.com/v3/ Frame 19F7
4 KB
4 KB
Document
General
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
3300ffb6d0366a591ecd81493b38634aa807a43d7c84d3aa96ab9738ff0f1b85
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
3860
Content-Type
text/html;charset=ISO-8859-1
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
B09KFBWG8ZK7BF926F1X
/
optimise.net/ Frame
0
0
Preflight
General
Full URL
https://optimise.net/?k=1&d=notepad.pw&t=desktop
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.152.111.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
access-control-allow-origin
https://notepad.pw
access-control-expose-headers
fs-client-rtt
access-control-max-age
3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
expires
0
fs-client-rtt
10
pragma
no-cache
strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
/
optimise.net/
538 B
563 B
Fetch
General
Full URL
https://optimise.net/?k=1&d=notepad.pw&t=desktop
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.152.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
239.152.111.34.bc.googleusercontent.com
Software
/
Resource Hash
00aa695df9f0eb57abcca9881d8d83303f54e8a7f9b9be1d55d647dcecda24f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload;

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=31536000;includeSubDomains;preload;
via
1.1 google
date
Wed, 07 Jun 2023 00:47:57 GMT
fs-client-rtt
11
age
1174
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
538
pragma
no-cache
access-control-max-age
3600
access-control-allow-methods
ACL, CANCELUPLOAD, CHECKIN, CHECKOUT, COPY, DELETE, GET, HEAD, LOCK, MKCALENDAR, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, REPORT, SEARCH, UNCHECKOUT, UNLOCK, UPDATE, VERSION-CONTROL
content-type
application/json
access-control-allow-origin
https://notepad.pw
access-control-expose-headers
fs-client-rtt
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Key, Authorization
expires
0
integrator.js
adservice.google.ca/adsid/
107 B
531 B
Script
General
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=notepad.pw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
456 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=notepad.pw
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
27 KB
12 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1470496023265706&correlator=1745831873980506&eid=31075026%2C31075092&output=ldjh&gdfp_req=1&vrg=202306010101&ptt=17&impl=fifs&iu_parts=15184186%3A3281838%2Cnotepad_970x90_728x90_320x50_320x100_ATF&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60%7C728x90%7C970x90&ifi=1&adks=500377054&sfv=1-0-40&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3D21eb07%26floors_hour%3D1%26fs_placementName%3Dnotepad_970x90_728x90_320x50_320x100_ATF%26fs_ad_product%3Dbanner%26amznbid%3D2%26amznp%3D2%26fsbid%3D0&eri=1&cust_params=fs_session_id%3D8a403060-55ac-48c0-bcf9-925f1b9068a0%26fs_pageview_id%3Da7162bdcf2c0c8bb600396504bf5d6aa%26user-agent%3DChrome%26fs_iiq_enabled%3Dtrue%26fs_used_optimise%3Dtrue%26floors_user%3D0%26floors_rtt%3D12%26fs_clientservermask%3D03032332223223220122%26fs_testgroup%3Doptimised&sc=1&cookie_enabled=1&abxe=1&dt=1686100051589&lmt=1686100051&dlt=1686100047478&idt=1515&adxs=566&adys=5&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&frm=20&vis=1&psz=1600x984&msz=1600x10&fws=0&ohw=0&ga_vid=1878714221.1686100048&ga_sid=1686100052&ga_hid=408505991&ga_fc=true&a3p=EhsKDGlkNS1zeW5jLmNvbRj3iJSbiTFIAFICCGQSWgoNY3J3ZGNudHJsLm5ldBJAM2ZkMDRiY2I3ZmQ0N2VkM2RlYTYwNzA4MDdiYjE2ZDUzOTM4MjFkYTNlZjEyNzMxMjdiNzU5NjEzYzk1OGRiNBi0i5SbiTFIABIZCgpwdWJjaWQub3JnGKSLlJuJMUgAUgIIahLWAQoIcnRiaG91c2USwAEycDM0TitKcnpCbVpLNGxlV3RQcEQvdEFhN2JGaytUb1BXRDNJSWJ4dGVMZHZoZkFuYTdPWnhQc2R2REFRZWNudXBOcmVZVzVZWENjQ2V3T3Iyc1lwMTFWaFZVaHVIYlNWUzhHdHI4WVZMUzc0Qldha1VIYnpscUpCNXhKaFlhRUsyejhDMlhtdmpTWXBNTlpYcGlNb1FTdTlmQ3J5RXljOGplb1RFdnFyR2pTR1pxNWdpSHl4MkczRVR4WHlIWmgYjoyUm4kxSAASPgoFb3BlbngSLGV5SnBJam9pU0ZWVWJXTkVkVkJTUWlzeWN6RnJiMXBDWlZkVFVUMDlJbjA9GJOLlJuJMUgA
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
34a1ac8e32ded2b3b904fa0519c94bc0d6aea20236146bb5acfa4c60a895f7ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11584
x-xss-protection
0
google-lineitem-id
6098419341
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138402788895
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
15 KB
11 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306010101&st=env
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ce481022f9c5233e98210e2c88213be3c5efdfffff3149664e43e3cf54ee5517
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11242
x-xss-protection
0
container.html
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2886
6 KB
3 KB
Document
General
Full URL
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 07 Jun 2023 01:07:31 GMT
expires
Thu, 06 Jun 2024 01:07:31 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
882.json
id5-sync.com/g/v2/
601 B
1 KB
XHR
General
Full URL
https://id5-sync.com/g/v2/882.json
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.111 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203177.ip-141-95-33.eu
Software
/
Resource Hash
9318577a3483be547445e67d5a8c1ef5308bf90227c1615c9a3990bf82fe4683
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://notepad.pw
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
ecm3
s.amazon-adsystem.com/ Frame 19F7
Redirect Chain
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmediagrid.com%26id%3D%24%7BBSW_UUID%7D
  • https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=d9b2fb28-39ce-46e8-87db-89c7433cb362
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=d9b2fb28-39ce-46e8-87db-89c7433cb362
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
HVHC0MV92DS1F8YWJHHV
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=mediagrid.com&id=d9b2fb28-39ce-46e8-87db-89c7433cb362
Date
Wed, 07 Jun 2023 01:07:31 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
ecm3
s.amazon-adsystem.com/ Frame 19F7
Redirect Chain
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E
  • https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3291016511455375000V10
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3291016511455375000V10
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
BMGP02CK0KJ9DY0J2FHQ
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3291016511455375000V10
Content-Type
text/html
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
154
x-mnet-hl2
E
Expires
Wed, 07 Jun 2023 01:07:32 GMT
ecm3
s.amazon-adsystem.com/ Frame 19F7
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID
  • https://match.prod.bidr.io/cookie-sync/amzn?r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dbeeswax.com%26id%3D%24UID&_bee_ppp=1
  • https://s.amazon-adsystem.com/ecm3?id=AACa5U7I_7EAACHSRjBZpw&ex=beeswax.com
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=AACa5U7I_7EAACHSRjBZpw&ex=beeswax.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
M1SV4K3EW31YHFJ5JEHN
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location
https://s.amazon-adsystem.com/ecm3?id=AACa5U7I_7EAACHSRjBZpw&ex=beeswax.com
Date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
ecm3
s.amazon-adsystem.com/ Frame 19F7
Redirect Chain
  • https://um.simpli.fi/amazon/https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsimpli.fi%26id%3D
  • https://s.amazon-adsystem.com/ecm3?id=F85E199DA9AF4AFEBDD5457935717FEC&ex=simpli.fi&status=ok
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=F85E199DA9AF4AFEBDD5457935717FEC&ex=simpli.fi&status=ok
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
M1C98X28TDVY0JNVSB8C
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://s.amazon-adsystem.com/ecm3?id=F85E199DA9AF4AFEBDD5457935717FEC&ex=simpli.fi&status=ok
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Tue, 06 Jun 2023 01:07:31 GMT
usermatch
ssum-sec.casalemedia.com/ Frame DC9A
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
2 KB
3 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
0ec6510d989109184b53430be7b56d3c8e021a30d1e3074c76d755ea090fbfcb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
1847
Content-Type
text/html
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
0
Keep-Alive
timeout=1, max=499
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache

Redirect headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Length
0
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
0
Keep-Alive
timeout=1, max=500
Location
/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Pragma
no-cache
Server
Apache
cm
u.openx.net/w/1.0/ Frame 114A
715 B
760 B
Document
General
Full URL
https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
5f02add46061bb37a4d3dd4eb3e19f4697f8b6463b61ef441b856844a3d7428d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
449
content-type
text/html
date
Wed, 07 Jun 2023 01:07:31 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
ecm3
s.amazon-adsystem.com/ Frame AE22
Redirect Chain
  • https://sync.inmobi.com/TAM?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D
  • https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dinmobi.com%26id%3D%7BID5UID%7D
  • https://id5-sync.com/c/495/0/0/1.gif?gdpr=0&gdpr_consent=&us_privacy=
  • https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-40b25cSReN4GvyNr7eBfg3UboK5ojvgUu4-lqG0D2A
43 B
479 B
Document
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-40b25cSReN4GvyNr7eBfg3UboK5ojvgUu4-lqG0D2A
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Wed, 07 Jun 2023 01:07:32 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
EWM25RPEHNBBJSJW9E0C

Redirect headers

date
Wed, 07 Jun 2023 01:07:31 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=inmobi.com&id=ID5-40b25cSReN4GvyNr7eBfg3UboK5ojvgUu4-lqG0D2A
p3p
CP="CAO PSA OUR"
strict-transport-security
max-age=63072000; includeSubDomains; preload
transfer-encoding
chunked
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
/
match.sharethrough.com/jwumXNuB/v1/ Frame 4D75
427 B
941 B
Document
General
Full URL
https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.233.8.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-8-239.compute-1.amazonaws.com
Software
/
Resource Hash
438f716fea0464247732f41161158f124399532de2a861749eaaaa3bda6dd44a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-length
427
date
Wed, 07 Jun 2023 01:07:31 GMT
tamptsync
sync-amz.ads.yieldmo.com/ Frame 7452
1 KB
1020 B
Document
General
Full URL
https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.16.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-16-77.compute-1.amazonaws.com
Software
/
Resource Hash
0996ee07105c2448c5a9183bb8f2f9402cc60cbae16538724d0574a84d380588

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-headers
Cache-Control, Pragma, *
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html;charset=utf-8
date
Wed, 07 Jun 2023 01:07:31 GMT
pragma
no-cache
vary
accept-encoding
usync.html
eus.rubiconproject.com/ Frame B9C7
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.127.172.242 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-127-172-242.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Wed, 07 Jun 2023 01:07:31 GMT
ETag
"40010-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
visitormatch
bh.contextweb.com/ Frame 90E2
Redirect Chain
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint
  • https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
828 B
2 KB
Document
General
Full URL
https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
8842c968bf1d952c933446a078e6103cae33b999b18bde05723590a5d91d7b46
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
en-CA
content-length
828
content-type
text/html;charset=iso-8859-1
cw-server
bh-deployment-6d945594b4-q7tcc
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000

Redirect headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cache-control
private, max-age=0, no-cache, no-store
content-language
en-CA
cw-server
bh-deployment-6d945594b4-q7tcc
expires
-1
location
/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
server
Jetty(10.0.14)
strict-transport-security
max-age=15768000
ecm3
s.amazon-adsystem.com/ Frame 27C2
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS02Z0s5T3RWRTJ1TFU1OEN1Vmp2a3IzQkZLZlhNYnl4WH5B
43 B
479 B
Document
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS02Z0s5T3RWRTJ1TFU1OEN1Vmp2a3IzQkZLZlhNYnl4WH5B
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
ZQWSAR9J4BMQQRN89YYD

Redirect headers

age
0
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS02Z0s5T3RWRTJ1TFU1OEN1Vmp2a3IzQkZLZlhNYnl4WH5B
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.57
strict-transport-security
max-age=31536000
ecm3
s.amazon-adsystem.com/ Frame 07F8
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
  • https://s.amazon-adsystem.com/ecm3?id=7815982874283791367&ex=appnexus.com
43 B
479 B
Document
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=7815982874283791367&ex=appnexus.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
CSTW8HG9KJV2KFB4N04Z

Redirect headers

AN-X-Request-Uuid
c099e5d5-8d5c-497d-b346-ed3d2853f2de
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Wed, 07 Jun 2023 01:07:31 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://s.amazon-adsystem.com/ecm3?id=7815982874283791367&ex=appnexus.com
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
amazon
ce.lijit.com/beacon/ Frame 0E00
Redirect Chain
  • https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
  • https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
  • https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
1 KB
1 KB
Document
General
Full URL
https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
c9d69c16657e693b274b6b2a9ce6dbf55e3d3ef9eef9411bcee32a2cb0e74ffd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Encoding
gzip
Content-Length
489
Content-Type
text/html
Date
Wed, 07 Jun 2023 01:07:32 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Vary
Accept-Encoding, User-Agent
X-Sovrn-Pod
ad_ap5ewr1

Redirect headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Length
0
Date
Wed, 07 Jun 2023 01:07:32 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Location
https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap5ewr1
sync-iframe
cs-server-s2s.yellowblue.io/ Frame 34B6
1 KB
1 KB
Document
General
Full URL
https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
52.73.67.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-67-166.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
3f8844d4689bf09cdc56f90d258d9c3607b6c0f062bf53db0ea3415f0d90f6ad

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
cs-server-s2s.yellowblue.io
content-length
1049
content-type
text/html
date
Wed, 07 Jun 2023 01:07:31 GMT
server
istio-envoy
x-envoy-upstream-service-time
3
ecm3
s.amazon-adsystem.com/ Frame 7969
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1210305347838173658572
43 B
479 B
Document
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1210305347838173658572
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-mediagrid_n-index_n-MediaNet_n-Beeswax_ox-db5_n-inmobi_n-sharethrough_n-simpli.fi_ym_rbd_ppt_n-vmg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Wed, 07 Jun 2023 01:07:32 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
FWW3NK83S4BGBBDZGT0Y

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=1210305347838173658572
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
ads
securepubads.g.doubleclick.net/gampad/
22 KB
11 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1470496023265706&correlator=1745831873980506&eid=31075026%2C31075092&output=ldjh&gdfp_req=1&vrg=202306010101&ptt=17&impl=fifs&iu_parts=15184186%3A3281838%2Cnotepad_970x90_728x90_320x50_Sticky&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1%7C728x90%7C970x90&ifi=2&adks=379936467&sfv=1-0-40&prev_scp=fsrefresh%3D0%26fsrebid%3D0%26floors_id%3D21eb07%26floors_hour%3D1%26fs_placementName%3Dnotepad_970x90_728x90_320x50_Sticky%26fs_ad_product%3DstickyFooter%26amznbid%3D2%26amznp%3D2%26fsbid%3Dtimeout&eri=1&cust_params=fs_session_id%3D8a403060-55ac-48c0-bcf9-925f1b9068a0%26fs_pageview_id%3Da7162bdcf2c0c8bb600396504bf5d6aa%26user-agent%3DChrome%26fs_iiq_enabled%3Dtrue%26fs_used_optimise%3Dtrue%26floors_user%3D0%26floors_rtt%3D12%26fs_clientservermask%3D03032332223223220122%26fs_testgroup%3Doptimised&sc=1&cookie_enabled=1&abxe=1&dt=1686100051637&lmt=1686100051&dlt=1686100047478&idt=1515&adxs=436&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&frm=20&vis=1&psz=1600x-1&msz=1600x-1&fws=512&ohw=0&ga_vid=1878714221.1686100048&ga_sid=1686100052&ga_hid=408505991&ga_fc=true&a3p=EhsKDGlkNS1zeW5jLmNvbRiUjZSbiTFIAFICCGoSWgoNY3J3ZGNudHJsLm5ldBJAM2ZkMDRiY2I3ZmQ0N2VkM2RlYTYwNzA4MDdiYjE2ZDUzOTM4MjFkYTNlZjEyNzMxMjdiNzU5NjEzYzk1OGRiNBi0i5SbiTFIABIZCgpwdWJjaWQub3JnGKSLlJuJMUgAUgIIahLWAQoIcnRiaG91c2USwAEycDM0TitKcnpCbVpLNGxlV3RQcEQvdEFhN2JGaytUb1BXRDNJSWJ4dGVMZHZoZkFuYTdPWnhQc2R2REFRZWNudXBOcmVZVzVZWENjQ2V3T3Iyc1lwMTFWaFZVaHVIYlNWUzhHdHI4WVZMUzc0Qldha1VIYnpscUpCNXhKaFlhRUsyejhDMlhtdmpTWXBNTlpYcGlNb1FTdTlmQ3J5RXljOGplb1RFdnFyR2pTR1pxNWdpSHl4MkczRVR4WHlIWmgYjoyUm4kxSAASPgoFb3BlbngSLGV5SnBJam9pU0ZWVWJXTkVkVkJTUWlzeWN6RnJiMXBDWlZkVFVUMDlJbjA9GJOLlJuJMUgA
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c67561901bb3313c5feaa2631feb552dc9b25419663ad669c6f04c5cc04cef3a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10687
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 114A
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=963ea554-8ea2-c012-2c6b-135768036e54
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
4YC5Y8S9E3SNN91KKNBB
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
ups.analytics.yahoo.com/ups/58294/ Frame 114A
0
289 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=e02c5aa0-4a62-41a1-bf42-50ca979351dd
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.200.65.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-200-65-202.compute-1.amazonaws.com
Software
ATS/9.1.10.57 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
458249.gif
idsync.rlcdn.com/ Frame 114A
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
  • https://id.rlcdn.com/464246.gif?partner_uid=9b2ea64f-5f4f-4d88-b31c-113339abc46c
  • https://id.rlcdn.com/1000.gif?memo=CPaqHBIvCisIARCUaxokOWIyZWE2NGYtNWY0Zi00ZDg4LWIzMWMtMTEzMzM5YWJjNDZjEAAaDQjTsP-jBhIFCOgHEABCAEoA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=5f0074577ef22fb53c641325bba81aa35e4f54dcd50201559596e69259b07304791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA1ZjAwNzQ1NzdlZjIyZmI1M2M2NDEzMjViYmE4MWFhMzVlNGY1NGRjZDUwMjAxNTU5NTk2ZTY5MjU5YjA3MzA0NzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA1ZjAwNzQ1NzdlZjIyZmI1M2M2NDEzMjViYmE4MWFhMzVlNGY1NGRjZDUwMjAxNTU5NTk2ZTY5MjU5YjA3MzA0NzkxNDI2YjU0MTdkY2UyMRAAGgwI07D_owYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=a663e10e-13d2-4f94-8c31-661d0b506785
42 B
309 B
Image
General
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=a663e10e-13d2-4f94-8c31-661d0b506785
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=a663e10e-13d2-4f94-8c31-661d0b506785
date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
x-samesite
secure
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111
content-type
text/html; charset=utf-8
sd
us-u.openx.net/w/1.0/ Frame 114A
Redirect Chain
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=7815982874283791367
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072399&val=7815982874283791367
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Wed, 07 Jun 2023 01:07:31 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
3922cbe8-3a30-4dbb-bb1b-39ab8a8c7e46
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://us-u.openx.net/w/1.0/sd?id=537072399&val=7815982874283791367
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 114A
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=2923935608525020492&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=2923935608525020492&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=2923935608525020492&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame 114A
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=ZH-YUwAPzWGz7QBL
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZH-YUwAPzWGz7QBL&_test=ZH-YUwAPzWGz7QBL
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZH-YUwAPzWGz7QBL&_test=ZH-YUwAPzWGz7QBL
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by
cache-yyz4542-YYZ
pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 varnish
server
Varnish
x-timer
S1686100052.788015,VS0,VE0
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZH-YUwAPzWGz7QBL&_test=ZH-YUwAPzWGz7QBL
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
setuid
s2s.t13.io/
Redirect Chain
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24%7BBSW_UUID%7D
  • https://s2s.t13.io/setuid?bidder=grid&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=c16a41c7-4743-4474-9cc0-204cc718bc2e
86 B
117 B
Image
General
Full URL
https://s2s.t13.io/setuid?bidder=grid&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=c16a41c7-4743-4474-9cc0-204cc718bc2e
Protocol
H3
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
via
1.1 google
content-type
image/png
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0

Redirect headers

Location
https://s2s.t13.io/setuid?bidder=grid&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=i&uid=c16a41c7-4743-4474-9cc0-204cc718bc2e
Date
Wed, 07 Jun 2023 01:07:31 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://notepad.pw
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 07 Jun 2023 01:07:31 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
4c7b884f7ad813ab071f360126fe9457cd75ff86ccee28c672a9bc04777c9a5c

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 07 Jun 2023 01:07:31 GMT
ecm3
s.amazon-adsystem.com/ Frame 4D75
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=75edbeff-d036-4ef2-8cfc-787161973880
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
MF9B3ZRZ78DW47NJ3HVR
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
v1
match.sharethrough.com/sync/ Frame 4D75
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
68 B
605 B
Image
General
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.233.8.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-8-239.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
v1
match.sharethrough.com/sync/ Frame 4D75
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
  • https://pixel.rubiconproject.com/exchange/sync.php?p=18694&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LIL0FQ4J-B-K8AN&gdpr=0
68 B
604 B
Image
General
Full URL
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LIL0FQ4J-B-K8AN&gdpr=0
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.233.8.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-8-239.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://match.sharethrough.com/sync/v1?source_id=UiRtTsXAfjmfSDAKnR1FjWsu&source_user_id=LIL0FQ4J-B-K8AN&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
e71ccbe96f42d70fa40603ada4c96b28
Expires
0
v1
match.sharethrough.com/sync/ Frame 4D75
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
68 B
610 B
Image
General
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.233.8.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-8-239.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
v1
match.sharethrough.com/sync/ Frame 4D75
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
68 B
608 B
Image
General
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.233.8.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-8-239.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
sync
sync-pm.ads.yieldmo.com/ Frame 34B6
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&rdf=1
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QUQzMDIzQjQtMTE5RS00NEVDLUE1MEYtNzFBRTM1NDJDRDU1&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160648&pmc=1&pr=https%3A%2F%2Fsync-pm.ads.yieldmo.com%2Fsync%3Fpn_id%3Dpub%26id%3D8077D456-AB2D-4723-BFBF-C06A08DCDD97%26gdpr%3D0%26gdpr_consent%3D
  • https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
43 B
810 B
Image
General
Full URL
https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Protocol
H2
Server
50.16.16.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-16-77.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

location
https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
date
Tue, 06 Jun 2023 23:54:40 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cs
cs-server-s2s.yellowblue.io/ Frame 34B6
Redirect Chain
  • https://ssc-cms.33across.com/ps/?ri=0015a00002hdV5tAAE&ru=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11580%26puid%3D33XUSERID33X
  • https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212180027127482
0
329 B
Image
General
Full URL
https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212180027127482
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Protocol
H2
Server
52.73.67.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-67-166.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
server
istio-envoy
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
referrer-policy
unsafe-url
server
33XP005
x-33x-status
100000000008200000C
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location
https://cs-server-s2s.yellowblue.io/cs?aid=11580&puid=212180027127482
cache-control
no-store, no-cache, must-revalidate
content-length
0
expires
Thu, 01-Jan-70 00:00:01 GMT
cs
cs.yellowblue.io/ Frame 34B6
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58760/sync?redir=true&gdpr=0&gdpr_consent=
  • https://cs.yellowblue.io/cs?aid=11591&id=y-Q.Kxo2JE2uLjizOvelGTx5e7P77nIJ8X~A&gdpr_in_effect=0
0
329 B
Image
General
Full URL
https://cs.yellowblue.io/cs?aid=11591&id=y-Q.Kxo2JE2uLjizOvelGTx5e7P77nIJ8X~A&gdpr_in_effect=0
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Protocol
H2
Server
52.73.67.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-67-166.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
server
istio-envoy
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0

Redirect headers

location
https://cs.yellowblue.io/cs?aid=11591&id=y-Q.Kxo2JE2uLjizOvelGTx5e7P77nIJ8X~A&gdpr_in_effect=0
date
Wed, 07 Jun 2023 01:07:31 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
cs
cs.yellowblue.io/ Frame 34B6
Redirect Chain
  • https://ads.stickyadstv.com/user-matching?id=3663&gdpr=0&gdpr_consent=
  • https://cs.yellowblue.io/cs?aid=11601&id=41e527ed69fd61b2a14b2b5e972d3a&gdpr_consent=&gdpr=0
0
329 B
Image
General
Full URL
https://cs.yellowblue.io/cs?aid=11601&id=41e527ed69fd61b2a14b2b5e972d3a&gdpr_consent=&gdpr=0
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Protocol
H2
Server
52.73.67.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-67-166.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
server
istio-envoy
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0

Redirect headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://cs.yellowblue.io/cs?aid=11601&id=41e527ed69fd61b2a14b2b5e972d3a&gdpr_consent=&gdpr=0
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1686100052119087-162
cs
cs.yellowblue.io/ Frame 34B6
Redirect Chain
  • https://match.sharethrough.com/universal/v1?supply_id=5926d422&gdpr=0&gdpr_consent=
  • https://cs.yellowblue.io/cs?aid=11587&uid=75edbeff-d036-4ef2-8cfc-787161973880&gdpr=0
0
329 B
Image
General
Full URL
https://cs.yellowblue.io/cs?aid=11587&uid=75edbeff-d036-4ef2-8cfc-787161973880&gdpr=0
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Protocol
H2
Server
52.73.67.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-67-166.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
server
istio-envoy
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0

Redirect headers

location
https://cs.yellowblue.io/cs?aid=11587&uid=75edbeff-d036-4ef2-8cfc-787161973880&gdpr=0
date
Wed, 07 Jun 2023 01:07:31 GMT
content-length
0
cs
cs-server-s2s.yellowblue.io/ Frame 34B6
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D
  • https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=26e8c5bf-45e7-46ad-a722-cd52219971f7
0
329 B
Image
General
Full URL
https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=26e8c5bf-45e7-46ad-a722-cd52219971f7
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Protocol
H2
Server
52.73.67.166 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-73-67-166.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
server
istio-envoy
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript
access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0

Redirect headers

date
Wed, 07 Jun 2023 01:07:31 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=26e8c5bf-45e7-46ad-a722-cd52219971f7
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ecm3
s.amazon-adsystem.com/ Frame 34B6
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rise.com&id=qAS83E_akp_s
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
3A63GEYHV60DNA8CYGQ2
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 7452
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=ym.com&id=gaa9be8318803ee25e3d
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
W0YWZ14A84HY9VY3A98N
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7452
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo_dbm&google_hm=Z2FhOWJlODMxODgwM2VlMjVlM2Q=
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
ads.yieldmo.com/v000/ Frame 7452
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo_dbm&google_cm&pn_id=c
  • https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEC1FSczlkcnkioCBFXfWHQs&google_cver=1
43 B
471 B
Image
General
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEC1FSczlkcnkioCBFXfWHQs&google_cver=1
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
34.202.191.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-191-141.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEC1FSczlkcnkioCBFXfWHQs&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
299
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sync
ads.yieldmo.com/v000/ Frame 7452
Redirect Chain
  • https://ib.adnxs.com/getuid?https://ads.yieldmo.com/v000/sync?userid=$UID&pn_id=an
  • https://ads.yieldmo.com/v000/sync?userid=7815982874283791367&pn_id=an
43 B
463 B
Image
General
Full URL
https://ads.yieldmo.com/v000/sync?userid=7815982874283791367&pn_id=an
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
34.202.191.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-191-141.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Date
Wed, 07 Jun 2023 01:07:31 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
116f3700-58c0-4284-9d3d-d4c3f2156031
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://ads.yieldmo.com/v000/sync?userid=7815982874283791367&pn_id=an
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
sync-pm.ads.yieldmo.com/ Frame 7452
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160648&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160648%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync-pm.ads.y...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160648&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160648%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync-pm.ads.y...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=ODA3N0Q0NTYtQUIyRC00NzIzLUJGQkYtQzA2QTA4RENERDk3&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=-1&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=160648&pmc=1&pr=https%3A%2F%2Fsync-pm.ads.yieldmo.com%2Fsync%3Fpn_id%3Dpub%26id%3D8077D456-AB2D-4723-BFBF-C06A08DCDD97%26gdpr%3D0%26gdpr_consent%3D
  • https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
43 B
810 B
Image
General
Full URL
https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
50.16.16.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-16-77.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

location
https://sync-pm.ads.yieldmo.com/sync?pn_id=pub&id=8077D456-AB2D-4723-BFBF-C06A08DCDD97&gdpr=0&gdpr_consent=
date
Wed, 07 Jun 2023 01:07:30 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
ads.yieldmo.com/v000/ Frame 7452
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=yieldmo&ttd_tpi=1&ttd_puid=gaa9be8318803ee25e3d
  • https://ads.yieldmo.com/v000/sync?tdid=3cb465a7-33d3-4284-ad3f-52bfa548d86e
43 B
475 B
Image
General
Full URL
https://ads.yieldmo.com/v000/sync?tdid=3cb465a7-33d3-4284-ad3f-52bfa548d86e
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID
Protocol
H2
Server
34.202.191.141 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-202-191-141.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ads.yieldmo.com/v000/sync?tdid=3cb465a7-33d3-4284-ad3f-52bfa548d86e
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
181
rtset
bh.contextweb.com/bh/ Frame 90E2
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=cTI3S3Rjel82NnlueHpodVVPd3hhUQ&gdpr=0&gdpr_consent=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEDi7cOvTR33x4zPGT8aG7c8&google_cver=1
49 B
805 B
Image
General
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEDi7cOvTR33x4zPGT8aG7c8&google_cver=1
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Protocol
H2
Server
198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://bh.contextweb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-CA
content-type
image/gif;charset=iso-8859-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6d945594b4-q7tcc
expires
-1

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=0&gdpr_consent=&ev=CAESEDi7cOvTR33x4zPGT8aG7c8&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
335
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rtset
bh.contextweb.com/bh/ Frame 90E2
Redirect Chain
  • https://pulsepoint-match.dotomi.com/match/bounce/current?networkId=14200&version=1&nuid=
  • https://pulsepoint-match.dotomi.com/match/bounce/current?DotomiTest=4efd797f2241146a&is_secure=true&networkId=14200&version=1&nuid=
  • https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAHQKxeNNuRYgMzHn6EAAAAAAA&expiration=1686186452&nuid=&is_secure=true
49 B
841 B
Image
General
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAHQKxeNNuRYgMzHn6EAAAAAAA&expiration=1686186452&nuid=&is_secure=true
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Protocol
H2
Server
198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://bh.contextweb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-CA
content-type
image/gif;charset=iso-8859-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6d945594b4-q7tcc
expires
-1

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://bh.contextweb.com/bh/rtset?do=add&pid=530912&ev=AAAHQKxeNNuRYgMzHn6EAAAAAAA&expiration=1686186452&nuid=&is_secure=true
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
ecm3
s.amazon-adsystem.com/ Frame 90E2
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=c7gHZ6CzcKcL&ex=Pulsepoint
Requested by
Host: bh.contextweb.com
URL: https://bh.contextweb.com/visitormatch?p=547259,530912,534301,548607,543793,561117&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%25%25VGUID%25%25%26ex%3DPulsepoint&reat=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://bh.contextweb.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
D1MXZ4PCCNBK7H75WZJY
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame DC9A
Redirect Chain
  • https://match.adsrvr.org/track/cmf/casale
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&expiration=1688692051&gdpr=0&gdpr_consent=
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&expiration=1688692051&gdpr=0&gdpr_consent=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3cb465a7-33d3-4284-ad3f-52bfa548d86e&expiration=1688692051&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
usermatchredir
ssum-sec.casalemedia.com/ Frame DC9A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMKpRVz_4ZvMSe_Cu8hOoW4&google_cver=1
43 B
766 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMKpRVz_4ZvMSe_Cu8hOoW4&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEMKpRVz_4ZvMSe_Cu8hOoW4&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
364
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame DC9A
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB&gpp=&gpp_sid=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
TB0BSTJ4AJ50SM0GGG13
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame DC9A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZH-YU0MnngF9U4.-BkqG6QAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:31 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
330
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame DC9A
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
  • https://stags.bluekai.com/site/23178?id=pDDtIf2CLiRZz_B3Uym4&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3S...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZDTOVWS243FMMXGGYLTMFWGK3LFMRUWCLTDN5WS6Y3SOVWT6Y3NL5SHG4C7NFSD2MJXEZSXQY3IMFXGOZJ5NFXGIZLYEZSXQ5DFOJXGC3C7OVZWK4S7NFSD24CEIR2ES...
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=pDDtIf2CLiRZz_B3Uym4
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=pDDtIf2CLiRZz_B3Uym4
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Content-Type
text/html; charset=utf-8
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=pDDtIf2CLiRZz_B3Uym4
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
115
Expires
Thu, 01 Dec 1994 16:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame DC9A
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=LoKjzVEo1Q6HE85
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=LoKjzVEo1Q6HE85
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/v2.0.30-777-g304ac51#rel-ec2-master i-0972bc459aae2c7ab@us-east-1d@dxedge-app-us-east-1-prod-asg
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=LoKjzVEo1Q6HE85
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame DC9A
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
  • https://pr-bh.ybp.yahoo.com/sync/casale/ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB
43 B
602 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
H2
Server
2600:1f18:4e9:5a01:57e7:e371:5d38:89ec Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43

Redirect headers

location
https://pr-bh.ybp.yahoo.com/sync/casale/ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB
date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
rum
dsum.casalemedia.com/ Frame DC9A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=index
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=c16a41c7-4743-4474-9cc0-204cc718bc2e&ssp=index&gdpr=&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10594155178242939413&ssp=index&gdpr=&gdpr_consent=
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=&us_privacy=
43 B
632 B
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=&us_privacy=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

Location
//dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=&us_privacy=
Date
Wed, 07 Jun 2023 01:07:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
ecm3
s.amazon-adsystem.com/ Frame DC9A
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=index.com&id=ZH_YU0MnngF9U4-_BkqG6QAADWwAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&s=192259&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:31 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
0NHS04PD84R1Q1K3EBGV
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame B9C7
34 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.127.172.242 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-127-172-242.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
8b084e8bbf16a384a4dadf9caf4898e27db9eed5a5d378252a4d13b3c41f54f0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Wed, 07 Jun 2023 01:07:31 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 Jun 2023 14:19:52 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=47550
Connection
keep-alive
Content-Length
10111
Expires
Wed, 07 Jun 2023 14:20:01 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame C376
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
25875
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 06 Jun 2023 17:56:16 GMT
expires
Wed, 05 Jun 2024 17:56:16 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 8629
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ffed8740954251d18d6b8a02ad791f06e961ff74a45f5a9319156b8865699824
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-ykcW9FHNceqTziTuvz397w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-ykcW9FHNceqTziTuvz397w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 07 Jun 2023 01:07:31 GMT
expires
Wed, 07 Jun 2023 01:07:31 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ecm3
s.amazon-adsystem.com/ Frame B9C7
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LIL0FQ4J-B-K8AN
  • https://s.amazon-adsystem.com/ecm3?id=LIL0FQ4J-B-K8AN&ex=d-rubiconproject.com&status=ok
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=LIL0FQ4J-B-K8AN&ex=d-rubiconproject.com&status=ok
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
F4R1GCCK9SQBTAEP58N4
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://s.amazon-adsystem.com/ecm3?id=LIL0FQ4J-B-K8AN&ex=d-rubiconproject.com&status=ok
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
ace9692b4e77bdf741ff63add80edaca
Expires
0
/
ce.lijit.com/beacon/prebid-server/ Frame 11E8
Redirect Chain
  • https://ap.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%2...
  • https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%2...
  • https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%2...
2 KB
1 KB
Document
General
Full URL
https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-7.48.2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
89fc3373db42a9b16906f0fbe18c40cb287a64dbd10949ff5cb929e33e402b65

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Encoding
gzip
Content-Length
673
Content-Type
text/html
Date
Wed, 07 Jun 2023 01:07:32 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Vary
Accept-Encoding, User-Agent
X-Sovrn-Pod
ad_ap5ewr1

Redirect headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Length
0
Date
Wed, 07 Jun 2023 01:07:32 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Location
https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap5ewr1
EHMIEcXmxjhpa6ysVw94xheqxns9jQBWcUzwmgw4Ck0.js
pagead2.googlesyndication.com/bg/ Frame C376
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/EHMIEcXmxjhpa6ysVw94xheqxns9jQBWcUzwmgw4Ck0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10730811c5e6c638696bacac570f78c617aac67b3d8d0056714cf09a0c380a4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:19:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
13688
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Tue, 30 May 2023 11:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 05 Jun 2024 21:19:23 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 8629
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306010101&jk=1470496023265706&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

tap.php
pixel.rubiconproject.com/ Frame B9C7
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=&expires=30
42 B
688 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
0b388c490ecfef74be7d13328a4f3ac3
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3cb465a7-33d3-4284-ad3f-52bfa548d86e&gdpr=0&gdpr_consent=&expires=30
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
289
pixel
cm.g.doubleclick.net/ Frame B9C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDU0OWVlMzY5MjMyODliNDE3ZGNiOTFjNzllZGI0YzFlNWY1NmJjNw
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDU0OWVlMzY5MjMyODliNDE3ZGNiOTFjNzllZGI0YzFlNWY1NmJjNw
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NDU0OWVlMzY5MjMyODliNDE3ZGNiOTFjNzllZGI0YzFlNWY1NmJjNw
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
2fcb300b847bad3e7dd1184ec8a1c2f5
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ecm3
s.amazon-adsystem.com/ Frame B9C7
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=oPS8lIAWRx618bnc-96EWQ&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oPS8lIAWRx618bnc-96EWQ
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oPS8lIAWRx618bnc-96EWQ
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
D2G6X98F1YHFVKHXVB61
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=oPS8lIAWRx618bnc-96EWQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
84e0f527cd81a00b0210e20b4ee7ed94
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
dcm
aax-eu.amazon-adsystem.com/s/ Frame B9C7
43 B
855 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.228.203 -, , ASN (),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
W2YYKQJ3A76XV0T82VQ2
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame B9C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/q6rLJtSDn0YmWYhvde3uNA?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VjjyKJRE2oIAXZHmz6bvonDNKGWffulIy1dXJQ--~A
42 B
688 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VjjyKJRE2oIAXZHmz6bvonDNKGWffulIy1dXJQ--~A
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
2fcb300b847bad3e7dd1184ec8a1c2f5
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-VjjyKJRE2oIAXZHmz6bvonDNKGWffulIy1dXJQ--~A
content-length
0
pixel
cm.g.doubleclick.net/ Frame B9C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElMMEZRNEotQi1LOEFO
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEExHiYUBpWIWRUB7QLloVNk&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElMMEZRNEotQi1LOEFO&google_push=
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElMMEZRNEotQi1LOEFO&google_push=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElMMEZRNEotQi1LOEFO&google_push=
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
29af2665c43893332e84c235bac366c1
Expires
0
tap.php
pixel.rubiconproject.com/ Frame B9C7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBpdWTGKhThx9XXMjoN6vQ&google_cver=1
42 B
688 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBpdWTGKhThx9XXMjoN6vQ&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
382e2818ca015d35b02cd449aa60881d
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEPBpdWTGKhThx9XXMjoN6vQ&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
px.ads.linkedin.com/ Frame B9C7
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIL0FQ4J-B-K8AN
0
516 B
Image
General
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIL0FQ4J-B-K8AN
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:31 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 540B528441E644EC86891FFDFABA6C4B Ref B: YMQ01EDGE0814 Ref C: 2023-06-07T01:07:32Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX9f8KrApRJ6cba4yFR7A==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIL0FQ4J-B-K8AN
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
314e432eb2d967cf733b82bdbbe35231
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
view
securepubads.g.doubleclick.net/pcs/ Frame 61E1
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssWk7Exgja-LLFScISf5dydFDNfEeueYad9Wq26NB27DipEZDo3WPzhovsIsyV1gFTjsBCqAk77CREV62rEX5D2mfA2gAvxeWJqFU4tKlXfvwKdoX_5AjGI73K-i2y5bhUFAMez48kFFD8UZbg6Jm3XB1NwInsVcb_st40byLfgjpnuDiHOHytPpwgxTlY7b25CQF0j3y6J3iuwnuJ7A99QA-hdUgxIE9_nh71eRcTWcvDuyYUWh8tUPvcLIVkufl4wH75AK3H6dvaH57j2d6ncL_5KsyFBhyTaQMvM9rAgkr55TGcTpz7e8SEDRQysBJ9Ulm8M5Tvp1gLwOEJH7vxkqR7ZuM3iQK6JQu1JiaiWW7DiiZZKZeK0&sai=AMfl-YRFlA1uR1DbooehpeW5rTz8G0jCSjpnK8YAR4gowCKOqvzjQY7Vmx8-OnLJGF_977wEyjp66I4tntI_27XgH5RMKcizjAhH-0CMstR-Zizp-u4JrKYxWxKd57Zj_w&sig=Cg0ArKJSzML_E1I4V_gJEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
outbrain.js
widgets.outbrain.com/ Frame 61E1
227 KB
82 KB
Script
General
Full URL
https://widgets.outbrain.com/outbrain.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.41.73 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
daebb3c78c6d2847ee5af8011f38f86d6198b1627abf42691b4cfdfbf7a8c9b5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
content-encoding
gzip
edge-cache-tag
widget-cheetah
server-timing
ak_p; desc="1686100052445_389945293_179569128_8419_492_185_65_146";dur=1
x-traceid
c2d986025d1152a8deffb027e1d6550a
content-length
83577
last-modified
Tue, 30 May 2023 14:07:25 GMT
etag
"13-Pd6rSXAFiT6aupT/behWkSHCv1Y"
vary
Accept-Encoding
access-control-allow-methods
GET,POST
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=14500
access-control-allow-credentials
false
timing-allow-origin
*, *
access-control-request-headers
X-OB-STG,X-OB-PRD
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 61E1
173 KB
54 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c61b54fb4bbf7083918be7066e50126d1a95e56ccc9be9fafd69deb50ac7424b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55245
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1685965250302189"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 Jun 2023 01:07:32 GMT
generate_204
tpc.googlesyndication.com/ Frame C376
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?4AvusQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
setuid
s2s.t13.io/ Frame 11E8
0
14 B
Image
General
Full URL
https://s2s.t13.io/setuid?bidder=sovrn&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=b&uid=GxfjdTZHltIVK_yrTUyjYD5o&gdpr=0&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
content-type
text/html
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
0
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=49&3pid=c7gHZ6CzcKcL&ev=1&pid=558511&gdpr_consent=&gdpr=0
43 B
851 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=49&3pid=c7gHZ6CzcKcL&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-CA
location
https://ce.lijit.com/merge?pid=49&3pid=c7gHZ6CzcKcL&ev=1&pid=558511&gdpr_consent=&gdpr=0
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-6d945594b4-q7tcc
expires
-1
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1
  • https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
43 B
2 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT, Wed, 07 Jun 2023 01:07:32 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://cms.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=fVtQ9C9XUqFmWlSieQpKp38JUaZmC16nclcTGFUm
43 B
879 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=fVtQ9C9XUqFmWlSieQpKp38JUaZmC16nclcTGFUm
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=fVtQ9C9XUqFmWlSieQpKp38JUaZmC16nclcTGFUm
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=fmx&bsw_custom_parameter=c16a41c7-4743-4474-9cc0-204cc718bc2e
  • https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=fmx&bsw_custom_parameter=c16a41c7-4743-4474-9cc0-204cc718bc2e
  • https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=b83ace26-fe42-4bc8-b3fd-d82479a796c6&user_group=1&ssp=fmx&bsw_param=c16a41c7-4743-4474-9cc0-204cc718bc2e
  • https://ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
43 B
3 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
//ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
Date
Wed, 07 Jun 2023 01:07:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=GxfjdTZHltIVK_yrTUyjYD5o&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
43 B
1 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Wed, 07 Jun 2023 01:07:32 GMT
server
Aorta/20230525.b9caa956e
expect
0
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
location
https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
access-control-allow-origin
*
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-aorta-region
us-east-1
x-aorta-host
d253233cf8a2
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
content-length
0
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=87&3pid=ba658bda-4254-4c02-9d25-6617f85ca7bf
43 B
2 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=87&3pid=ba658bda-4254-4c02-9d25-6617f85ca7bf
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=87&3pid=ba658bda-4254-4c02-9d25-6617f85ca7bf
date
Wed, 07 Jun 2023 01:07:32 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=85&3pid=AACa5U7I_7EAACHSRjBZpw&gdpr=0
43 B
2 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AACa5U7I_7EAACHSRjBZpw&gdpr=0
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=85&3pid=AACa5U7I_7EAACHSRjBZpw&gdpr=0
Date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D4c71c8...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D...
  • https://ce.lijit.com/merge?pid=16&3pid=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=
43 B
2 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=16&3pid=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin
*
location
https://ce.lijit.com/merge?pid=16&3pid=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=80&3pid=LIL0FQ4J-B-K8AN&gdpr=0
43 B
854 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=80&3pid=LIL0FQ4J-B-K8AN&gdpr=0
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ce.lijit.com/merge?pid=80&3pid=LIL0FQ4J-B-K8AN&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
ace9692b4e77bdf741ff63add80edaca
Expires
0
merge
ce.lijit.com/ Frame 11E8
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D92%263pid%3D%24UID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=92&3pid=7815982874283791367&gdpr=0&gdpr_consent=
43 B
858 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=92&3pid=7815982874283791367&gdpr=0&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/prebid-server/?gdpr=&gdpr_consent=&us_privacy=&url=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
af493cf1-270a-4af7-b6b2-8a700605846b
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://ce.lijit.com/merge?pid=92&3pid=7815982874283791367&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 0E00
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?id=GxfjdPZHCg0YPLD4SlG5kJLQ&ex=sovrn.com&gdpr=0&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
E8Z1G7Z0GV67RMHTPDTB
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 0E00
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
  • https://match.deepintent.com/usersync/129/store?id=&ext1=fmx&ext2=c16a41c7-4743-4474-9cc0-204cc718bc2e
  • https://x.bidswitch.net/sync?expires=720&dsp_id=422&user_id=di_1f23856a56584a64ba710&ssp=fmx&bsw_param=c16a41c7-4743-4474-9cc0-204cc718bc2e
  • https://ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
43 B
3 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location
//ce.lijit.com/merge?pid=26&3pid=c16a41c7-4743-4474-9cc0-204cc718bc2e&gdpr=&gdpr_consent=
Date
Wed, 07 Jun 2023 01:07:32 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
merge
ce.lijit.com/ Frame 0E00
Redirect Chain
  • https://um.simpli.fi/lj_match?r=1686100052112&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=2&3pid=F85E199DA9AF4AFEBDD5457935717FEC
43 B
870 B
Image
General
Full URL
https://ce.lijit.com/merge?pid=2&3pid=F85E199DA9AF4AFEBDD5457935717FEC
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://ce.lijit.com/merge?pid=2&3pid=F85E199DA9AF4AFEBDD5457935717FEC
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Tue, 06 Jun 2023 01:07:32 GMT
merge
ce.lijit.com/ Frame 0E00
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=185&cm=GxfjdPZHCg0YPLD4SlG5kJLQ&redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D84%263pid%3D%7Bvisitor_id%7D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
43 B
1 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date
Wed, 07 Jun 2023 01:07:32 GMT
server
Aorta/20230531.b476b6091
expect
0
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
location
https://ce.lijit.com/merge?pid=84&3pid=c:f21217002e595075617a00b02bb9c17a
access-control-allow-origin
*
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-aorta-region
us-east-1
x-aorta-host
fb0693f3f7ca
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
content-length
0
merge
ce.lijit.com/ Frame 0E00
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=sovrn&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/rmpssp?sub=sovrn&zcc=1&cb=1686100052213
  • https://ad.turn.com/r/cs?pid=45&rndcb=1026410282
  • https://sync.1rx.io/usersync/turn/2923935608525020492?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D97%263pid%3DRX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005
  • https://ce.lijit.com/merge?pid=97&3pid=RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005
43 B
2 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=97&3pid=RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Tengine
ETag
RX5d45bb4d48904499baef36a3b58df6ee005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://ce.lijit.com/merge?pid=97&3pid=RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005
Content-Type
text/html
Connection
keep-alive
merge
ce.lijit.com/ Frame 0E00
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=
  • https://creativecdn.com/cm-notify?pi=sovrn&gdpr=0&gdpr_consent=&tc=1
  • https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
43 B
2 KB
Image
General
Full URL
https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol
HTTP/1.1
Server
63.251.114.136 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap5ewr1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=86&3pid=c89XTBUzfWYQOX8PB30e&pi=sovrn&gdpr=0&gdpr_consent=&tc=1
pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT, Wed, 07 Jun 2023 01:07:32 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ Frame 61E1
216 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a9c7d6f24b3e74076e2ab43269fc80efa2cd53587e4f50f35216962f1c3d5cb

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
4c7b884f7ad813ab071f360126fe9457cd75ff86ccee28c672a9bc04777c9a5c

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://notepad.pw
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 07 Jun 2023 01:07:32 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
container.html
895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5E16
6 KB
3 KB
Document
General
Full URL
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306010101/pubads_impl.js?cb=31075092
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 07 Jun 2023 01:07:31 GMT
expires
Thu, 06 Jun 2024 01:07:31 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame E945
624 B
435 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CObZu_YDEKS-mI8EGLHoktsBMAE&v=APEucNWGYDr-v56KtdHBw4lJanJm7qQDRhX1aSOcf4Fb-DhOYTZW7wD1hhrktydJ7bAjMXOHK_75dE-mwN8QQC8EkKrZ5V4-Nw
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
222
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Jun 2023 01:07:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 5E16
78 KB
27 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28042
x-xss-protection
0
server
cafe
etag
3261498652431352696
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Wed, 07 Jun 2023 01:07:32 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E16
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BDqc96fKHD9MzHjuf2nbnV86mAxmxWE8-4zXBKKwOyjs6M6Tn6h_2JHMXmYiTG6vqPClTUOcwqUFN2HkDOzwRVrpmyn-5Q09rWz4xGU6FCWZoa_Lc
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E16
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7719310172483739080&x=1&ct=76
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 5E16
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/window_focus_fy2021.js
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:10:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
14208
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Jun 2023 21:10:44 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/ Frame 5E16
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230531/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:10:44 GMT
content-encoding
br
x-content-type-options
nosniff
age
14208
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7991
x-xss-protection
0
server
cafe
etag
2412543371950383451
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Jun 2023 21:10:44 GMT
l
www.google.com/ads/measurement/ Frame 5E16
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaRk2R4zwf0FpWAm8fQAEi0dqXD8WmWou4OzGyI99kTzqrPgA9iCYA90zqkjaDZKodSdVQeHqiz2okblCIcHfZUO6BnPDg
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2004 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 5E16
173 KB
54 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c61b54fb4bbf7083918be7066e50126d1a95e56ccc9be9fafd69deb50ac7424b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55245
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1685965250302189"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 Jun 2023 01:07:32 GMT
rum
dsum-sec.casalemedia.com/ Frame E945
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CObZu_YDEKS-mI8EGLHoktsBMAE&v=APEucNWGYDr-v56KtdHBw4lJanJm7qQDRhX1aSOcf4Fb-DhOYTZW7wD1hhrktydJ7bAjMXOHK_75dE-mwN8QQC8EkKrZ5V4-Nw
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame E945
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZH-YU0MnngF9U4.-BkqG6QAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
43 B
632 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CObZu_YDEKS-mI8EGLHoktsBMAE&v=APEucNWGYDr-v56KtdHBw4lJanJm7qQDRhX1aSOcf4Fb-DhOYTZW7wD1hhrktydJ7bAjMXOHK_75dE-mwN8QQC8EkKrZ5V4-Nw
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEO5cuuTmtACPdonkkDm7hAI&google_cver=1&google_hm=2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
329
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame E945
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEOLLJbdNBr9aLWjR52ZKq8o&google_cver=1
43 B
1 KB
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEOLLJbdNBr9aLWjR52ZKq8o&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CObZu_YDEKS-mI8EGLHoktsBMAE&v=APEucNWGYDr-v56KtdHBw4lJanJm7qQDRhX1aSOcf4Fb-DhOYTZW7wD1hhrktydJ7bAjMXOHK_75dE-mwN8QQC8EkKrZ5V4-Nw
Protocol
HTTP/1.1
Server
68.67.160.186 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
AN-X-Request-Uuid
135a6fb3-2b72-43bd-bb8d-f24a260642a7
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEOLLJbdNBr9aLWjR52ZKq8o&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E945
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgxNTk4Mjg3NDI4Mzc5MTM2Nw%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgxNTk4Mjg3NDI4Mzc5MTM2Nw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CObZu_YDEKS-mI8EGLHoktsBMAE&v=APEucNWGYDr-v56KtdHBw4lJanJm7qQDRhX1aSOcf4Fb-DhOYTZW7wD1hhrktydJ7bAjMXOHK_75dE-mwN8QQC8EkKrZ5V4-Nw
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Wed, 07 Jun 2023 01:07:32 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 675.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
d12f8836-dfc2-4d70-8c2c-21b774b5b96b
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgxNTk4Mjg3NDI4Mzc5MTM2Nw%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E16
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6506596592130&version=m202301230201
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E16
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6506596592130&version=m202301230201&ct=76&x=1&cor=7719310172483739000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 5E16
69 KB
31 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACjjZkW6oRnUovZP29e5tv_tz-xxasuUeUi-825AvyJlwDILeQUDPk7Ufw9f9mBgG_1_VgXHYF4z-oj5pYy7Q1itr-ng&cry=1&dbm_d=AKAmf-BayhQRpbXQSnRBCUKWp6N2DRbCcq22Yv_UQM7E7JPwLUrUfRK3YUwQr0veEc5v_YV-OBH7F9SS85kEM0ntHL7RSNbYVRghkeOcEQEVtTqqHQva8SxrC3uaMlBmTctg_mz_mhaSk7DO30WpKDxfu_hQjHSg-HOku5HESqZJ43SxRsLXHg28S8puDUafEbd2ziCbBALtj7XyH87dY7qBuSJcpouSgyAnPv-OLy6uQJx0dL_Kz4wRD2UihcF1FiYXHrXFVW_74NgpTjZxov9MtyHGXVv3TR9uewi0fqrPO6_NKH43fqZiJl1JRbBr7XzfrXEn7PQc2BrBwmmHm9ofC1ejwvRHh-WbTXxLcYq3nnxLIhdSKbOfe5p7bLnxIORRJLMGT6PfK32rg7S7Wh2XBavtfUI-7adr2DOVedCXzqsZdmtJNyZGJOWpe86qna60wli_aDFUcTF0ERXKJNsILyG9djUjFnhqgoSmjwWMljOkr70qWMLGuMpG0hhoDkZUFwN1MvIm4jt8-lni_xYSPSreHiRowetNFvjsmMrG8SQPSp_xyj-mqSWKz2PGumlo3brZilPoX_gUhsovzfQpI9UV1wInLVrbUVpGVw3QteTb03lFSp_1TvqNqJ2FeXp8Non932QqK9XDQa5OQuX08SJpIqxQ7H423BQvDCsiuKaEJTThjVUULD5F1ghuFVee44TDCkA2Umuc4QZkIwnTZnBjUvI5iIVyNp5ucMQb_dD8529TRxypa-To_Qmu-bLuZdGDq0lQvoLd5HAOD0GqDUfpCR9H1lHSe4mKOhXzDozPpC3GTvu5q30vUFHqL5JtoowsEkTYw1et8KUdZ1M92qo5_XENljASpx6IQG0fK0quLHzud_eIbTR7U8p6vGRYSHsPVl50TBH1ZaZOKqulK6F9UaLTgk1eRHRiQ8Uvs7nLI8WdF7kc0XBZlr-I0Ju-vNQQUpmc31P5sCP5EQlc7x7qPaE0mdzEDSVhSbRY31PN-SIXNGvMMbVc0b0wWRTbV-Hkiczfo7Iu8EbM8zvHbwhU3NP6FyoBpnMpEMu8xsAWXNjAYK0tnAFJMJh9nTfBtF94kA1NG1PuVZckZJNpDYwUjPUpOEmEXsGQ1lg8fb_uRAGDntZi4YROP8N3S_OyO9Dx6boUfRW8XQXBpQd9UfGRLktZmGzm2OcP4kQhJfFIS6vu6fLpRG4bthYfH0FfVm85NGsOKfkTYy7q1rU32MeYwBbj8bVVdxcQooimFlyss4HVEjD4g78KnQDFsA9olHNvylHu1_sc3bp28uIx15Hr6qH2UToi4nqAhhLUVmhPiP4fy9l8VZJbpCxFvGC1mNpVOA-YrNHPbHxqI1N5RF9rhhKGqX5x5T2kTq43SbezaiAlNkcyh6EDsIyvQN2ZQ7_YI5b_Mjdg5-Y3QbbwY7-BbDXGInCTT4tqbGNJlClQ8eVUHZRTuO0srVXiDYdBImFY4nJ3iaMmuFprxaJFKyh5PWbsGPBoOpb5kP1lIN1acbgsx8cPLaA20Z443Jb2Lvp2uJBwrMYQ-PRgbq4S6TF0-QkB59-iVaxzdrW9_LvgYdNplq8y9pRTEI7qK7Lq6RTS_vjNEBrQMVRhWyzgIn2e5k4U8ky8nU7KJYEXwCSCwSiWD5930Gyuo1kr9V07jkdcisZL8zAabTsLl6xMmFrGWas6f6IkkynZazLX776QT9QOHnRQjfxDRbXPxHn20-KEXRM0M5e8wn15uR3bygkiAOw7n8lHxE2CXfmmHfO105LFUT1QwnHm6ZUBP5_7ziBgkhE3WEketF6Rqqf2AavG2u8lq1P6iR5itFdLMKVOcf49joaLA649lXur4WkZphqNG6mXzV7vGYkSenyG1uq76OP3RsDx0ooK6A-pgQTtCU3kCrq6fQrpKlmEETq7vxkBK5l1v12coVkCqvKwpdtUNSd_vdeU2wdHuDNA7W59zb8I42vYqCvADRCukg1QeeOEba2eVDC7eJR1cDzHxVSAVjFp5ESjshXOK0vSCfRfh3dsQqziQ2mf2wmLuJ1AP9jffaDL9SwOkVZvClSin-YyndrsIrPBTUwUNP95C1pnjwrLKv4P3aLXxqrAdYCda3PR2Ktbxvi6CoyvpCJ8q3BGLJYrns9dW6XFApvHqKhaYpDmjq2PfMGTvF4zgNQ2BI247RzuPORlHcn1JzupXKUX0i4N_JQZPUDi9npZx5iTdKdM6hf6EWww1pw1Ohmg8VwEnJ4S4Q12OKxK8v17QocL74uBZ_sXknwkVnuYUb7KfTeMvaswGH88bOaXULRx6wiTd-x_OcvEvkTEUtNYpHWxrMdLHdzvcTLrOZdQo8CBOAmLV5LtkwNlFPrUHyxrLLkxC3G7MjVm9QNCIntS4yw_D16a7BqyRElBtpX6nssmK_2XN6WDR2A2MD5VPgNHH2mI5mVCNOwzO0SUfPTWakUnHMtKfk1-Zog12qgUusXj6g1ZTJrjCdE3ejXQGgY6_LELZHMPoMQLDdfAJvdfdATGmkdaiG5xqUYvMnKIBmhgHHUc2YOVFb3c3-6WnKjhja6DcnafkAbOL8cmPW5La1mUpG9WTUAitzScM6tJnnOUyYqZHs9A22PJkwOCoQT3aKA6CLNYNjB043zEbQQB5m3I0L5VLjG3Dwj2w693KilQR9mVvhw1YRdrC2b58dKvsOgm2zf2VcwAlLcrtHVZ5QqsqvXTS2lseA7Y_WBUGQQ21iEXwcs76fjkmC8Ew92OeH7Aizjbg6tJ0LNIrhLKA_SAzm9f6mykRqe0PTZ3XoTNx0uk9vaX58_K-T6K8tr6YuNVuX2gJPu277tpfLVZPtHjui9hCFddZaEB-Snfjoxf7lLQqFFdyvBX9NMusUHHvYUKCwuHqYpjL7qWcE1ju8hCjwHzhyJK-y0SBvCD9cJcH_dub8oYdNekGHuGRhGG3iXDRoVC29OlkXX_HWp2BBoYT3P4UPWraQrob4jePW03l7e5LvpMXPU3-usjrBegREgxRU7kioYujgRmWMf4_v_GlPl5QvEkThYpTHibGo-pQGE2nFARwRtB1RQ5kTrhV9OJ6I5r2wyCNGUglaxOlFZXrjEoUOGRx3JiJAhHzp2KUitSDEWsEkw2aVKBUWR1m3m4QLtcYBFocGi69bLfp5jnHKlzNzqYwIcWSfVrbbf6kwHMz6TIRySAA1QoDmnZkR13oN1ZEnfLtKsUJ4eniqpRiz3xHC6x0LlQDiUUZ4glltJhiiS_IyomWlj8ZXSuuSzr46rXNRJ0q5hB7Iw8B2TW-8kdGagMtyzsCSAfz9Vm6yQwEq28utAh7IWXYmEZAOXWdezqNsyeufjqK5EAh0pFIjLlp9i3J9ZWY5c9MoYhSOmFoH8&cid=CAQSPABygQiD3kymIc3CGtogRB_8oNHMrm2Spcr5wUMXq47vu19pZaRrXFqoSi097iOv1rVp3Arg1VnnFn1iZxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnotepad.pw%2F&ds=l&xdt=1&iif=1&cor=7719310172483739000&adk=943508955&idt=63&cac=0&dtd=88
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
cf5c3facd1801fbc01714ccac981a1a8c9e4aa81d2e3270bbf4313c8bbf90983
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31899
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/ Frame 5E16
29 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACjjZkW6oRnUovZP29e5tv_tz-xxasuUeUi-825AvyJlwDILeQUDPk7Ufw9f9mBgG_1_VgXHYF4z-oj5pYy7Q1itr-ng&cry=1&dbm_d=AKAmf-BayhQRpbXQSnRBCUKWp6N2DRbCcq22Yv_UQM7E7JPwLUrUfRK3YUwQr0veEc5v_YV-OBH7F9SS85kEM0ntHL7RSNbYVRghkeOcEQEVtTqqHQva8SxrC3uaMlBmTctg_mz_mhaSk7DO30WpKDxfu_hQjHSg-HOku5HESqZJ43SxRsLXHg28S8puDUafEbd2ziCbBALtj7XyH87dY7qBuSJcpouSgyAnPv-OLy6uQJx0dL_Kz4wRD2UihcF1FiYXHrXFVW_74NgpTjZxov9MtyHGXVv3TR9uewi0fqrPO6_NKH43fqZiJl1JRbBr7XzfrXEn7PQc2BrBwmmHm9ofC1ejwvRHh-WbTXxLcYq3nnxLIhdSKbOfe5p7bLnxIORRJLMGT6PfK32rg7S7Wh2XBavtfUI-7adr2DOVedCXzqsZdmtJNyZGJOWpe86qna60wli_aDFUcTF0ERXKJNsILyG9djUjFnhqgoSmjwWMljOkr70qWMLGuMpG0hhoDkZUFwN1MvIm4jt8-lni_xYSPSreHiRowetNFvjsmMrG8SQPSp_xyj-mqSWKz2PGumlo3brZilPoX_gUhsovzfQpI9UV1wInLVrbUVpGVw3QteTb03lFSp_1TvqNqJ2FeXp8Non932QqK9XDQa5OQuX08SJpIqxQ7H423BQvDCsiuKaEJTThjVUULD5F1ghuFVee44TDCkA2Umuc4QZkIwnTZnBjUvI5iIVyNp5ucMQb_dD8529TRxypa-To_Qmu-bLuZdGDq0lQvoLd5HAOD0GqDUfpCR9H1lHSe4mKOhXzDozPpC3GTvu5q30vUFHqL5JtoowsEkTYw1et8KUdZ1M92qo5_XENljASpx6IQG0fK0quLHzud_eIbTR7U8p6vGRYSHsPVl50TBH1ZaZOKqulK6F9UaLTgk1eRHRiQ8Uvs7nLI8WdF7kc0XBZlr-I0Ju-vNQQUpmc31P5sCP5EQlc7x7qPaE0mdzEDSVhSbRY31PN-SIXNGvMMbVc0b0wWRTbV-Hkiczfo7Iu8EbM8zvHbwhU3NP6FyoBpnMpEMu8xsAWXNjAYK0tnAFJMJh9nTfBtF94kA1NG1PuVZckZJNpDYwUjPUpOEmEXsGQ1lg8fb_uRAGDntZi4YROP8N3S_OyO9Dx6boUfRW8XQXBpQd9UfGRLktZmGzm2OcP4kQhJfFIS6vu6fLpRG4bthYfH0FfVm85NGsOKfkTYy7q1rU32MeYwBbj8bVVdxcQooimFlyss4HVEjD4g78KnQDFsA9olHNvylHu1_sc3bp28uIx15Hr6qH2UToi4nqAhhLUVmhPiP4fy9l8VZJbpCxFvGC1mNpVOA-YrNHPbHxqI1N5RF9rhhKGqX5x5T2kTq43SbezaiAlNkcyh6EDsIyvQN2ZQ7_YI5b_Mjdg5-Y3QbbwY7-BbDXGInCTT4tqbGNJlClQ8eVUHZRTuO0srVXiDYdBImFY4nJ3iaMmuFprxaJFKyh5PWbsGPBoOpb5kP1lIN1acbgsx8cPLaA20Z443Jb2Lvp2uJBwrMYQ-PRgbq4S6TF0-QkB59-iVaxzdrW9_LvgYdNplq8y9pRTEI7qK7Lq6RTS_vjNEBrQMVRhWyzgIn2e5k4U8ky8nU7KJYEXwCSCwSiWD5930Gyuo1kr9V07jkdcisZL8zAabTsLl6xMmFrGWas6f6IkkynZazLX776QT9QOHnRQjfxDRbXPxHn20-KEXRM0M5e8wn15uR3bygkiAOw7n8lHxE2CXfmmHfO105LFUT1QwnHm6ZUBP5_7ziBgkhE3WEketF6Rqqf2AavG2u8lq1P6iR5itFdLMKVOcf49joaLA649lXur4WkZphqNG6mXzV7vGYkSenyG1uq76OP3RsDx0ooK6A-pgQTtCU3kCrq6fQrpKlmEETq7vxkBK5l1v12coVkCqvKwpdtUNSd_vdeU2wdHuDNA7W59zb8I42vYqCvADRCukg1QeeOEba2eVDC7eJR1cDzHxVSAVjFp5ESjshXOK0vSCfRfh3dsQqziQ2mf2wmLuJ1AP9jffaDL9SwOkVZvClSin-YyndrsIrPBTUwUNP95C1pnjwrLKv4P3aLXxqrAdYCda3PR2Ktbxvi6CoyvpCJ8q3BGLJYrns9dW6XFApvHqKhaYpDmjq2PfMGTvF4zgNQ2BI247RzuPORlHcn1JzupXKUX0i4N_JQZPUDi9npZx5iTdKdM6hf6EWww1pw1Ohmg8VwEnJ4S4Q12OKxK8v17QocL74uBZ_sXknwkVnuYUb7KfTeMvaswGH88bOaXULRx6wiTd-x_OcvEvkTEUtNYpHWxrMdLHdzvcTLrOZdQo8CBOAmLV5LtkwNlFPrUHyxrLLkxC3G7MjVm9QNCIntS4yw_D16a7BqyRElBtpX6nssmK_2XN6WDR2A2MD5VPgNHH2mI5mVCNOwzO0SUfPTWakUnHMtKfk1-Zog12qgUusXj6g1ZTJrjCdE3ejXQGgY6_LELZHMPoMQLDdfAJvdfdATGmkdaiG5xqUYvMnKIBmhgHHUc2YOVFb3c3-6WnKjhja6DcnafkAbOL8cmPW5La1mUpG9WTUAitzScM6tJnnOUyYqZHs9A22PJkwOCoQT3aKA6CLNYNjB043zEbQQB5m3I0L5VLjG3Dwj2w693KilQR9mVvhw1YRdrC2b58dKvsOgm2zf2VcwAlLcrtHVZ5QqsqvXTS2lseA7Y_WBUGQQ21iEXwcs76fjkmC8Ew92OeH7Aizjbg6tJ0LNIrhLKA_SAzm9f6mykRqe0PTZ3XoTNx0uk9vaX58_K-T6K8tr6YuNVuX2gJPu277tpfLVZPtHjui9hCFddZaEB-Snfjoxf7lLQqFFdyvBX9NMusUHHvYUKCwuHqYpjL7qWcE1ju8hCjwHzhyJK-y0SBvCD9cJcH_dub8oYdNekGHuGRhGG3iXDRoVC29OlkXX_HWp2BBoYT3P4UPWraQrob4jePW03l7e5LvpMXPU3-usjrBegREgxRU7kioYujgRmWMf4_v_GlPl5QvEkThYpTHibGo-pQGE2nFARwRtB1RQ5kTrhV9OJ6I5r2wyCNGUglaxOlFZXrjEoUOGRx3JiJAhHzp2KUitSDEWsEkw2aVKBUWR1m3m4QLtcYBFocGi69bLfp5jnHKlzNzqYwIcWSfVrbbf6kwHMz6TIRySAA1QoDmnZkR13oN1ZEnfLtKsUJ4eniqpRiz3xHC6x0LlQDiUUZ4glltJhiiS_IyomWlj8ZXSuuSzr46rXNRJ0q5hB7Iw8B2TW-8kdGagMtyzsCSAfz9Vm6yQwEq28utAh7IWXYmEZAOXWdezqNsyeufjqK5EAh0pFIjLlp9i3J9ZWY5c9MoYhSOmFoH8&cid=CAQSPABygQiD3kymIc3CGtogRB_8oNHMrm2Spcr5wUMXq47vu19pZaRrXFqoSi097iOv1rVp3Arg1VnnFn1iZxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnotepad.pw%2F&ds=l&xdt=1&iif=1&cor=7719310172483739000&adk=943508955&idt=63&cac=0&dtd=88
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a91fca903f7f2a3d051f657b5b25baed4e99b6c1e51bfee63737f73ff54f2b7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 09:24:08 GMT
content-encoding
br
x-content-type-options
nosniff
age
56604
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11027
x-xss-protection
0
server
cafe
etag
5492578185836041520
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Jun 2023 09:24:08 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/ Frame 5E16
11 KB
4 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20230531/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACjjZkW6oRnUovZP29e5tv_tz-xxasuUeUi-825AvyJlwDILeQUDPk7Ufw9f9mBgG_1_VgXHYF4z-oj5pYy7Q1itr-ng&cry=1&dbm_d=AKAmf-BayhQRpbXQSnRBCUKWp6N2DRbCcq22Yv_UQM7E7JPwLUrUfRK3YUwQr0veEc5v_YV-OBH7F9SS85kEM0ntHL7RSNbYVRghkeOcEQEVtTqqHQva8SxrC3uaMlBmTctg_mz_mhaSk7DO30WpKDxfu_hQjHSg-HOku5HESqZJ43SxRsLXHg28S8puDUafEbd2ziCbBALtj7XyH87dY7qBuSJcpouSgyAnPv-OLy6uQJx0dL_Kz4wRD2UihcF1FiYXHrXFVW_74NgpTjZxov9MtyHGXVv3TR9uewi0fqrPO6_NKH43fqZiJl1JRbBr7XzfrXEn7PQc2BrBwmmHm9ofC1ejwvRHh-WbTXxLcYq3nnxLIhdSKbOfe5p7bLnxIORRJLMGT6PfK32rg7S7Wh2XBavtfUI-7adr2DOVedCXzqsZdmtJNyZGJOWpe86qna60wli_aDFUcTF0ERXKJNsILyG9djUjFnhqgoSmjwWMljOkr70qWMLGuMpG0hhoDkZUFwN1MvIm4jt8-lni_xYSPSreHiRowetNFvjsmMrG8SQPSp_xyj-mqSWKz2PGumlo3brZilPoX_gUhsovzfQpI9UV1wInLVrbUVpGVw3QteTb03lFSp_1TvqNqJ2FeXp8Non932QqK9XDQa5OQuX08SJpIqxQ7H423BQvDCsiuKaEJTThjVUULD5F1ghuFVee44TDCkA2Umuc4QZkIwnTZnBjUvI5iIVyNp5ucMQb_dD8529TRxypa-To_Qmu-bLuZdGDq0lQvoLd5HAOD0GqDUfpCR9H1lHSe4mKOhXzDozPpC3GTvu5q30vUFHqL5JtoowsEkTYw1et8KUdZ1M92qo5_XENljASpx6IQG0fK0quLHzud_eIbTR7U8p6vGRYSHsPVl50TBH1ZaZOKqulK6F9UaLTgk1eRHRiQ8Uvs7nLI8WdF7kc0XBZlr-I0Ju-vNQQUpmc31P5sCP5EQlc7x7qPaE0mdzEDSVhSbRY31PN-SIXNGvMMbVc0b0wWRTbV-Hkiczfo7Iu8EbM8zvHbwhU3NP6FyoBpnMpEMu8xsAWXNjAYK0tnAFJMJh9nTfBtF94kA1NG1PuVZckZJNpDYwUjPUpOEmEXsGQ1lg8fb_uRAGDntZi4YROP8N3S_OyO9Dx6boUfRW8XQXBpQd9UfGRLktZmGzm2OcP4kQhJfFIS6vu6fLpRG4bthYfH0FfVm85NGsOKfkTYy7q1rU32MeYwBbj8bVVdxcQooimFlyss4HVEjD4g78KnQDFsA9olHNvylHu1_sc3bp28uIx15Hr6qH2UToi4nqAhhLUVmhPiP4fy9l8VZJbpCxFvGC1mNpVOA-YrNHPbHxqI1N5RF9rhhKGqX5x5T2kTq43SbezaiAlNkcyh6EDsIyvQN2ZQ7_YI5b_Mjdg5-Y3QbbwY7-BbDXGInCTT4tqbGNJlClQ8eVUHZRTuO0srVXiDYdBImFY4nJ3iaMmuFprxaJFKyh5PWbsGPBoOpb5kP1lIN1acbgsx8cPLaA20Z443Jb2Lvp2uJBwrMYQ-PRgbq4S6TF0-QkB59-iVaxzdrW9_LvgYdNplq8y9pRTEI7qK7Lq6RTS_vjNEBrQMVRhWyzgIn2e5k4U8ky8nU7KJYEXwCSCwSiWD5930Gyuo1kr9V07jkdcisZL8zAabTsLl6xMmFrGWas6f6IkkynZazLX776QT9QOHnRQjfxDRbXPxHn20-KEXRM0M5e8wn15uR3bygkiAOw7n8lHxE2CXfmmHfO105LFUT1QwnHm6ZUBP5_7ziBgkhE3WEketF6Rqqf2AavG2u8lq1P6iR5itFdLMKVOcf49joaLA649lXur4WkZphqNG6mXzV7vGYkSenyG1uq76OP3RsDx0ooK6A-pgQTtCU3kCrq6fQrpKlmEETq7vxkBK5l1v12coVkCqvKwpdtUNSd_vdeU2wdHuDNA7W59zb8I42vYqCvADRCukg1QeeOEba2eVDC7eJR1cDzHxVSAVjFp5ESjshXOK0vSCfRfh3dsQqziQ2mf2wmLuJ1AP9jffaDL9SwOkVZvClSin-YyndrsIrPBTUwUNP95C1pnjwrLKv4P3aLXxqrAdYCda3PR2Ktbxvi6CoyvpCJ8q3BGLJYrns9dW6XFApvHqKhaYpDmjq2PfMGTvF4zgNQ2BI247RzuPORlHcn1JzupXKUX0i4N_JQZPUDi9npZx5iTdKdM6hf6EWww1pw1Ohmg8VwEnJ4S4Q12OKxK8v17QocL74uBZ_sXknwkVnuYUb7KfTeMvaswGH88bOaXULRx6wiTd-x_OcvEvkTEUtNYpHWxrMdLHdzvcTLrOZdQo8CBOAmLV5LtkwNlFPrUHyxrLLkxC3G7MjVm9QNCIntS4yw_D16a7BqyRElBtpX6nssmK_2XN6WDR2A2MD5VPgNHH2mI5mVCNOwzO0SUfPTWakUnHMtKfk1-Zog12qgUusXj6g1ZTJrjCdE3ejXQGgY6_LELZHMPoMQLDdfAJvdfdATGmkdaiG5xqUYvMnKIBmhgHHUc2YOVFb3c3-6WnKjhja6DcnafkAbOL8cmPW5La1mUpG9WTUAitzScM6tJnnOUyYqZHs9A22PJkwOCoQT3aKA6CLNYNjB043zEbQQB5m3I0L5VLjG3Dwj2w693KilQR9mVvhw1YRdrC2b58dKvsOgm2zf2VcwAlLcrtHVZ5QqsqvXTS2lseA7Y_WBUGQQ21iEXwcs76fjkmC8Ew92OeH7Aizjbg6tJ0LNIrhLKA_SAzm9f6mykRqe0PTZ3XoTNx0uk9vaX58_K-T6K8tr6YuNVuX2gJPu277tpfLVZPtHjui9hCFddZaEB-Snfjoxf7lLQqFFdyvBX9NMusUHHvYUKCwuHqYpjL7qWcE1ju8hCjwHzhyJK-y0SBvCD9cJcH_dub8oYdNekGHuGRhGG3iXDRoVC29OlkXX_HWp2BBoYT3P4UPWraQrob4jePW03l7e5LvpMXPU3-usjrBegREgxRU7kioYujgRmWMf4_v_GlPl5QvEkThYpTHibGo-pQGE2nFARwRtB1RQ5kTrhV9OJ6I5r2wyCNGUglaxOlFZXrjEoUOGRx3JiJAhHzp2KUitSDEWsEkw2aVKBUWR1m3m4QLtcYBFocGi69bLfp5jnHKlzNzqYwIcWSfVrbbf6kwHMz6TIRySAA1QoDmnZkR13oN1ZEnfLtKsUJ4eniqpRiz3xHC6x0LlQDiUUZ4glltJhiiS_IyomWlj8ZXSuuSzr46rXNRJ0q5hB7Iw8B2TW-8kdGagMtyzsCSAfz9Vm6yQwEq28utAh7IWXYmEZAOXWdezqNsyeufjqK5EAh0pFIjLlp9i3J9ZWY5c9MoYhSOmFoH8&cid=CAQSPABygQiD3kymIc3CGtogRB_8oNHMrm2Spcr5wUMXq47vu19pZaRrXFqoSi097iOv1rVp3Arg1VnnFn1iZxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnotepad.pw%2F&ds=l&xdt=1&iif=1&cor=7719310172483739000&adk=943508955&idt=63&cac=0&dtd=88
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ae8017866a6744d35f26aa9da389e9771d40bcae3ee65df4c1b5e16e57b09fda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:19:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
13689
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4172
x-xss-protection
0
server
cafe
etag
6053914914909336730
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Jun 2023 21:19:23 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 5E16
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss03eA0wFVFrUFE_x9jHXXk2yJVqR1de1X-KqhpRFWImqwx6L0J84DNjwwMqYddR1m6IzpEPEp0LeuD7pBSITp_daIvkEe4CGjonKIiKmFyrGLiQiZbdK2vTvQlGC7DiuIph_0XUoYOSPLpuDqVkUS4_SvEVwXC3SKlrPySSRu9LUIaFGh-AgyCaZejKyPymH8QYVD6V6Hy18opKfOk6wD11UBDzz-UqBhXAhh3h0jc1w6Q8T4RbAOvcyAbOzvZ83oGgvVzwOFD9gIbMCdpejQGh3GcRs1qCmedpIkcvYuvGOGuTSIpKg6KosqANqfi_mPiKetSbzqABTxc0dojp2U3gk9FMvty769r4Lx7qBGjyjJJAceG6lYwAgEeR0gKVuQmFY7I_Guk4zyM5lp-C4eFmPIdotmYbabQhxo0cQEasexO8jfGmUCpELaSpTURVdX3DicJpyGX2EHukqA-hEe8R1Jq-W7WWTbNHqkgLsi7z_Sda2395PRMgJzqBzVALJvg09FdkmXDro1av9jD9mbVxQid-ovarC4v3FKDvS5OhGW6ODCVwl_OHsHvnl3Ohf4tE5CdV-gd1kySVp2O8_VRk2mVGq6hKYi_M5KrH_vo8YpvB-J8CG2Jn7ZIU5PC8c3oZuR5abiOqnyScDyNKvIia1YNYTtbKTEgEjAu_5a3fBnxicK2PlHz6CdOfUPBsiQa6lWzRG6IyJRHHUMdZeTluC3yuNDgxBpN04nzP8nRes0FnI_-CMSbSy1GEf8lUzwN5vJJGPHY3i5913G3peumbpZyPsOCZXGquSdxd91IHQ7BOtIUU8vrBwT7MnY68Qg3twkACDNcxRgWnmdUx-ZlDRH0y7c5-SrlQEIAyQSq7PCVJ7f9l1tG1YH5bzH0GkHieedXSYDQ_raBde5FkLJVlS2erzag1asPL_4AR9ZHkzo-t24Nh7JQOyCxgnFhpBy30mSgIENHFy3opyi7LD8Suhk71Ae_tol8PrxI8iiJxN6pE7_fAwlsmJ1iz0q1CY5FhUnppb_j3biTpeEVq8v5st-sPawmVjYZKjZTXH-y8hb1QW2-Y3SN_9lvx8t5Ctov6NVyYg8PX6GVdpnCAIQv4D7c7tqu-c9DPga_H4d6k7_ArNYxv09uCyxMaqr66nGRgrUkXMwnFaNA_KPuIeS38MPTNT0aTLJtA8IQv534xm8a96JCgXwsAJ__Fyg3MqtpVnmk5kwcXR659T4i4bN72XXqMmc_GdQ&sai=AMfl-YThbV8NzKoAjdCK8FeYVoCuLcgf_Cfrhdvajm9YQXA76T1RbbedkBn2xlCMcDjmvPf4QL2eb__pkU4w9CvVy4FqeKEvKeWOV3s32eL61FMVjytZ-T1FtjNJpD13kg-WQlYmqgG4dY_vbiOnGPgLw4PUPmW2pvTzRpCdc2uMnzxkRqj2-urFKblTVynBzqOb4uYOIrq6_2DzzCj6yTcMBoHCDgxzNl6KjybmElPCw8FCg1Ip6koEoeXkgDtGVN1kGcq4XAQ&sig=Cg0ArKJSzCO3-2tYtLDpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230531.41318&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACjjZkW6oRnUovZP29e5tv_tz-xxasuUeUi-825AvyJlwDILeQUDPk7Ufw9f9mBgG_1_VgXHYF4z-oj5pYy7Q1itr-ng&cry=1&dbm_d=AKAmf-BayhQRpbXQSnRBCUKWp6N2DRbCcq22Yv_UQM7E7JPwLUrUfRK3YUwQr0veEc5v_YV-OBH7F9SS85kEM0ntHL7RSNbYVRghkeOcEQEVtTqqHQva8SxrC3uaMlBmTctg_mz_mhaSk7DO30WpKDxfu_hQjHSg-HOku5HESqZJ43SxRsLXHg28S8puDUafEbd2ziCbBALtj7XyH87dY7qBuSJcpouSgyAnPv-OLy6uQJx0dL_Kz4wRD2UihcF1FiYXHrXFVW_74NgpTjZxov9MtyHGXVv3TR9uewi0fqrPO6_NKH43fqZiJl1JRbBr7XzfrXEn7PQc2BrBwmmHm9ofC1ejwvRHh-WbTXxLcYq3nnxLIhdSKbOfe5p7bLnxIORRJLMGT6PfK32rg7S7Wh2XBavtfUI-7adr2DOVedCXzqsZdmtJNyZGJOWpe86qna60wli_aDFUcTF0ERXKJNsILyG9djUjFnhqgoSmjwWMljOkr70qWMLGuMpG0hhoDkZUFwN1MvIm4jt8-lni_xYSPSreHiRowetNFvjsmMrG8SQPSp_xyj-mqSWKz2PGumlo3brZilPoX_gUhsovzfQpI9UV1wInLVrbUVpGVw3QteTb03lFSp_1TvqNqJ2FeXp8Non932QqK9XDQa5OQuX08SJpIqxQ7H423BQvDCsiuKaEJTThjVUULD5F1ghuFVee44TDCkA2Umuc4QZkIwnTZnBjUvI5iIVyNp5ucMQb_dD8529TRxypa-To_Qmu-bLuZdGDq0lQvoLd5HAOD0GqDUfpCR9H1lHSe4mKOhXzDozPpC3GTvu5q30vUFHqL5JtoowsEkTYw1et8KUdZ1M92qo5_XENljASpx6IQG0fK0quLHzud_eIbTR7U8p6vGRYSHsPVl50TBH1ZaZOKqulK6F9UaLTgk1eRHRiQ8Uvs7nLI8WdF7kc0XBZlr-I0Ju-vNQQUpmc31P5sCP5EQlc7x7qPaE0mdzEDSVhSbRY31PN-SIXNGvMMbVc0b0wWRTbV-Hkiczfo7Iu8EbM8zvHbwhU3NP6FyoBpnMpEMu8xsAWXNjAYK0tnAFJMJh9nTfBtF94kA1NG1PuVZckZJNpDYwUjPUpOEmEXsGQ1lg8fb_uRAGDntZi4YROP8N3S_OyO9Dx6boUfRW8XQXBpQd9UfGRLktZmGzm2OcP4kQhJfFIS6vu6fLpRG4bthYfH0FfVm85NGsOKfkTYy7q1rU32MeYwBbj8bVVdxcQooimFlyss4HVEjD4g78KnQDFsA9olHNvylHu1_sc3bp28uIx15Hr6qH2UToi4nqAhhLUVmhPiP4fy9l8VZJbpCxFvGC1mNpVOA-YrNHPbHxqI1N5RF9rhhKGqX5x5T2kTq43SbezaiAlNkcyh6EDsIyvQN2ZQ7_YI5b_Mjdg5-Y3QbbwY7-BbDXGInCTT4tqbGNJlClQ8eVUHZRTuO0srVXiDYdBImFY4nJ3iaMmuFprxaJFKyh5PWbsGPBoOpb5kP1lIN1acbgsx8cPLaA20Z443Jb2Lvp2uJBwrMYQ-PRgbq4S6TF0-QkB59-iVaxzdrW9_LvgYdNplq8y9pRTEI7qK7Lq6RTS_vjNEBrQMVRhWyzgIn2e5k4U8ky8nU7KJYEXwCSCwSiWD5930Gyuo1kr9V07jkdcisZL8zAabTsLl6xMmFrGWas6f6IkkynZazLX776QT9QOHnRQjfxDRbXPxHn20-KEXRM0M5e8wn15uR3bygkiAOw7n8lHxE2CXfmmHfO105LFUT1QwnHm6ZUBP5_7ziBgkhE3WEketF6Rqqf2AavG2u8lq1P6iR5itFdLMKVOcf49joaLA649lXur4WkZphqNG6mXzV7vGYkSenyG1uq76OP3RsDx0ooK6A-pgQTtCU3kCrq6fQrpKlmEETq7vxkBK5l1v12coVkCqvKwpdtUNSd_vdeU2wdHuDNA7W59zb8I42vYqCvADRCukg1QeeOEba2eVDC7eJR1cDzHxVSAVjFp5ESjshXOK0vSCfRfh3dsQqziQ2mf2wmLuJ1AP9jffaDL9SwOkVZvClSin-YyndrsIrPBTUwUNP95C1pnjwrLKv4P3aLXxqrAdYCda3PR2Ktbxvi6CoyvpCJ8q3BGLJYrns9dW6XFApvHqKhaYpDmjq2PfMGTvF4zgNQ2BI247RzuPORlHcn1JzupXKUX0i4N_JQZPUDi9npZx5iTdKdM6hf6EWww1pw1Ohmg8VwEnJ4S4Q12OKxK8v17QocL74uBZ_sXknwkVnuYUb7KfTeMvaswGH88bOaXULRx6wiTd-x_OcvEvkTEUtNYpHWxrMdLHdzvcTLrOZdQo8CBOAmLV5LtkwNlFPrUHyxrLLkxC3G7MjVm9QNCIntS4yw_D16a7BqyRElBtpX6nssmK_2XN6WDR2A2MD5VPgNHH2mI5mVCNOwzO0SUfPTWakUnHMtKfk1-Zog12qgUusXj6g1ZTJrjCdE3ejXQGgY6_LELZHMPoMQLDdfAJvdfdATGmkdaiG5xqUYvMnKIBmhgHHUc2YOVFb3c3-6WnKjhja6DcnafkAbOL8cmPW5La1mUpG9WTUAitzScM6tJnnOUyYqZHs9A22PJkwOCoQT3aKA6CLNYNjB043zEbQQB5m3I0L5VLjG3Dwj2w693KilQR9mVvhw1YRdrC2b58dKvsOgm2zf2VcwAlLcrtHVZ5QqsqvXTS2lseA7Y_WBUGQQ21iEXwcs76fjkmC8Ew92OeH7Aizjbg6tJ0LNIrhLKA_SAzm9f6mykRqe0PTZ3XoTNx0uk9vaX58_K-T6K8tr6YuNVuX2gJPu277tpfLVZPtHjui9hCFddZaEB-Snfjoxf7lLQqFFdyvBX9NMusUHHvYUKCwuHqYpjL7qWcE1ju8hCjwHzhyJK-y0SBvCD9cJcH_dub8oYdNekGHuGRhGG3iXDRoVC29OlkXX_HWp2BBoYT3P4UPWraQrob4jePW03l7e5LvpMXPU3-usjrBegREgxRU7kioYujgRmWMf4_v_GlPl5QvEkThYpTHibGo-pQGE2nFARwRtB1RQ5kTrhV9OJ6I5r2wyCNGUglaxOlFZXrjEoUOGRx3JiJAhHzp2KUitSDEWsEkw2aVKBUWR1m3m4QLtcYBFocGi69bLfp5jnHKlzNzqYwIcWSfVrbbf6kwHMz6TIRySAA1QoDmnZkR13oN1ZEnfLtKsUJ4eniqpRiz3xHC6x0LlQDiUUZ4glltJhiiS_IyomWlj8ZXSuuSzr46rXNRJ0q5hB7Iw8B2TW-8kdGagMtyzsCSAfz9Vm6yQwEq28utAh7IWXYmEZAOXWdezqNsyeufjqK5EAh0pFIjLlp9i3J9ZWY5c9MoYhSOmFoH8&cid=CAQSPABygQiD3kymIc3CGtogRB_8oNHMrm2Spcr5wUMXq47vu19pZaRrXFqoSi097iOv1rVp3Arg1VnnFn1iZxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnotepad.pw%2F&ds=l&xdt=1&iif=1&cor=7719310172483739000&adk=943508955&idt=63&cac=0&dtd=88
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 07 Jun 2023 01:07:32 GMT
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
cache-control
private
access-control-allow-credentials
true
timing-allow-origin
*
expires
Wed, 07 Jun 2023 01:07:32 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 5E16
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACjjZkW6oRnUovZP29e5tv_tz-xxasuUeUi-825AvyJlwDILeQUDPk7Ufw9f9mBgG_1_VgXHYF4z-oj5pYy7Q1itr-ng&cry=1&dbm_d=AKAmf-BayhQRpbXQSnRBCUKWp6N2DRbCcq22Yv_UQM7E7JPwLUrUfRK3YUwQr0veEc5v_YV-OBH7F9SS85kEM0ntHL7RSNbYVRghkeOcEQEVtTqqHQva8SxrC3uaMlBmTctg_mz_mhaSk7DO30WpKDxfu_hQjHSg-HOku5HESqZJ43SxRsLXHg28S8puDUafEbd2ziCbBALtj7XyH87dY7qBuSJcpouSgyAnPv-OLy6uQJx0dL_Kz4wRD2UihcF1FiYXHrXFVW_74NgpTjZxov9MtyHGXVv3TR9uewi0fqrPO6_NKH43fqZiJl1JRbBr7XzfrXEn7PQc2BrBwmmHm9ofC1ejwvRHh-WbTXxLcYq3nnxLIhdSKbOfe5p7bLnxIORRJLMGT6PfK32rg7S7Wh2XBavtfUI-7adr2DOVedCXzqsZdmtJNyZGJOWpe86qna60wli_aDFUcTF0ERXKJNsILyG9djUjFnhqgoSmjwWMljOkr70qWMLGuMpG0hhoDkZUFwN1MvIm4jt8-lni_xYSPSreHiRowetNFvjsmMrG8SQPSp_xyj-mqSWKz2PGumlo3brZilPoX_gUhsovzfQpI9UV1wInLVrbUVpGVw3QteTb03lFSp_1TvqNqJ2FeXp8Non932QqK9XDQa5OQuX08SJpIqxQ7H423BQvDCsiuKaEJTThjVUULD5F1ghuFVee44TDCkA2Umuc4QZkIwnTZnBjUvI5iIVyNp5ucMQb_dD8529TRxypa-To_Qmu-bLuZdGDq0lQvoLd5HAOD0GqDUfpCR9H1lHSe4mKOhXzDozPpC3GTvu5q30vUFHqL5JtoowsEkTYw1et8KUdZ1M92qo5_XENljASpx6IQG0fK0quLHzud_eIbTR7U8p6vGRYSHsPVl50TBH1ZaZOKqulK6F9UaLTgk1eRHRiQ8Uvs7nLI8WdF7kc0XBZlr-I0Ju-vNQQUpmc31P5sCP5EQlc7x7qPaE0mdzEDSVhSbRY31PN-SIXNGvMMbVc0b0wWRTbV-Hkiczfo7Iu8EbM8zvHbwhU3NP6FyoBpnMpEMu8xsAWXNjAYK0tnAFJMJh9nTfBtF94kA1NG1PuVZckZJNpDYwUjPUpOEmEXsGQ1lg8fb_uRAGDntZi4YROP8N3S_OyO9Dx6boUfRW8XQXBpQd9UfGRLktZmGzm2OcP4kQhJfFIS6vu6fLpRG4bthYfH0FfVm85NGsOKfkTYy7q1rU32MeYwBbj8bVVdxcQooimFlyss4HVEjD4g78KnQDFsA9olHNvylHu1_sc3bp28uIx15Hr6qH2UToi4nqAhhLUVmhPiP4fy9l8VZJbpCxFvGC1mNpVOA-YrNHPbHxqI1N5RF9rhhKGqX5x5T2kTq43SbezaiAlNkcyh6EDsIyvQN2ZQ7_YI5b_Mjdg5-Y3QbbwY7-BbDXGInCTT4tqbGNJlClQ8eVUHZRTuO0srVXiDYdBImFY4nJ3iaMmuFprxaJFKyh5PWbsGPBoOpb5kP1lIN1acbgsx8cPLaA20Z443Jb2Lvp2uJBwrMYQ-PRgbq4S6TF0-QkB59-iVaxzdrW9_LvgYdNplq8y9pRTEI7qK7Lq6RTS_vjNEBrQMVRhWyzgIn2e5k4U8ky8nU7KJYEXwCSCwSiWD5930Gyuo1kr9V07jkdcisZL8zAabTsLl6xMmFrGWas6f6IkkynZazLX776QT9QOHnRQjfxDRbXPxHn20-KEXRM0M5e8wn15uR3bygkiAOw7n8lHxE2CXfmmHfO105LFUT1QwnHm6ZUBP5_7ziBgkhE3WEketF6Rqqf2AavG2u8lq1P6iR5itFdLMKVOcf49joaLA649lXur4WkZphqNG6mXzV7vGYkSenyG1uq76OP3RsDx0ooK6A-pgQTtCU3kCrq6fQrpKlmEETq7vxkBK5l1v12coVkCqvKwpdtUNSd_vdeU2wdHuDNA7W59zb8I42vYqCvADRCukg1QeeOEba2eVDC7eJR1cDzHxVSAVjFp5ESjshXOK0vSCfRfh3dsQqziQ2mf2wmLuJ1AP9jffaDL9SwOkVZvClSin-YyndrsIrPBTUwUNP95C1pnjwrLKv4P3aLXxqrAdYCda3PR2Ktbxvi6CoyvpCJ8q3BGLJYrns9dW6XFApvHqKhaYpDmjq2PfMGTvF4zgNQ2BI247RzuPORlHcn1JzupXKUX0i4N_JQZPUDi9npZx5iTdKdM6hf6EWww1pw1Ohmg8VwEnJ4S4Q12OKxK8v17QocL74uBZ_sXknwkVnuYUb7KfTeMvaswGH88bOaXULRx6wiTd-x_OcvEvkTEUtNYpHWxrMdLHdzvcTLrOZdQo8CBOAmLV5LtkwNlFPrUHyxrLLkxC3G7MjVm9QNCIntS4yw_D16a7BqyRElBtpX6nssmK_2XN6WDR2A2MD5VPgNHH2mI5mVCNOwzO0SUfPTWakUnHMtKfk1-Zog12qgUusXj6g1ZTJrjCdE3ejXQGgY6_LELZHMPoMQLDdfAJvdfdATGmkdaiG5xqUYvMnKIBmhgHHUc2YOVFb3c3-6WnKjhja6DcnafkAbOL8cmPW5La1mUpG9WTUAitzScM6tJnnOUyYqZHs9A22PJkwOCoQT3aKA6CLNYNjB043zEbQQB5m3I0L5VLjG3Dwj2w693KilQR9mVvhw1YRdrC2b58dKvsOgm2zf2VcwAlLcrtHVZ5QqsqvXTS2lseA7Y_WBUGQQ21iEXwcs76fjkmC8Ew92OeH7Aizjbg6tJ0LNIrhLKA_SAzm9f6mykRqe0PTZ3XoTNx0uk9vaX58_K-T6K8tr6YuNVuX2gJPu277tpfLVZPtHjui9hCFddZaEB-Snfjoxf7lLQqFFdyvBX9NMusUHHvYUKCwuHqYpjL7qWcE1ju8hCjwHzhyJK-y0SBvCD9cJcH_dub8oYdNekGHuGRhGG3iXDRoVC29OlkXX_HWp2BBoYT3P4UPWraQrob4jePW03l7e5LvpMXPU3-usjrBegREgxRU7kioYujgRmWMf4_v_GlPl5QvEkThYpTHibGo-pQGE2nFARwRtB1RQ5kTrhV9OJ6I5r2wyCNGUglaxOlFZXrjEoUOGRx3JiJAhHzp2KUitSDEWsEkw2aVKBUWR1m3m4QLtcYBFocGi69bLfp5jnHKlzNzqYwIcWSfVrbbf6kwHMz6TIRySAA1QoDmnZkR13oN1ZEnfLtKsUJ4eniqpRiz3xHC6x0LlQDiUUZ4glltJhiiS_IyomWlj8ZXSuuSzr46rXNRJ0q5hB7Iw8B2TW-8kdGagMtyzsCSAfz9Vm6yQwEq28utAh7IWXYmEZAOXWdezqNsyeufjqK5EAh0pFIjLlp9i3J9ZWY5c9MoYhSOmFoH8&cid=CAQSPABygQiD3kymIc3CGtogRB_8oNHMrm2Spcr5wUMXq47vu19pZaRrXFqoSi097iOv1rVp3Arg1VnnFn1iZxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnotepad.pw%2F&ds=l&xdt=1&iif=1&cor=7719310172483739000&adk=943508955&idt=63&cac=0&dtd=88
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:19:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13689
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Jun 2024 21:19:23 GMT
7257002011617455875
s0.2mdn.net/simgad/ Frame 5E16
63 KB
63 KB
Image
General
Full URL
https://s0.2mdn.net/simgad/7257002011617455875
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2006 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
9e084759af1c8aa9b960d67e32ee3e5952ae2c532c0c83e80d2292782b85cacc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Mon, 05 Jun 2023 15:15:19 GMT
x-content-type-options
nosniff
age
121933
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64331
x-xss-protection
0
last-modified
Tue, 07 Feb 2023 15:07:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Tue, 04 Jun 2024 15:15:19 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 989E
1 KB
643 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

age
16232
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 06 Jun 2023 20:37:00 GMT
etag
48472445140208031
expires
Wed, 07 Jun 2023 20:37:00 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 5E16
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9157edb728e39bc13861291d3dd90c3228adb53ce9532598f1ec8cf1fea5bd93

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Content-Type
image/png
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306010101&jk=1470496023265706&bg=!sLOls-fNAAY9J7QfHSc7ADkAdvg8WrOSLnXNhreKRLY2_rIyX80Zk5OdLP9axKyBZoIksUH7tvm4h3pAgV0I0gW6ESPAzrEHrcUCAAAAkVIAAAADaAEHmQL48uLcWwDoAVDySbjBSTvi9ymCgILhEyxEEcF0Mqt3SkCrCuuJNUutBaG74JlF4UU9RoIz1sEp8bdVCGKh9Z-6mmQuqs0l5RAJJ19wTTmbP0EsGXg-VkRcL3LQFwCDgQiWgDsZqm1QW5mAaJp6uCs1E3GjJFHuxFXWfMQY7K04c-8iuxBDulkkxPbuZcyMvXTwOHgNT3b-ljJdo2w64huH8fYV_2gb7s-fEbUeMwloefUe54eejrk9cIcZ7iueP_Ggw9LuIzSfPj32xIOlxi6xP9ZgajeW7owX4sbTI5OWN0-U-YMqX00uqKQe7IGN0L07rl_mybr7UEthkRVVyTeYZzzXDC2WX9i45lTIdqd9gh-5-Gt1DcU3lh9-3NqFA30TLGfBIKvFWD5c0tLm5rnYUa_RywNFdajBzfS7Fv2NK6U3tlr8d-rD8ZZ6k_wgmjr7L0FlM15SWw0YlnuXdoG4zNx_YdhaMte0mOou1Sg6k-yDsRUEL8L6j1_J-xYoD9vdAdZliAwGy8-GgBBvO8qskxM1KpkA33i3MEr3o1ZYDJBboPXbijL62xMYW0dL8mQTTpuwBodIjTV3XkGIUQe-QluQTzxZOleeYXEM5zkhGtkYoy_bFbx3IPTngmigXNF8WQ5kbzNulqU0gIQCWX1G6QAnM7cMm69E56RMqNmV_kpxU7gVZQJdcy4y3HEtIa5ZiSiHDiGvi1sRAydbef9C0Bd9OjFA4NdVexwy-hXkOdzwOifuz2rpob1jx8S_irZs82LG14GlTF4fSpgiBzKzpJQJWAKXMKhYadNPVDcQ-P5xVQ28Rn99rCVfRLyz6TzyPPxslOJcw7ZfQZpEzwK7LU1uce_hT6oae0jB1Y_MgLvT8pom0t3oUs4SQzoDfXMXMqdDsBPn8EVBcotpYf4DNOCsBrG86LALaY5RPKG6EfyFrEvWgriDOHbp80_Tl-qaLrIov5eaNg1gagVm7jIWWsS7J52C8sjYXwXiYEcpfb8MQzAeUInc3g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pixel
cm.g.doubleclick.net/ Frame 989E
Redirect Chain
  • https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECGA7BP0nNoVW4vtWrz-lzw&google_cver=1&google_push=ATf1kGPqQQ5DzE6BJxtj44Ih1Ni4tzERkkRw95G_zlOd12npue4tQwkhyk...
  • https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=ATf1kGPqQQ5DzE6BJxtj44Ih1Ni4tzERkkRw95G_zlOd12npue4tQwkhyk6H6ZWKgiCdNHenouc2QCBzyK8_TP3OubS6cr73BQ&google_hm=plHMFdUm...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=ATf1kGPqQQ5DzE6BJxtj44Ih1Ni4tzERkkRw95G_zlOd12npue4tQwkhyk6H6ZWKgiCdNHenouc2QCBzyK8_TP3OubS6cr73BQ&google_hm=plHMFdUmH8QWW6QI48jdQQ
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://cm.g.doubleclick.net/pixel?gdpr=0&google_nid=B765081F39B1F7&google_push=ATf1kGPqQQ5DzE6BJxtj44Ih1Ni4tzERkkRw95G_zlOd12npue4tQwkhyk6H6ZWKgiCdNHenouc2QCBzyK8_TP3OubS6cr73BQ&google_hm=plHMFdUmH8QWW6QI48jdQQ
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 989E
Redirect Chain
  • https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEJKgYuK89fUreM2AMDHH8Mk&google_cver=1&google_push=ATf1kGPqKJ-n_Qn63HcbgpKj5qqEFQycG3xMP-9ebrJVGXcHpNi7MDnTSXCBJlHr-VjISK2dshqWhpb1obflX...
  • https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGPqKJ-n_Qn63HcbgpKj5qqEFQycG3xMP-9ebrJVGXcHpNi7MDnTSXCBJlHr-VjISK2dshqWhpb1obflX5hyRP-DOntDMQ&google_hm=cEREdElmMkNMaVJael9CM1...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGPqKJ-n_Qn63HcbgpKj5qqEFQycG3xMP-9ebrJVGXcHpNi7MDnTSXCBJlHr-VjISK2dshqWhpb1obflX5hyRP-DOntDMQ&google_hm=cEREdElmMkNMaVJael9CM1V5bTQ=
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=ATf1kGPqKJ-n_Qn63HcbgpKj5qqEFQycG3xMP-9ebrJVGXcHpNi7MDnTSXCBJlHr-VjISK2dshqWhpb1obflX5hyRP-DOntDMQ&google_hm=cEREdElmMkNMaVJael9CM1V5bTQ=
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
234
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 989E
Redirect Chain
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DATf1kGPZKokfL6pIQOM42P9i23zPBLSbp3Za5riO-mF6fgnViRbaMKEQsxusROmatofrGr_QMrm3S4ITi0...
  • https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=ATf1kGPZKokfL6pIQOM42P9i23zPBLSbp3Za5riO-mF6fgnViRbaMKEQsxusROmatofrGr_QMrm3S4ITi0Ciev5Fyjh84uDEFQ&google_hm=1b415060-9496-48ed-9d03...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=ATf1kGPZKokfL6pIQOM42P9i23zPBLSbp3Za5riO-mF6fgnViRbaMKEQsxusROmatofrGr_QMrm3S4ITi0Ciev5Fyjh84uDEFQ&google_hm=1b415060-9496-48ed-9d03-d65f7cbbcb4b
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-11
Content-Type
text/plain; charset=utf8
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=ATf1kGPZKokfL6pIQOM42P9i23zPBLSbp3Za5riO-mF6fgnViRbaMKEQsxusROmatofrGr_QMrm3S4ITi0Ciev5Fyjh84uDEFQ&google_hm=1b415060-9496-48ed-9d03-d65f7cbbcb4b
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 989E
Redirect Chain
  • https://ads.yieldmo.com/exptsync?google_gid=CAESEJb7s69ubLg66KCD63q7ymU&google_cver=1&google_push=ATf1kGNkEGit7NmUThfElHlBzfwIVtnLEsCpAaedC6nIcThaGB0BTeNexv1fo2GeS9gLJayl8Bw7RmuA62hKjxJ1CwxTj2bNPA
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGNkEGit7NmUThfElHlBzfwIVtnLEsCpAaedC6nIcThaGB0BTeNexv1fo2GeS9gLJayl8Bw7RmuA62hKjxJ1CwxTj2bNPA&google_hm=Z2FhOWJlODMxODgwM2VlMj...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGNkEGit7NmUThfElHlBzfwIVtnLEsCpAaedC6nIcThaGB0BTeNexv1fo2GeS9gLJayl8Bw7RmuA62hKjxJ1CwxTj2bNPA&google_hm=Z2FhOWJlODMxODgwM2VlMjVlM2Q=
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=utf-8
location
https://cm.g.doubleclick.net/pixel?google_nid=yieldmo&google_push=ATf1kGNkEGit7NmUThfElHlBzfwIVtnLEsCpAaedC6nIcThaGB0BTeNexv1fo2GeS9gLJayl8Bw7RmuA62hKjxJ1CwxTj2bNPA&google_hm=Z2FhOWJlODMxODgwM2VlMjVlM2Q=
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
0
pixel
cm.g.doubleclick.net/ Frame 989E
Redirect Chain
  • https://match.sharethrough.com/E4rooAtA/v1?google_gid=CAESEAZ8IkCh5EkrZkUV8UnTrJ4&google_cver=1&google_push=ATf1kGM-w7jJfj0OZ6awIwuqVlbMYRBDd1PvyPOxfGsJMOnsokNCQMMzVC7GLp3obH0wATk1bhnd2a0A2DuB7d9hn...
  • https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NzVlZGJlZmYtZDAzNi00ZWYyLThjZmMtNzg3MTYxOTczODgw&google_push=ATf1kGM-w7jJfj0OZ6awIwuqVlbMYRBDd1PvyPOxfGsJMOnsokNCQMMzVC7GLp3o...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NzVlZGJlZmYtZDAzNi00ZWYyLThjZmMtNzg3MTYxOTczODgw&google_push=ATf1kGM-w7jJfj0OZ6awIwuqVlbMYRBDd1PvyPOxfGsJMOnsokNCQMMzVC7GLp3obH0wATk1bhnd2a0A2DuB7d9hnbVupRi0KcIo
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=sharethrough_ob&google_hm=NzVlZGJlZmYtZDAzNi00ZWYyLThjZmMtNzg3MTYxOTczODgw&google_push=ATf1kGM-w7jJfj0OZ6awIwuqVlbMYRBDd1PvyPOxfGsJMOnsokNCQMMzVC7GLp3obH0wATk1bhnd2a0A2DuB7d9hnbVupRi0KcIo
date
Wed, 07 Jun 2023 01:07:32 GMT
content-length
0
pixel
cm.g.doubleclick.net/ Frame 989E
Redirect Chain
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEMOtcSakTR_3j-l4n14eIN8&google_cver=1&google_push=ATf1kGOWxnI_MKiuGXxBC7pTMiLzTDRLT32JTtIboJbIyf6RkXMR3FAkfiYkWY9gyuAhR3bFlDVUn1wu99aHw0qdzgRiegN...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOWxnI_MKiuGXxBC7pTMiLzTDRLT32JTtIboJbIyf6RkXMR3FAkfiYkWY9gyuAhR3bFlDVUn1wu99aHw0qdzgRiegN_w8TA&google_hm=NDE4MzUzNDM...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOWxnI_MKiuGXxBC7pTMiLzTDRLT32JTtIboJbIyf6RkXMR3FAkfiYkWY9gyuAhR3bFlDVUn1wu99aHw0qdzgRiegN_w8TA&google_hm=NDE4MzUzNDM5Nzc4NzEzMzU3OA==
Protocol
H3
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=ATf1kGOWxnI_MKiuGXxBC7pTMiLzTDRLT32JTtIboJbIyf6RkXMR3FAkfiYkWY9gyuAhR3bFlDVUn1wu99aHw0qdzgRiegN_w8TA&google_hm=NDE4MzUzNDM5Nzc4NzEzMzU3OA==
Date
Wed, 07 Jun 2023 01:07:32 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
/
onetag-sys.com/match/ Frame 989E
Redirect Chain
  • https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEPKnbEFd3b-lYLYL2HGzeDY&google_cver=1&google_push=ATf1kGP3KJFaCdBzN7OToRVIf0Roa3j-E2cwbevvV-Tataje-k1F8PrWXMSKUXrKXuDytMjpHEmvvl1zQ75...
  • https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGP3KJFaCdBzN7OToRVIf0Roa3j-E2cwbevvV-Tataje-k1F8PrWXMSKUXrKXuDytMjpHEmvvl1zQ75KKURXvoOOBW4Go1E
  • https://onetag-sys.com/match/?int_id=19&google_error=5
0
151 B
Image
General
Full URL
https://onetag-sys.com/match/?int_id=19&google_error=5
Protocol
H2
Server
51.222.39.185 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
255
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attr
cm.g.doubleclick.net/pixel/ Frame 989E
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LipwUtRBW_ktf5QKUN3qRfCv4eu5DTTtwoJ0QTqDoAZ9XCsTJY3EWKOaMoPEEc9vNDuCCs_S4R
Requested by
Host: 895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
URL: https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.34 Staten Island, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 5CD7
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2001 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
14178
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Tue, 06 Jun 2023 21:11:14 GMT
expires
Wed, 05 Jun 2024 21:11:14 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
4c7b884f7ad813ab071f360126fe9457cd75ff86ccee28c672a9bc04777c9a5c

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://notepad.pw
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 07 Jun 2023 01:07:32 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
view
googleads4.g.doubleclick.net/pcs/ Frame 5E16
0
0
Fetch
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss03eA0wFVFrUFE_x9jHXXk2yJVqR1de1X-KqhpRFWImqwx6L0J84DNjwwMqYddR1m6IzpEPEp0LeuD7pBSITp_daIvkEe4CGjonKIiKmFyrGLiQiZbdK2vTvQlGC7DiuIph_0XUoYOSPLpuDqVkUS4_SvEVwXC3SKlrPySSRu9LUIaFGh-AgyCaZejKyPymH8QYVD6V6Hy18opKfOk6wD11UBDzz-UqBhXAhh3h0jc1w6Q8T4RbAOvcyAbOzvZ83oGgvVzwOFD9gIbMCdpejQGh3GcRs1qCmedpIkcvYuvGOGuTSIpKg6KosqANqfi_mPiKetSbzqABTxc0dojp2U3gk9FMvty769r4Lx7qBGjyjJJAceG6lYwAgEeR0gKVuQmFY7I_Guk4zyM5lp-C4eFmPIdotmYbabQhxo0cQEasexO8jfGmUCpELaSpTURVdX3DicJpyGX2EHukqA-hEe8R1Jq-W7WWTbNHqkgLsi7z_Sda2395PRMgJzqBzVALJvg09FdkmXDro1av9jD9mbVxQid-ovarC4v3FKDvS5OhGW6ODCVwl_OHsHvnl3Ohf4tE5CdV-gd1kySVp2O8_VRk2mVGq6hKYi_M5KrH_vo8YpvB-J8CG2Jn7ZIU5PC8c3oZuR5abiOqnyScDyNKvIia1YNYTtbKTEgEjAu_5a3fBnxicK2PlHz6CdOfUPBsiQa6lWzRG6IyJRHHUMdZeTluC3yuNDgxBpN04nzP8nRes0FnI_-CMSbSy1GEf8lUzwN5vJJGPHY3i5913G3peumbpZyPsOCZXGquSdxd91IHQ7BOtIUU8vrBwT7MnY68Qg3twkACDNcxRgWnmdUx-ZlDRH0y7c5-SrlQEIAyQSq7PCVJ7f9l1tG1YH5bzH0GkHieedXSYDQ_raBde5FkLJVlS2erzag1asPL_4AR9ZHkzo-t24Nh7JQOyCxgnFhpBy30mSgIENHFy3opyi7LD8Suhk71Ae_tol8PrxI8iiJxN6pE7_fAwlsmJ1iz0q1CY5FhUnppb_j3biTpeEVq8v5st-sPawmVjYZKjZTXH-y8hb1QW2-Y3SN_9lvx8t5Ctov6NVyYg8PX6GVdpnCAIQv4D7c7tqu-c9DPga_H4d6k7_ArNYxv09uCyxMaqr66nGRgrUkXMwnFaNA_KPuIeS38MPTNT0aTLJtA8IQv534xm8a96JCgXwsAJ__Fyg3MqtpVnmk5kwcXR659T4i4bN72XXqMmc_GdQ&sai=AMfl-YThbV8NzKoAjdCK8FeYVoCuLcgf_Cfrhdvajm9YQXA76T1RbbedkBn2xlCMcDjmvPf4QL2eb__pkU4w9CvVy4FqeKEvKeWOV3s32eL61FMVjytZ-T1FtjNJpD13kg-WQlYmqgG4dY_vbiOnGPgLw4PUPmW2pvTzRpCdc2uMnzxkRqj2-urFKblTVynBzqOb4uYOIrq6_2DzzCj6yTcMBoHCDgxzNl6KjybmElPCw8FCg1Ip6koEoeXkgDtGVN1kGcq4XAQ&sig=Cg0ArKJSzCO3-2tYtLDpEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=169&vt=11&dtpt=168&dett=2&cstd=0&cisv=r20230531.41318&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACjjZkW6oRnUovZP29e5tv_tz-xxasuUeUi-825AvyJlwDILeQUDPk7Ufw9f9mBgG_1_VgXHYF4z-oj5pYy7Q1itr-ng&cry=1&dbm_d=AKAmf-BayhQRpbXQSnRBCUKWp6N2DRbCcq22Yv_UQM7E7JPwLUrUfRK3YUwQr0veEc5v_YV-OBH7F9SS85kEM0ntHL7RSNbYVRghkeOcEQEVtTqqHQva8SxrC3uaMlBmTctg_mz_mhaSk7DO30WpKDxfu_hQjHSg-HOku5HESqZJ43SxRsLXHg28S8puDUafEbd2ziCbBALtj7XyH87dY7qBuSJcpouSgyAnPv-OLy6uQJx0dL_Kz4wRD2UihcF1FiYXHrXFVW_74NgpTjZxov9MtyHGXVv3TR9uewi0fqrPO6_NKH43fqZiJl1JRbBr7XzfrXEn7PQc2BrBwmmHm9ofC1ejwvRHh-WbTXxLcYq3nnxLIhdSKbOfe5p7bLnxIORRJLMGT6PfK32rg7S7Wh2XBavtfUI-7adr2DOVedCXzqsZdmtJNyZGJOWpe86qna60wli_aDFUcTF0ERXKJNsILyG9djUjFnhqgoSmjwWMljOkr70qWMLGuMpG0hhoDkZUFwN1MvIm4jt8-lni_xYSPSreHiRowetNFvjsmMrG8SQPSp_xyj-mqSWKz2PGumlo3brZilPoX_gUhsovzfQpI9UV1wInLVrbUVpGVw3QteTb03lFSp_1TvqNqJ2FeXp8Non932QqK9XDQa5OQuX08SJpIqxQ7H423BQvDCsiuKaEJTThjVUULD5F1ghuFVee44TDCkA2Umuc4QZkIwnTZnBjUvI5iIVyNp5ucMQb_dD8529TRxypa-To_Qmu-bLuZdGDq0lQvoLd5HAOD0GqDUfpCR9H1lHSe4mKOhXzDozPpC3GTvu5q30vUFHqL5JtoowsEkTYw1et8KUdZ1M92qo5_XENljASpx6IQG0fK0quLHzud_eIbTR7U8p6vGRYSHsPVl50TBH1ZaZOKqulK6F9UaLTgk1eRHRiQ8Uvs7nLI8WdF7kc0XBZlr-I0Ju-vNQQUpmc31P5sCP5EQlc7x7qPaE0mdzEDSVhSbRY31PN-SIXNGvMMbVc0b0wWRTbV-Hkiczfo7Iu8EbM8zvHbwhU3NP6FyoBpnMpEMu8xsAWXNjAYK0tnAFJMJh9nTfBtF94kA1NG1PuVZckZJNpDYwUjPUpOEmEXsGQ1lg8fb_uRAGDntZi4YROP8N3S_OyO9Dx6boUfRW8XQXBpQd9UfGRLktZmGzm2OcP4kQhJfFIS6vu6fLpRG4bthYfH0FfVm85NGsOKfkTYy7q1rU32MeYwBbj8bVVdxcQooimFlyss4HVEjD4g78KnQDFsA9olHNvylHu1_sc3bp28uIx15Hr6qH2UToi4nqAhhLUVmhPiP4fy9l8VZJbpCxFvGC1mNpVOA-YrNHPbHxqI1N5RF9rhhKGqX5x5T2kTq43SbezaiAlNkcyh6EDsIyvQN2ZQ7_YI5b_Mjdg5-Y3QbbwY7-BbDXGInCTT4tqbGNJlClQ8eVUHZRTuO0srVXiDYdBImFY4nJ3iaMmuFprxaJFKyh5PWbsGPBoOpb5kP1lIN1acbgsx8cPLaA20Z443Jb2Lvp2uJBwrMYQ-PRgbq4S6TF0-QkB59-iVaxzdrW9_LvgYdNplq8y9pRTEI7qK7Lq6RTS_vjNEBrQMVRhWyzgIn2e5k4U8ky8nU7KJYEXwCSCwSiWD5930Gyuo1kr9V07jkdcisZL8zAabTsLl6xMmFrGWas6f6IkkynZazLX776QT9QOHnRQjfxDRbXPxHn20-KEXRM0M5e8wn15uR3bygkiAOw7n8lHxE2CXfmmHfO105LFUT1QwnHm6ZUBP5_7ziBgkhE3WEketF6Rqqf2AavG2u8lq1P6iR5itFdLMKVOcf49joaLA649lXur4WkZphqNG6mXzV7vGYkSenyG1uq76OP3RsDx0ooK6A-pgQTtCU3kCrq6fQrpKlmEETq7vxkBK5l1v12coVkCqvKwpdtUNSd_vdeU2wdHuDNA7W59zb8I42vYqCvADRCukg1QeeOEba2eVDC7eJR1cDzHxVSAVjFp5ESjshXOK0vSCfRfh3dsQqziQ2mf2wmLuJ1AP9jffaDL9SwOkVZvClSin-YyndrsIrPBTUwUNP95C1pnjwrLKv4P3aLXxqrAdYCda3PR2Ktbxvi6CoyvpCJ8q3BGLJYrns9dW6XFApvHqKhaYpDmjq2PfMGTvF4zgNQ2BI247RzuPORlHcn1JzupXKUX0i4N_JQZPUDi9npZx5iTdKdM6hf6EWww1pw1Ohmg8VwEnJ4S4Q12OKxK8v17QocL74uBZ_sXknwkVnuYUb7KfTeMvaswGH88bOaXULRx6wiTd-x_OcvEvkTEUtNYpHWxrMdLHdzvcTLrOZdQo8CBOAmLV5LtkwNlFPrUHyxrLLkxC3G7MjVm9QNCIntS4yw_D16a7BqyRElBtpX6nssmK_2XN6WDR2A2MD5VPgNHH2mI5mVCNOwzO0SUfPTWakUnHMtKfk1-Zog12qgUusXj6g1ZTJrjCdE3ejXQGgY6_LELZHMPoMQLDdfAJvdfdATGmkdaiG5xqUYvMnKIBmhgHHUc2YOVFb3c3-6WnKjhja6DcnafkAbOL8cmPW5La1mUpG9WTUAitzScM6tJnnOUyYqZHs9A22PJkwOCoQT3aKA6CLNYNjB043zEbQQB5m3I0L5VLjG3Dwj2w693KilQR9mVvhw1YRdrC2b58dKvsOgm2zf2VcwAlLcrtHVZ5QqsqvXTS2lseA7Y_WBUGQQ21iEXwcs76fjkmC8Ew92OeH7Aizjbg6tJ0LNIrhLKA_SAzm9f6mykRqe0PTZ3XoTNx0uk9vaX58_K-T6K8tr6YuNVuX2gJPu277tpfLVZPtHjui9hCFddZaEB-Snfjoxf7lLQqFFdyvBX9NMusUHHvYUKCwuHqYpjL7qWcE1ju8hCjwHzhyJK-y0SBvCD9cJcH_dub8oYdNekGHuGRhGG3iXDRoVC29OlkXX_HWp2BBoYT3P4UPWraQrob4jePW03l7e5LvpMXPU3-usjrBegREgxRU7kioYujgRmWMf4_v_GlPl5QvEkThYpTHibGo-pQGE2nFARwRtB1RQ5kTrhV9OJ6I5r2wyCNGUglaxOlFZXrjEoUOGRx3JiJAhHzp2KUitSDEWsEkw2aVKBUWR1m3m4QLtcYBFocGi69bLfp5jnHKlzNzqYwIcWSfVrbbf6kwHMz6TIRySAA1QoDmnZkR13oN1ZEnfLtKsUJ4eniqpRiz3xHC6x0LlQDiUUZ4glltJhiiS_IyomWlj8ZXSuuSzr46rXNRJ0q5hB7Iw8B2TW-8kdGagMtyzsCSAfz9Vm6yQwEq28utAh7IWXYmEZAOXWdezqNsyeufjqK5EAh0pFIjLlp9i3J9ZWY5c9MoYhSOmFoH8&cid=CAQSPABygQiD3kymIc3CGtogRB_8oNHMrm2Spcr5wUMXq47vu19pZaRrXFqoSi097iOv1rVp3Arg1VnnFn1iZxgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fnotepad.pw%2F&ds=l&xdt=1&iif=1&cor=7719310172483739000&adk=943508955&idt=63&cac=0&dtd=88
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.226 -, , ASN (),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:33 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 07 Jun 2023 01:07:33 GMT
EHMIEcXmxjhpa6ysVw94xheqxns9jQBWcUzwmgw4Ck0.js
pagead2.googlesyndication.com/bg/ Frame 5CD7
38 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/EHMIEcXmxjhpa6ysVw94xheqxns9jQBWcUzwmgw4Ck0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10730811c5e6c638696bacac570f78c617aac67b3d8d0056714cf09a0c380a4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Tue, 06 Jun 2023 21:19:23 GMT
content-encoding
br
x-content-type-options
nosniff
age
13689
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Tue, 30 May 2023 11:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 05 Jun 2024 21:19:23 GMT
bm90ZXBhZC5wdw==
tcheck.outbrainimg.com/tcheck/check/ Frame 61E1
16 B
463 B
XHR
General
Full URL
https://tcheck.outbrainimg.com/tcheck/check/bm90ZXBhZC5wdw==
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.215.41.170 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Date
Wed, 07 Jun 2023 01:07:33 GMT
ETag
W/"10-us8lSJutAxKqLzf8c1+n5XstcwY"
Access-Control-Max-Age
43200
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=36590
Access-Control-Allow-Credentials
false
Connection
keep-alive
X-TraceId
700ce26a775141aa08d3f24512bb54e
Content-Length
16
Expires
Wed, 07 Jun 2023 11:17:23 GMT
px.gif
widget-pixels.outbrain.com/widget/detect/ Frame 61E1
43 B
435 B
Image
General
Full URL
https://widget-pixels.outbrain.com/widget/detect/px.gif?ch=1
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.41.73 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

expires
Fri, 07 Jul 2023 01:07:32 GMT
date
Wed, 07 Jun 2023 01:07:32 GMT
last-modified
Wed, 30 Sep 2020 14:22:29 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1601475749.911431"
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
server-timing
ak_p; desc="1686100052886_389945293_179572335_12_618_62_0_146";dur=1
accept-ranges
bytes
timing-allow-origin
*, *
content-length
43
access-control-request-headers
X-OB-STG,X-OB-PRD
cm
u.openx.net/w/1.0/ Frame 31D2
903 B
541 B
Document
General
Full URL
https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Requested by
Host: a.pub.network
URL: https://a.pub.network/core/prebid-analytics-7.48.2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
b9f2957fe49b7c02d7a24812d13b78b151436cce176d78aaf6480e5a0b224e1d

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
522
content-type
text/html
date
Wed, 07 Jun 2023 01:07:32 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
setuid
s2s.t13.io/ Frame 31D2
0
14 B
Image
General
Full URL
https://s2s.t13.io/setuid?bidder=openx&gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&f=b&uid=f73656e6-2b97-4801-87e9-51d5816b6739
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.140.113 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
113.140.107.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
content-type
text/html
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
0
sd
us-u.openx.net/w/1.0/ Frame 31D2
Redirect Chain
  • https://aorta.clickagy.com/pixel.gif?ch=4&cm=d166edcc-c072-47a6-9af0-0a81e402ab85&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537073026%26val%3D%7Bvisitor_id%7D
  • https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:f21217002e595075617a00b02bb9c17a
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:f21217002e595075617a00b02bb9c17a
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Wed, 07 Jun 2023 01:07:32 GMT
server
Aorta/20230525.b9caa956e
expect
0
access-control-max-age
31536000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/plain
location
https://us-u.openx.net/w/1.0/sd?id=537073026&val=c:f21217002e595075617a00b02bb9c17a
access-control-allow-origin
*
access-control-expose-headers
Set-Cookie
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-aorta-region
us-east-1
x-aorta-host
8e2cf6932f94
access-control-allow-headers
Origin,cache-control,content-type,man,messagetype,soapaction
content-length
0
dds
rtb.openx.net/sync/ Frame 31D2
Redirect Chain
  • https://rtb.openx.net/sync/dds
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=Eb5TFTuOwsYKEd130ymfDg==&ox_sc=1&ox_init=1
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
43 B
105 B
Image
General
Full URL
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol
H2
Server
35.227.252.103 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:33 GMT
via
1.1 google
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:33 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
249
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 31D2
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://us-u.openx.net/w/1.0/sd?id=536872786&val=5f64647f-d855-4a00-b3ff-959a5f67dcd7
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=536872786&val=5f64647f-d855-4a00-b3ff-959a5f67dcd7
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:33 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Wed, 07 Jun 2023 01:07:33 GMT
Server
MT3 933 7933424 master iad-pixel-x3 config_version:"1030"
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://us-u.openx.net/w/1.0/sd?id=536872786&val=5f64647f-d855-4a00-b3ff-959a5f67dcd7
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Wed, 07 Jun 2023 01:07:32 GMT
sd
us-u.openx.net/w/1.0/ Frame 31D2
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID}
  • https://us-u.openx.net/w/1.0/sd?id=537073028&val=69bd76e9-9f3f-4482-8c61-3267af700f91
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073028&val=69bd76e9-9f3f-4482-8c61-3267af700f91
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:33 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://us-u.openx.net/w/1.0/sd?id=537073028&val=69bd76e9-9f3f-4482-8c61-3267af700f91
Date
Wed, 07 Jun 2023 01:07:33 GMT
Connection
keep-alive
X-CI-RTID
868b5285-e2c2-417f-a0d4-6e48f1dae3dd
Content-Length
112
Content-Type
text/html; charset=utf-8
sd
us-u.openx.net/w/1.0/ Frame 31D2
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072977&val=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072977&val=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:32 GMT
server
A
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://us-u.openx.net/w/1.0/sd?id=537072977&val=4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
receive
pixel.tapad.com/idsync/ex/ Frame 31D2
95 B
123 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=c896aad5-c90f-466f-a684-091633bc64b8
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
view
securepubads.g.doubleclick.net/pcs/ Frame 61E1
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvfy_tKC_cXs5FvsvwpsWnOkRSUnp49QoMHWF2Et9VOyJISa1_NrQQMCbjHdpOJpM3Q9hwUzu3TL76ToN3O3esp1-EoNj3CzKnxDlf5aWAqQBp92Cp7jy1z4bWQYXOogL4OEGk8_dospTc0z9Zeqy34xVvr-W4yJOnivchzNDh4uNKhw54FVD6NwkjqKfxowgq6MTo4yV0Upx7tU7ojZxZcRL4P5MqX4j99lP1F5T5Vtenr6D_z866SRzroIjuEcsa6-uWFm-JL6j7YY86aEFMuN2REo5b4zTtV0HEMnZ5AvKPArs9U-D-ardMca8_wXnr_414xIJQIPr9xvojINXj0q_Zedx_6k-kiBeNW&sai=AMfl-YTik16bbCv3GI0Z9nVcI7MBTmvRLnxG38k3dvqR9NKfe8Wg3e9pZxr2gof9c9bkydiRCIoVhltT2e1dA5_p_Iql2hMDJe8YOEqeuDeg-hMJasW3mm7HjgpkP9SjbQ&sig=Cg0ArKJSzGyvi5NxlyvUEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

date
Wed, 07 Jun 2023 01:07:32 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 07 Jun 2023 01:07:32 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 5CD7
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-tG1VNh_ZPWKI_mXoPwPvpOuqAQAAAAAOAHgBAI&bg=!RkWlRRHNAAY9J7QfHSc7ADkAdvg8WpN8ISxHOXVueA7Fu39FwqYt0lpYm1QNmzZ9zel-aFY7egZG4VUHNsUHOyzYZNE_9n9Ybq4CAAAAoFIAAAACaAEHmQMp-U_knoshZ2eLOR1tUcJG64aRKeuH2B9XuhItNFzuE1k9eGyxV8sekJdzz-4kRgUzrJfXhPp1XaJZK1hfWdaH0h1bTFB5Qeew9BtKY-RAtOV2cWuZUvEyKEfkotf-XTufzL6L6hf5gXLXfIvv5MgvhPVROsEEEPcMH4KlFVt6WxjqSBjCeLghSD92EeW1a-6XJSmkNhCVKcU9r7ik0CdhSkeEJNT0gyekckg3VG1HQSYs-pAKPcoW1fXvut3GdiTp23fJPydhqLDwcI7gL2-HKjf8T4NmqyHgwslRCs1VqKqv46yCFALwKOAfpt9o1fYd1P-9P5I7NPhyBzt0tcBHdDxRwwf1KnHdPVW7xOla6PiQys-QuG150NbvHCTuxGgtpD1uvXEoECqcSzzNPCjMtn6fVUlz2FyM5YF6TwDUk3ZFINqlDfaqYBkrh3mI7fJvEqR2gWIAS6bD7zDNmSqqAF3T0dYwtuX1kddwq4iH7xueJ02lzB9lyr_2Fpvdg_sgjkX2_cZLjD3KwPX7kmUBdZ2Hbl6-QLJKbizcKwwLSwJDJCqbJat3qfbxUqYrUHXCYDmndbd6-ENAcOsTwKQ5OTID5W5VAiAKKA39RgDnQjaE1NC-svUakk7wZjUpV1HWhEImV7ex2NoBehFbPvfsLj5jvV3Nlx7wu-db--TIUlnGuhisb70A105pE965RwIMUF4ThkjK_ea4hTxr0DS9ar600yupheNF84USgC3AUpaodvMH1HF-KIbW0YeP5bjeB7VEs0GC3cpexlGrbBBVcmXOO4KN45nsMfxvQGz6nJFCjQmtw-obYHk-4X4VreCIlS7F2yEzp5HkiBYEdoC_HgOnR58HLFf25zy4juq7aRF3Nyj3MbZtwBqEQregdfqG_f5YR3zb3aCfVvfGOq0yxUqGMvaHJ4lJvOuL-tar3aGHFSBt3UstI3iXka5x58MyVgaXRHQXEbJDAYqQ5TXzOUNX_QWgObtPDdN6p5jG7-dYnVSkrKwVibIchv1FRSNDadlU66pkcdVOztZxA7Vf03oHvug7qCI9XwlAv9vtx5EYE-FF2Wk7yH0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2002 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:33 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
platforms
odb.outbrain.com/utils/ Frame 61E1
19 KB
7 KB
Script
General
Full URL
https://odb.outbrain.com/utils/platforms?contentUrl=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&idx=0&rand=83594&widgetJSId=AR_4&va=true&et=true&format=html&px=0&py=0&vpd=0&cw=728&settings=true&recs=true&key=FREES104AH2PELD73BHE4H9I0&adblck=false&abwl=false&ab=0&wl=0&activeTab=true&version=2010321&sig=KTtJdCMG&apv=false&osLang=en-US&winW=728&winH=90&scrW=1600&scrH=1200&dpr=1&secured=true&cmpStat=0&ccpaStat=0&iframe=true&id5=ID5*HaJdJUiJkhH69NTtFqVRbIA0jt6ECHc61uTCxzfeQGtOMC3aez59m66WMdiM0sthTjFPdM2-oYOx47eQztVorg&id5type=&chs=1&ref=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&ogn=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.34.132 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
3551641c0239d5880e0ff1ed747aab53bf63c2954099d3ec4f34079473c0c414

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

x-cache-hits
0
date
Wed, 07 Jun 2023 01:07:33 GMT
content-encoding
br
via
1.1 varnish
traffic-path
SADC1, IAD, North_America
x-cache
MISS
p3p
policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
x-traceid
e8756133aeb751a9c285b38a770ca810
content-length
6535
x-served-by
cache-iad-kjyo7100022-IAD
pragma
no-cache
x-timer
S1686100053.160148,VS0,VE176
vary
Accept-Encoding, User-Agent
content-type
text/javascript; charset=UTF-8
cache-control
no-cache
accept-ranges
bytes
expires
Thu, 01 Jan 1970 00:00:00 GMT
c
c.pub.network/v2/
36 B
53 B
Fetch
General
Full URL
https://c.pub.network/v2/c
Requested by
Host: notepad.pw
URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash
4c7b884f7ad813ab071f360126fe9457cd75ff86ccee28c672a9bc04777c9a5c

Request headers

Referer
https://notepad.pw/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
Content-Type
application/json

Response headers

date
Wed, 07 Jun 2023 01:07:33 GMT
via
1.1 google
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type
text/plain;charset=utf-8
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36
c
c.pub.network/v2/ Frame
0
0
Preflight
General
Full URL
https://c.pub.network/v2/c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.160.152.31 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
31.152.160.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://notepad.pw
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://notepad.pw
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 07 Jun 2023 01:07:33 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
via
1.1 google
dwce_cheq_events
log.outbrainimg.com/loggerServices/ Frame 61E1
4 B
371 B
XHR
General
Full URL
https://log.outbrainimg.com/loggerServices/dwce_cheq_events?timestamp=1686100053200&sessionId=1b013425-590b-6d07-9308-079309d37412&url=notepad.pw&cheqSource=1&cheqEvent=3&responseTime=372
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.127 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:33 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
content-range
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
43d185d6a88db7ab67af486a6298364b
Content-Length
4
Expires
0
collect
www.google-analytics.com/g/
0
17 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-0E2CT7YLRP&gtm=45je3650&_p=408505991&cid=1878714221.1686100048&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1686100048&sct=1&seg=0&dl=https%3A%2F%2Fnotepad.pw%2FuSxZEEteQ7lmCihnRoNJ&dt=notepad.pw%20%2F%20uSxZEEteQ7lmCihnRoNJ%20%7C%20The%20napkin%20of%20the%20internet.&en=scroll&epn.percent_scrolled=90&_et=82
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0E2CT7YLRP&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Jun 2023 01:07:33 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://notepad.pw
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
test.html
widgets.outbrain.com/nanoWidget/externals/obUserFrame/ Frame 2020
2 KB
1 KB
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/obUserFrame/test.html?lsd=d574a69e-d272-437f-a78d-3dfb0ea56701
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.41.73 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
access-control-request-headers
X-OB-STG,X-OB-PRD
cache-control
max-age=604800
content-encoding
gzip
content-length
686
content-type
text/html
date
Wed, 07 Jun 2023 01:07:33 GMT
etag
"1e015194a0e596827cb8971f884eb43c:1685462134.315746"
expires
Wed, 14 Jun 2023 01:07:33 GMT
last-modified
Tue, 30 May 2023 14:06:45 GMT
server
AkamaiNetStorage
server-timing
ak_p; desc="1686100053387_389945293_179576810_13_776_62_0_255";dur=1
timing-allow-origin
* *
vary
Accept-Encoding
put.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame FA6E
416 B
807 B
Document
General
Full URL
https://widgets.outbrain.com/nanoWidget/externals/cookie/put.html
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.41.73 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
access-control-request-headers
X-OB-STG,X-OB-PRD
cache-control
max-age=604800
content-length
416
content-type
text/html
date
Wed, 07 Jun 2023 01:07:33 GMT
etag
"c0311cf15c21ddda054005e92fad3f9e:1685462130.075629"
expires
Wed, 14 Jun 2023 01:07:33 GMT
last-modified
Tue, 30 May 2023 14:06:45 GMT
server
AkamaiNetStorage
server-timing
ak_p; desc="1686100053388_389945293_179576820_7_364_62_0_255";dur=1
timing-allow-origin
* *
ob_logo_67x12.png
widgets.outbrain.com/images/widgetIcons/ Frame 61E1
2 KB
3 KB
Image
General
Full URL
https://widgets.outbrain.com/images/widgetIcons/ob_logo_67x12.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.41.73 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

expires
Fri, 07 Jul 2023 01:07:33 GMT
date
Wed, 07 Jun 2023 01:07:33 GMT
last-modified
Tue, 10 Jan 2023 16:40:08 GMT
server
AkamaiNetStorage
etag
"c52b07e749f7a09fa7b97b7e195e06ce:1673369415.187551"
access-control-allow-methods
GET,POST
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
server-timing
ak_p; desc="1686100053390_389945293_179576843_7_415_62_0_146";dur=1
accept-ranges
bytes
timing-allow-origin
*, *
content-length
2326
access-control-request-headers
X-OB-STG,X-OB-PRD
achoice.svg
widgets.outbrain.com/images/widgetIcons/ Frame 61E1
990 B
1 KB
Image
General
Full URL
https://widgets.outbrain.com/images/widgetIcons/achoice.svg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.41.73 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

expires
Fri, 07 Jul 2023 01:07:33 GMT
date
Wed, 07 Jun 2023 01:07:33 GMT
last-modified
Tue, 10 Jan 2023 16:40:08 GMT
server
AkamaiNetStorage
etag
"5ab8e16b5f46213840bcd403e349419c:1673369393.880194"
access-control-allow-methods
GET,POST
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=2592000
access-control-allow-credentials
false
server-timing
ak_p; desc="1686100053391_389945293_179576848_29_382_62_0_146";dur=1
accept-ranges
bytes
timing-allow-origin
*, *
content-length
990
access-control-request-headers
X-OB-STG,X-OB-PRD
l
mcdp-sadc1.outbrain.com/ Frame 61E1
0
0

obUserSync.html
widgets.outbrain.com/widgetOBUserSync/ Frame 2E9E
19 KB
6 KB
Document
General
Full URL
https://widgets.outbrain.com/widgetOBUserSync/obUserSync.html
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.215.41.73 -, , ASN (),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

Referer
https://notepad.pw/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-credentials
false
access-control-allow-methods
GET,POST
access-control-allow-origin
*
access-control-request-headers
X-OB-STG,X-OB-PRD
cache-control
max-age=604800
content-encoding
gzip
content-length
6040
content-type
text/html
date
Wed, 07 Jun 2023 01:07:33 GMT
etag
"37202485ed061a936935162db30e773e:1683701449.34879"
expires
Wed, 14 Jun 2023 01:07:33 GMT
last-modified
Wed, 10 May 2023 06:16:26 GMT
server
AkamaiNetStorage
server-timing
ak_p; desc="1686100053402_389945293_179576940_18_493_62_0_255";dur=1
timing-allow-origin
* *
vary
Accept-Encoding
eyJpdSI6IjBjNGZhNGEzODgxYWNmMmI1MTI1YmEzNWMxZGQyNmI5ZTU2ZDYyY2NkNDI1NGI5ZjJlYTdlYzM0ZDE5NjAwNTciLCJ3IjozMDAsImgiOjEwMCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
images.outbrainimg.com/transform/v3/ Frame 61E1
0
0

widgetGlobalEvent
log.outbrainimg.com/loggerServices/ Frame 61E1
4 B
371 B
Fetch
General
Full URL
https://log.outbrainimg.com/loggerServices/widgetGlobalEvent?rId=f729fa5df6c93b6f46c5c8ec3ca2be16&pvId=f729fa5df6c93b6f46c5c8ec3ca2be16&sid=9846775&pid=203177&idx=0&wId=124&pad=1&org=0&tm=552&eT=3&wRV=2010321&pVis=1&lsd=d574a69e-d272-437f-a78d-3dfb0ea56701&eIdx=0&oo=false&ab=0&wl=0
Requested by
Host: widgets.outbrain.com
URL: https://widgets.outbrain.com/outbrain.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.127 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://notepad.pw/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36

Response headers

Pragma
no-cache
Date
Wed, 07 Jun 2023 01:07:33 GMT
Access-Control-Allow-Methods
GET,POST
Content-Type
application/json; charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
content-range
Cache-Control
no-cache, no-store, must-revalidate
X-TraceId
e294d1af7b94318cac7de9189911b667
Content-Length
4
Expires
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 063D
0
0

test.html
widgets.outbrain.com/nanoWidget/externals/cookie/ Frame FA6E
0
0

420046.gif
idsync.rlcdn.com/ Frame 2E9E
0
0

/
b1sync.zemanta.com/usersync/outbrain/ Frame 2E9E
0
0

getuid
ib.adnxs.com/ Frame 2E9E
0
0

ibs:dpid=133726&dpuuid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_pd=1&gdpr_consent=
dpm.demdex.net/ Frame 2E9E
0
0

set
sync-jp.im-apps.net/imid/ Frame 2E9E
0
0

generic
match.adsrvr.org/track/cmf/ Frame 2E9E
0
0

usermatch.gif
beacon.krxd.net/ Frame 2E9E
0
0

g.pixel
aa.agkn.com/adscores/ Frame 2E9E
0
0

sync
rtb.mfadsrvr.com/ Frame 2E9E
0
0

sync
x.bidswitch.net/ Frame 2E9E
0
0

usersync.aspx
dis.criteo.com/dis/ Frame 2E9E
0
0

pixel
cm.g.doubleclick.net/ Frame 2E9E
0
0

/
dsp.adfarm1.adition.com/cookie/ Frame 2E9E
0
0

match
ps.eyeota.net/ Frame 2E9E
0
0

9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
id.geistm.com/m/OB/ Frame 2E9E
0
0

cm-notify
creativecdn.com/ Frame 2E9E
0
0

sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame 2E9E
0
0

tpid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
sync.crwdcntrl.net/map/c=14516/tp=OBRN/ Frame 2E9E
0
0

/
loadus.exelator.com/load/ Frame 2E9E
0
0

usermatchredir
ssum-sec.casalemedia.com/ Frame 2E9E
0
0

ImgSync
image8.pubmatic.com/AdServer/ Frame 2E9E
0
0

cm
u.openx.net/w/1.0/ Frame 2E9E
0
0

occ
ups.analytics.yahoo.com/ups/58523/ Frame 2E9E
0
0

server_match
ice.360yield.com/ Frame 2E9E
0
0

/
s.ad.smaato.net/c/ Frame 2E9E
0
0

sync
ssbsync.smartadserver.com/api/ Frame 2E9E
0
0

c.gif
c.bing.com/ Frame 2E9E
0
0

711945.gif
id.rlcdn.com/ Frame 2E9E
0
0

pixelSync
pixel-sync.sitescout.com/dmp/ Frame 2E9E
0
0

p-cxanv6hYFn1kw.gif
cms.quantserve.com/pixel/ Frame 2E9E
0
0

rtset
bh.contextweb.com/bh/ Frame 2E9E
0
0

9.gif
id5-sync.com/s/164/ Frame 2E9E
0
0

ob
cm.rtbsystem.com/usermatch/ Frame 2E9E
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=106
Domain
mcdp-sadc1.outbrain.com
URL
https://mcdp-sadc1.outbrain.com/l?token=f729fa5df6c93b6f46c5c8ec3ca2be16_203177_1686100053303&tm=532&eT=0&widgetWidth=728&widgetHeight=90&widgetX=0&widgetY=0&wRV=2010321&pVis=1&lsd=d574a69e-d272-437f-a78d-3dfb0ea56701&eIdx=&cheq=0&rtt=320&oo=false&lo=761&obreq=449&odbreq=1000&odbres=1319&cet=4g&to=1686100052031.8&umv=1&ll=0&chs=2&ab=0&wl=0
Domain
images.outbrainimg.com
URL
https://images.outbrainimg.com/transform/v3/eyJpdSI6IjBjNGZhNGEzODgxYWNmMmI1MTI1YmEzNWMxZGQyNmI5ZTU2ZDYyY2NkNDI1NGI5ZjJlYTdlYzM0ZDE5NjAwNTciLCJ3IjozMDAsImgiOjEwMCwiZCI6MS4wLCJjcyI6MCwiZiI6NH0.webp
Domain
ads.pubmatic.com
URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fs2s.t13.io%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Domain
widgets.outbrain.com
URL
https://widgets.outbrain.com/nanoWidget/externals/cookie/test.html
Domain
idsync.rlcdn.com
URL
https://idsync.rlcdn.com/420046.gif?partner_uid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
b1sync.zemanta.com
URL
https://b1sync.zemanta.com/usersync/outbrain/?puid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_consent=&us_privacy=1---&initiator=ob
Domain
ib.adnxs.com
URL
https://ib.adnxs.com/getuid?https://sync.outbrain.com/cookie-sync?p=appnexus&uid=$UID&obUid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_consent=&us_privacy=1---&initiator=ob
Domain
dpm.demdex.net
URL
https://dpm.demdex.net/ibs:dpid=133726&dpuuid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_pd=1&gdpr_consent=
Domain
sync-jp.im-apps.net
URL
https://sync-jp.im-apps.net/imid/set?cid=1000047&tid=obid&uid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
match.adsrvr.org
URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=icco6m5&ttd_tpi=1&gdpr=0&gdpr_consent=&us_privacy=1---
Domain
beacon.krxd.net
URL
https://beacon.krxd.net/usermatch.gif?partner=outbrain&partner_uid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
aa.agkn.com
URL
https://aa.agkn.com/adscores/g.pixel?sid=9212295978&puid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
rtb.mfadsrvr.com
URL
https://rtb.mfadsrvr.com/sync?ssp=outbrain&ssp_user_id=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_consent=&us_privacy=1---&initiator=ob
Domain
x.bidswitch.net
URL
https://x.bidswitch.net/sync?ssp=outbrain&user_id=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&us_privacy=1---&gdpr=0&gdpr_pd=1&gdpr_consent=
Domain
dis.criteo.com
URL
https://dis.criteo.com/dis/usersync.aspx?r=74&p=126&cp=outbrain&cu=1&url=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcriteo%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob%26uid%3D%40%40CRITEO_USERID%40%40
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&google_dbm
Domain
dsp.adfarm1.adition.com
URL
https://dsp.adfarm1.adition.com/cookie/?ssp=25&gdpr=0&gdpr_consent=&us_privacy=1---
Domain
ps.eyeota.net
URL
https://ps.eyeota.net/match?bid=1mpn7m0&uid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
id.geistm.com
URL
https://id.geistm.com/m/OB/9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
creativecdn.com
URL
https://creativecdn.com/cm-notify?pi=outbrain&obUid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_consent=&us_privacy=1---&initiator=ob
Domain
pixel-us-east.rubiconproject.com
URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=15268&gdpr=0&gdpr_consent=&us_privacy=1---
Domain
sync.crwdcntrl.net
URL
https://sync.crwdcntrl.net/map/c=14516/tp=OBRN/tpid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
loadus.exelator.com
URL
https://loadus.exelator.com/load/?p=580&g=2&j=0&buid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
ssum-sec.casalemedia.com
URL
https://ssum-sec.casalemedia.com/usermatchredir?s=193091&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dindxexcg%26uid%3D%24%7BUSER%7D%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob
Domain
image8.pubmatic.com
URL
https://image8.pubmatic.com/AdServer/ImgSync?p=160065&gdpr=PM_GDPR&gdpr_consent=PM_CONSENT&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160065%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fsync.outbrain.com%252Fcookie-sync%253Fp%253Dpubmatic%2526obUid%253D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%2526gdpr%253D0%2526initiator%253Dob%2526gdpr_consent%253D%2526us_privacy%253D1---%2526uid%253D%2523PMUID
Domain
u.openx.net
URL
https://u.openx.net/w/1.0/cm?id=00df9f64-6f67-4cae-aeb2-d951da52047c&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dopenx%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26uid%3D
Domain
ups.analytics.yahoo.com
URL
https://ups.analytics.yahoo.com/ups/58523/occ?gdpr=0&gdpr_consent=&us_privacy=1---&redir=true
Domain
ice.360yield.com
URL
https://ice.360yield.com/server_match?partner_id=1863&r=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dimprove_digital%26uid%3D%7BPUB_USER_ID%7D%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob
Domain
s.ad.smaato.net
URL
https://s.ad.smaato.net/c/?adExInit=o&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dsmaato%26uid%3D%24UID%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob
Domain
ssbsync.smartadserver.com
URL
https://ssbsync.smartadserver.com/api/sync?callerId=30&gdpr=0&gdpr_consent=&redirectUri=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dsmart%26uid%3D%5Bssb_sync_pid%5D%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob
Domain
c.bing.com
URL
https://c.bing.com/c.gif?red3=MSOB_pd&uid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD
Domain
id.rlcdn.com
URL
https://id.rlcdn.com/711945.gif?ct=4&cv=
Domain
pixel-sync.sitescout.com
URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=0&gdpr_consent=&us_privacy=1---&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob
Domain
cms.quantserve.com
URL
https://cms.quantserve.com/pixel/p-cxanv6hYFn1kw.gif?idmatch=0&obUid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_consent=&us_privacy=1---
Domain
bh.contextweb.com
URL
https://bh.contextweb.com/bh/rtset?pid=562709&ev=1&us_privacy=${us_privacy}&rurl=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dpulsepoint%26uid%3D%25%25VGUID%25%25%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26initiator%3Dob
Domain
id5-sync.com
URL
https://id5-sync.com/s/164/9.gif?puid=9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD&gdpr=0&gdpr_consent=&us_privacy=1---
Domain
cm.rtbsystem.com
URL
https://cm.rtbsystem.com/usermatch/ob?redirect=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Drtbsystem%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D1---%26uid%3D%7Buserid%7D%26initiator%3Dob%26obUid%3D9h3bTUGM8De54ZdK6_SSWaBKuRBObTkTYLJ57xwTGBSlCeiS7k9BE9jqNu2JvQYD

Verdicts & Comments Add Verdict or Comment

246 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 boolean| credentialless object| onbeforetoggle object| onscrollend object| dataLayer object| freestar string| sbbvscc string| sbbgscc function| genPid function| nsbbfetch function| sbbgc function| addmg function| addprid function| sbbeccf function| m2vr function| sbbls string| y string| x string| gprid object| sbbeccfi string| sbbgs function| $ function| jQuery object| angular function| io boolean| note_created boolean| password_set number| caret string| pad_key string| url_key number| version function| admiral object| googletag object| regeneratorRuntime object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga number| lX number| lY string| csr object| otr object| cnv string| lk__ function| setUGEvals number| tt function| checkEnter function| swapsheets object| app object| store function| 4dm1r11545242527 object| fsdata object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady function| initiate_localStorage function| update_localStorage string| input_value string| zSAEYNMkMfis string| VTjEXVFsgQ number| tDcJIhXBZv number| VhnCGFSoUJ number| VFJyhpcwZL number| dDFxArlPjV function| lMtRvsgVod object| LZCBGEpKIH number| c2 number| c1 object| PEslvNt7UKcb function| xIGzspHpRG function| al function| a function| b object| wpcc boolean| sbrmp object| _comscore object| fsprebid function| load_script object| confiant function| _hadron object| fsprebidChunk object| _pbjsGlobals object| mnet object| ggeac object| google_js_reporting_queue object| hadron boolean| __halo_loaded__ object| COMSCORE object| ns_p object| __bt_tag_d object| __bt_tag_am object| __bt_intrnl object| __bt undefined| google_measure_js_timing object| au boolean| __bt_already_invoked object| apstag function| _typeof function| IntentIqObject function| PartnersWinEvent function| ReportResult object| iiq_object_array boolean| apstagLOADED object| apscustom object| _aps boolean| creativeVendorLibraryLoaded object| _qevents object| signal_decrypted object| ox_esp function| quantserve function| __qc object| ezt object| _qoptions function| lotameIsCompatible function| sync16589_aa function| sync16589_c undefined| sync16589_d undefined| sync16589_ba undefined| sync16589_e function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ga object| sync16589_v object| sync16589_na object| sync16589_wa object| sync16589_xa function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_s function| sync16589_t function| sync16589_u function| sync16589_w function| sync16589_ha function| sync16589_ia function| sync16589_y function| sync16589_ja function| sync16589_z function| sync16589_A function| sync16589_x function| sync16589_B function| sync16589_ka function| sync16589_C function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_K function| sync16589_L function| sync16589_M function| sync16589_J function| sync16589_la function| sync16589_ma function| sync16589_N function| sync16589_O function| sync16589_oa function| sync16589_P function| sync16589_pa function| sync16589_qa function| sync16589_ra function| sync16589_Q function| sync16589_sa function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_R function| sync16589_S function| sync16589_ya function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_W function| sync16589_za function| sync16589_X function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_Da function| sync16589_Aa function| sync16589_1 function| sync16589_Ca function| sync16589_Ba function| sync16589_2 function| sync16589_3 function| sync16589_4 function| sync16589_5 function| sync16589_Fa function| sync16589_Ga function| sync16589_Ia function| sync16589_Ea function| sync16589_7 function| sync16589_Ha function| sync16589_Ka function| sync16589_Ja function| sync16589_8 function| sync16589_6 function| sync16589_9 function| sync16589_La function| sync16589_Ma function| sync16589_Na function| sync16589_Oa function| sync16589_$ function| sync16589_Pa function| sync16589_Qa function| sync16589_Ra function| sync16589_Sa object| lotame_sync_16589 function| setImmediate function| clearImmediate object| ID5 object| pbjs object| PublisherCommonId object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| GoogleGcLKhOms object| google_image_requests

149 Cookies

Domain/Path Name / Value
live.notepad.pw/socket.io Name: io
Value: tBtRCPOIGoDdcaSWAkFJ
notepad.pw/ Name: SPSI
Value: e294dec8157a3b0b7a01e46890e4ae14
notepad.pw/ Name: SPSE
Value: s6H55z6Yzl/HLJx0G6h9SLhiDT828APDZO8WsTM/TNgtV6UMYc4aVPDpt7PyCNQjkC6Ie3J+gLYn2WlFTQ/Gdw==
notepad.pw/ Name: pad_cookie
Value: 89ca4e5c9cc24b0a165e591e0710fd2908b28239
notepad.pw/ Name: spcsrf
Value: b871c4caaea82ac0d6930215ec46e88b
notepad.pw/ Name: sp_lit
Value: JB9+IGEOLWxhJFu8Xipkxw==
notepad.pw/ Name: PRLST
Value: Gr
notepad.pw/ Name: UTGv2
Value: h4335e9a286694cb06a0d40f1cd2663e0c45
notepad.pw/ Name: adOtr
Value: d42ee891c75
.pub.network/ Name: _fsuid
Value: 76844f8d-4135-4cc9-b57d-ce338d267e97
.notepad.pw/ Name: _gid
Value: GA1.2.875372470.1686100048
.notepad.pw/ Name: _gat_UA-153530698-1
Value: 1
.notepad.pw/ Name: _ga
Value: GA1.1.1878714221.1686100048
.notepad.pw/ Name: _ga_0E2CT7YLRP
Value: GS1.1.1686100048.1.0.1686100048.0.0.0
notepad.pw/ Name: typography
Value: %7B%22sp_class%22%3A%22not-active%22%7D
.notepad.pw/ Name: _awl
Value: 2.1686100048.5-5fac862d707fed9251bf3266435eb00f-6763652d75732d6561737431-0
.scorecardresearch.com/ Name: UID
Value: 120ad589bd028d0942ac00e1686100048
.intentiq.com/ Name: IQver
Value: 1.9
.intentiq.com/ Name: intentIQCDate
Value: 1686100050999
notepad.pw/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.notepad.pw/ Name: cookie
Value: 0ae1f383-bc18-4283-9a01-9274f39249e1
notepad.pw/ Name: _lr_retry_request
Value: true
notepad.pw/ Name: _lr_env_src_ats
Value: false
.adsrvr.org/ Name: TDID
Value: 3cb465a7-33d3-4284-ad3f-52bfa548d86e
.intentiq.com/ Name: CSDT
Value: UEQ6MTUwNzJfMCZUZ1M3ejFn
.intentiq.com/ Name: IQPData
Value: 2503514553#1686100051168#0#1686100051168
.intentiq.com/ Name: ASDT
Value: 0
.openx.net/ Name: i
Value: 1d44e670-3b8f-441f-b6b3-592864179649|1686100051
.intentiq.com/ Name: intentIQ
Value: Facu28oFEq
.quantserve.com/ Name: mc
Value: 647fd853-5302e-54f64-d9598
.notepad.pw/ Name: __qca
Value: P0-172073062-1686100051172
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: f928bc9d91bda6bfc3c4e4c34f9c2a8b
.notepad.pw/ Name: _cc_id
Value: f928bc9d91bda6bfc3c4e4c34f9c2a8b
.notepad.pw/ Name: panoramaId_expiry
Value: 1686704851336
.notepad.pw/ Name: panoramaId
Value: 3fd04bcb7fd47ed3dea6070807bb16d5393821da3ef1273127b759613c958db4
.notepad.pw/ Name: panoramaIdType
Value: panoIndiv
.yieldmo.com/ Name: yieldmo_id
Value: gaa9be8318803ee25e3d%7C1686100051414%7C0%7C
.openx.net/ Name: univ_id
Value: 537072971|3cb465a7-33d3-4284-ad3f-52bfa548d86e|1686100051472276
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.adnxs.com/ Name: uuid2
Value: 7815982874283791367
.doubleclick.net/ Name: IDE
Value: AHWqTUlptkoiOhYtmOETfkQxuolcCGYVj6tX2pwuKrluBy46JZDja5C3jfEp9jgPgug
.amazon-adsystem.com/ Name: ad-id
Value: Aw_88a8mDkt9s2UyPCj123M
.rubiconproject.com/ Name: khaos
Value: LIL0FQ4J-B-K8AN
.openx.net/ Name: pd
Value: v2|1686100051|iKbwvPvMgahEgKkWg2gy
.notepad.pw/ Name: cto_bundle
Value: jmbjsF9iZVVNV1FiWDFzcFZ1R00wMkRSV2RKMEVvQUI4UEdkT1pFUGZtUndHUVhva0tDVTJDU0pybkZyWSUyRkF2czlMc09HMHpNZFNKSjhwNXo1OWVKR3F4RyUyQkF5cnp1ZVolMkJ1amdvRXVMc1U5TlMwdCUyQkd6NEkzeWE1UHhaN2IwazlqT3pZ
.notepad.pw/ Name: cto_bidid
Value: W-uTzV9WQkRvVTNiSGI1bEpya1ZVeHQ2UklKWlZ5aUR6RnA3QkJ3T0FsWlBqWlVpemNNR3JESUJZVlh4SGZWV1FpV21PYWR3ZVo5Nk1QaTRLaSUyQkxLMDJXcEFnJTNEJTNE
.contextweb.com/ Name: V
Value: c7gHZ6CzcKcL
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 5a72d1c0969ca786
.3lift.com/ Name: tluid
Value: 1210305347838173658572
.sharethrough.com/ Name: stx_user_id
Value: 75edbeff-d036-4ef2-8cfc-787161973880
.yellowblue.io/ Name: wrvUserID
Value: qAS83E_akp_s
.ads.yieldmo.com/ Name: rptr
Value: c%3D1171742%7Ct%3D1171742%7Cdv360%3D1171742%7Cpub%3D1171742%7Can%3D1171742
.yahoo.com/ Name: A3
Value: d=AQABBFPYf2QCEP0QK7q8P5SvfjbgpBpfCqkFEgEBAQEpgWSJZAAAAAAA_eMAAA&S=AQAAAj2v_yO9dAS-1Z7NUmnMjW4
.bidswitch.net/ Name: c
Value: 1686100051
.bidswitch.net/ Name: tuuid_lu
Value: 1686100051
.casalemedia.com/ Name: CMID
Value: ZH-YU0MnngF9U4.-BkqG6QAA
.casalemedia.com/ Name: CMPS
Value: 3436
.casalemedia.com/ Name: CMPRO
Value: 3436
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZH-YUwAPzWGz7QBL
.bidr.io/ Name: bito
Value: AACa5U7I_7EAACHSRjBZpw
.bidr.io/ Name: bitoIsSecure
Value: ok
.bidswitch.net/ Name: tuuid
Value: c16a41c7-4743-4474-9cc0-204cc718bc2e
.simpli.fi/ Name: suid
Value: F85E199DA9AF4AFEBDD5457935717FEC
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.pubmatic.com/ Name: SyncRTB3
Value: 1687305600%3A220
.rlcdn.com/ Name: pxrc
Value: CNOw/6MGEgUI6AcQABIFCOhHEAA=
.turn.com/ Name: uid
Value: 2923935608525020492
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 8077D456-AB2D-4723-BFBF-C06A08DCDD97
.ads.yieldmo.com/ Name: ptran
Value: 7815982874283791367
.ads.yieldmo.com/ Name: ptrt
Value: 3cb465a7-33d3-4284-ad3f-52bfa548d86e
.ads.yieldmo.com/ Name: ptrc
Value: CAESEC1FSczlkcnkioCBFXfWHQs
.33across.com/ Name: 33x_ps
Value: u%3D212180027127482%3As1%3D1686100051869%3Ats%3D1686100051869
.zemanta.com/ Name: zuid
Value: pDDtIf2CLiRZz_B3Uym4
.pippio.com/ Name: did
Value: ghBDXIvEIii70Sdo
.pippio.com/ Name: didts
Value: 1686100051
.pippio.com/ Name: nnls
Value:
.adsrvr.org/ Name: TDCPM
Value: CAESGwoMc2hhcmV0aHJvdWdoEgsInICWp7O_8zsQBRIWCgdydWJpY29uEgsI8PXZqLO_8zsQBRgBIAIoAjILCJz4mNTJv_M7EAU4AVoMc2hhcmV0aHJvdWdoYAI.
.pubmatic.com/ Name: pi
Value: 160648:3
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 2
.media.net/ Name: visitor-id
Value: 3291016511455375000V10
.bluekai.com/ Name: bku
Value: ikG99aER4tu7lrWY
.bluekai.com/ Name: bkpa
Value: KJyWy1N03M9D9mY70Pl3K9J0B6b7WAT1A39z/Ysqeiv51FfDWPpQ6d5qMLwDnTsFGFX4yl7pWsJulhO7xIc4UN+Kpq4Qlf1deXdBppx2HLRdsu9ewvlsI5T+lFt+FDd+GFr21zeUtedcI5ThyBwNNPdSQxatf4PbSgLn9txzpTynLTV5YAu8DTfVUoH8qxAYMkGfvjrLNsMk7ZKGiXgsVuk1Ss75z1ogVbTqqgvx5Mv//T1AxvzrXKumePzS7zh2sCo6DFZLuE08R0QyE8t1KHpk+q4fQYveJYY/WNP9xgTQjSuAirYxc3oWxlN9Vb3d9xYRgPVt
.pippio.com/ Name: pxrc
Value: CNSw/6MGEgQIAhAAEgYI7OsBEAA=
.analytics.yahoo.com/ Name: IDSYNC
Value: "18za~2c2p:19c8~2c2p:175w~2c2p"
.lijit.com/ Name: ljtrtbexp
Value: eJyrVrI0V7IyNLMwNzawNDM10lEyQuVamKDxzdCUQ%2FhmhibGRqZGtQCRFRBF
.lijit.com/ Name: ljt_reader
Value: GxfjdPZHCg0YPLD4SlG5kJLQ
.w55c.net/ Name: wfivefivec
Value: LoKjzVEo1Q6HE85
.dotomi.com/ Name: DotomiTest
Value: 4efd797f2241146a
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.w55c.net/ Name: matchcasale
Value: 5
s2s.t13.io/ Name: uids
Value: eyJ1aWRzIjp7fSwidGVtcFVJRHMiOnsiYWRueHMiOnsidWlkIjoiNzgxNTk4Mjg3NDI4Mzc5MTM2NyIsImV4cGlyZXMiOiIyMDIzLTA2LTIxVDAxOjA3OjMxLjYyNDgxMzA1OVoifSwiZ3JpZCI6eyJ1aWQiOiJjMTZhNDFjNy00NzQzLTQ0NzQtOWNjMC0yMDRjYzcxOGJjMmUiLCJleHBpcmVzIjoiMjAyMy0wNi0yMVQwMTowNzozMS44MjQ0MjA4NzVaIn0sInNvdnJuIjp7InVpZCI6Ikd4ZmpkVFpIbHRJVktfeXJUVXlqWUQ1byIsImV4cGlyZXMiOiIyMDIzLTA2LTIxVDAxOjA3OjMyLjE2MDA5OTI0NloifSwieWllbGRtbyI6eyJ1aWQiOiJnYWE5YmU4MzE4ODAzZWUyNWUzZCIsImV4cGlyZXMiOiIyMDIzLTA2LTIxVDAxOjA3OjMxLjQ1NDgyNzQ4OVoifX0sImJkYXkiOiIyMDIzLTA2LTA3VDAxOjA3OjMxLjQ1NDU1NTQwOFoifQ==
.linksynergy.com/ Name: rmuid
Value: a663e10e-13d2-4f94-8c31-661d0b506785
.linksynergy.com/ Name: icts
Value: 2023-06-07T01:07:32Z
.mookie1.com/ Name: id
Value: 10594155178242939413
.mookie1.com/ Name: mdata
Value: 1|10594155178242939413|1686100052177
.mookie1.com/ Name: ov
Value: 8885528463bec00d6389cd09d68ca03a
.lijit.com/ Name: _ljtrtb_49
Value: c7gHZ6CzcKcL
.lijit.com/ Name: _ljtrtb_92
Value: 7815982874283791367
.lijit.com/ Name: _ljtrtb_80
Value: LIL0FQ4J-B-K8AN
.sitescout.com/ Name: ssi
Value: 4c71c801-9e7a-463b-a501-72832b7479e9#1686100052222
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1l0k|2N.0.AAAHQKxeNNuRYgMzHn6EAAAAAAA|3oy.0|4is.0.CAESEDi7cOvTR33x4zPGT8aG7c8|7TY.0|7dW.0.1
.lijit.com/ Name: _ljtrtb_43
Value: fVtQ9C9XUqFmWlSieQpKp38JUaZmC16nclcTGFUm
.id5-sync.com/ Name: id5
Value: 2223f684-ddf0-7771-b50b-98417a017962#1686100052097#2
.id5-sync.com/ Name: 3pi
Value:
.id5-sync.com/ Name: callback
Value:
.lijit.com/ Name: _ljtrtb_2
Value: F85E199DA9AF4AFEBDD5457935717FEC
.linkedin.com/ Name: bcookie
Value: "v=2&07ace9ca-56bd-4c08-85dd-3dda6f876557"
.linkedin.com/ Name: lidc
Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2530:u=1:x=1:i=1686100052:t=1686186452:v=2:sig=AQFXy-OxYLDgxopt_K3-1eFZSIbkkRMJ"
.lijit.com/ Name: _ljtrtb_84
Value: c:f21217002e595075617a00b02bb9c17a
.rlcdn.com/ Name: rlas3
Value: XgIWPqR8d/eyfpCJfaODJI6/cLXgPZZ1/BTM0qfomEA=
.ads.yieldmo.com/ Name: ptrpub
Value: 8077D456-AB2D-4723-BFBF-C06A08DCDD97
.sitescout.com/ Name: _ssuma
Value: eyI0OCI6MTY4NjEwMDA1MjI0NywiMzkiOjE2ODYxMDAwNTIyNDcsIjciOjE2ODYxMDAwNTIyNDd9
.mfadsrvr.com/ Name: tuuid
Value: ba658bda-4254-4c02-9d25-6617f85ca7bf
.mfadsrvr.com/ Name: c
Value: 1686100052
.mfadsrvr.com/ Name: tuuid_lu
Value: 1686100052
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005%22%2C%22nxtrdr%22%3Afalse%7D
.mfadsrvr.com/ Name: ssh
Value: !sovrn,1686100052
.notepad.pw/ Name: __gads
Value: ID=ad57f46624f28b66:T=1686100051:RT=1686100051:S=ALNI_MYThVquHj0dSBD71en-ersoLTneSw
.notepad.pw/ Name: __gpi
Value: UID=00000c445d1b96d6:T=1686100051:RT=1686100051:S=ALNI_MYEUfRv9VWCxbFLk3nTBh-XS4RFnw
.lijit.com/ Name: _ljtrtb_87
Value: ba658bda-4254-4c02-9d25-6617f85ca7bf
.rubiconproject.com/ Name: audit
Value: 1|mFVHqHkj5bGf0ZgCaLNYIO1WuCoMxA8a+JUixCbOKdqrcd0du2tcB9r+mYPxErzRz+B6NH8MlzJ+22PMJ64WaoC1ETSYCCMLDDOYHvmIfN4=
.tapad.com/ Name: TapAd_TS
Value: 1686100052362
.tapad.com/ Name: TapAd_DID
Value: 87a87c2a-094e-49be-941b-a1b2a399fe5c
.creativecdn.com/ Name: ts
Value: 1686100052
.creativecdn.com/ Name: u
Value: c89XTBUzfWYQOX8PB30e
.lijit.com/ Name: _ljtrtb_85
Value: AACa5U7I_7EAACHSRjBZpw
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.lijit.com/ Name: _ljtrtb_16
Value: 4c71c801-9e7a-463b-a501-72832b7479e9-647fd854-4341
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005%22%7D
.deepintent.com/ Name: CDIUSER
Value: di_1f23856a56584a64ba710
.lijit.com/ Name: _ljtrtb_97
Value: RX-5d45bb4d-4890-4499-baef-36a3b58df6ee-005
.lijit.com/ Name: _ljtrtb_86
Value: c89XTBUzfWYQOX8PB30e
pool.admedo.com/ Name: tuuid
Value: b83ace26-fe42-4bc8-b3fd-d82479a796c6
pool.admedo.com/ Name: c
Value: 1686100052
pool.admedo.com/ Name: tuuid_lu
Value: 1686100052
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2GVInT7H<!]tbPl1M>e)ZlrFUfJ+tGXxpWS/rDCQT!m3E^QyJ@ko>]Tbwknc?0!Gwyn#83If)y3KL9D3I?+fh80-V
.lijit.com/ Name: _ljtrtb_26
Value: c16a41c7-4743-4474-9cc0-204cc718bc2e
match.sharethrough.com/ Name: AWSALBCORS
Value: 1qz9f1Op0SRQTG3watpVp6WV1ad2AAfTrhT0Wcop7KPWSm8eGWC9vQ4hRCQI351UWy0uFTHPDb9MiyxGJaHFl6kwXX55qC8cHObV/nUWKmdbUy42cuBfXt/HB1rE
.quantserve.com/ Name: d
Value: EEQBEAGWKYEM6owQ
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjG0MDY1NjG2NDe3MDc0NjY1txDiM9Qt9TV1KXDLrMjM8YwAAONaoVolAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_-OSMXR2dA129fUvSQ5OzA4JijfO0s0xyTM0SfX0swjiNTSzMDM0MDAwNbIwsHjFiMoHALRphPc9AAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjG0MDY1NjG2NDe3MDc0NjY1txDiM9Qt9TV1KXDLrMjM8YwAAONaoVolAAAA
.rfihub.com/ Name: euds
Value: H4sIAAAAAAAA_-OSMXR2dA129fUvSQ5OzA4JijfO0s0xyTM0SfX0swAA4BtPMh4AAAA
.lijit.com/ Name: ljtrtb
Value: eJwdkN1u2zAMhd%2FF1yOgH1Ike2cn8dom2Ja2brPcDJJsDxuaIQMGDOiwdx%2B1G4E6%2BnRInj9d6G66UWjnVbe99iP2427YbgmJNRJ7Hneb7l0XknHVp4y%2BMiBjBLQTtFYHwWGt7KXUsBjrG4smVHEedOEMmGKBTHblIDEURtZFISGvsxACRvT2E7V14a%2B357R5q%2Ft6ME2caYe7gxuPeA8D7KX%2FYLK2wVk8qQRhNFdWHxO3H9hcbtbgg2fnwkJKjil5zs4VF0rRanUjyci%2B32Sa%2BO4L76y8fXz4Ppyvv1sLtteHE9CMVArOgKLO1laFkpcVYsqxkMxrWhZwjprh%2F5hET0%2FD9La%2BfD5%2BPMmnIboWizS7khNJmS2R0NauLoDOgSDZdKtQzVzWFkQ0dn3%2BddSNnqaf4%2BXl9fHbcrzur1Hup3y%2BbHz6UV%2Fr0%2FtxunR%2F%2FwGqGnDg

2 Console Messages

Source Level URL
Text
javascript error URL: https://notepad.pw/uSxZEEteQ7lmCihnRoNJ
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=106' from origin 'https://notepad.pw' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=106
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

895d3f04805b193aa741a891262a14ff.safeframe.googlesyndication.com
a.pub.network
a.rfihub.com
aa.agkn.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ads.pubmatic.com
ads.stickyadstv.com
ads.yieldmo.com
adservice.google.ca
adservice.google.com
aorta.clickagy.com
ap.lijit.com
api.btloader.com
api.floors.dev
api.intentiq.com
api.rlcdn.com
b1sync.zemanta.com
bcp.crwdcntrl.net
beacon.krxd.net
bh.contextweb.com
btloader.com
c.amazon-adsystem.com
c.bing.com
c.pub.network
c2shb.pubgw.yahoo.com
cdn.confiant-integrations.net
cdn.hadronid.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.websitepolicies.io
cdnjs.cloudflare.com
ce.lijit.com
cm.g.doubleclick.net
cm.rtbsystem.com
cms.quantserve.com
creativecdn.com
cs-server-s2s.yellowblue.io
cs.media.net
cs.yellowblue.io
cumbersomecarpenter.com
d.pub.network
dis.criteo.com
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
eb2.3lift.com
esp.rtbhouse.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
freestar-io.videoplayerhub.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
htlb.casalemedia.com
ib.adnxs.com
ice.360yield.com
id.geistm.com
id.hadron.ad.gt
id.rlcdn.com
id5-sync.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
images.outbrainimg.com
invstatic101.creativecdn.com
lb.eu-1-id5-sync.com
live.notepad.pw
loadus.exelator.com
log.outbrainimg.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
mcdp-sadc1.outbrain.com
mug.criteo.com
notepad.pw
oa.openxcdn.net
oajs.openx.net
odb.outbrain.com
odr.mookie1.com
onetag-sys.com
optimise.net
pagead2.googlesyndication.com
pippio.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pm.w55c.net
pool.admedo.com
pr-bh.ybp.yahoo.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
ps.eyeota.net
pulsepoint-match.dotomi.com
px.ads.linkedin.com
rtb.mfadsrvr.com
rtb.openx.net
rules.quantcount.com
s.ad.smaato.net
s.amazon-adsystem.com
s0.2mdn.net
s2s.t13.io
sb.scorecardresearch.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stags.bluekai.com
static.adsafeprotected.com
sync-amz.ads.yieldmo.com
sync-jp.im-apps.net
sync-pm.ads.yieldmo.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.go.sonobi.com
sync.inmobi.com
sync.intentiq.com
sync.ipredictive.com
sync.mathtag.com
sync.targeting.unrulymedia.com
syncv4.intentiq.com
tags.crwdcntrl.net
tags.rd.linksynergy.com
tcheck.outbrainimg.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
widget-pixels.outbrain.com
widgets.outbrain.com
wpcc.io
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.websitepolicies.io
x.bidswitch.net
aa.agkn.com
ads.pubmatic.com
api.rlcdn.com
b1sync.zemanta.com
beacon.krxd.net
bh.contextweb.com
c.bing.com
cm.g.doubleclick.net
cm.rtbsystem.com
cms.quantserve.com
creativecdn.com
dis.criteo.com
dpm.demdex.net
dsp.adfarm1.adition.com
ib.adnxs.com
ice.360yield.com
id.geistm.com
id.rlcdn.com
id5-sync.com
idsync.rlcdn.com
image8.pubmatic.com
images.outbrainimg.com
loadus.exelator.com
match.adsrvr.org
mcdp-sadc1.outbrain.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
ps.eyeota.net
rtb.mfadsrvr.com
s.ad.smaato.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
sync-jp.im-apps.net
sync.crwdcntrl.net
u.openx.net
ups.analytics.yahoo.com
widgets.outbrain.com
x.bidswitch.net
104.127.172.242
104.18.25.185
107.178.254.65
108.138.128.124
108.139.47.49
13.226.34.62
130.211.23.194
141.95.33.111
142.250.65.198
142.250.65.226
142.250.80.34
146.75.34.132
151.101.194.49
151.139.128.11
162.19.138.116
162.248.18.32
162.248.18.37
169.197.150.7
18.164.108.196
18.164.116.98
18.164.98.157
18.205.123.156
18.211.132.19
185.184.8.90
192.40.39.223
198.148.27.140
199.127.204.171
199.38.167.131
20.127.253.7
207.198.113.204
23.197.21.62
23.215.40.23
23.215.41.170
23.215.41.73
23.64.21.88
23.92.190.74
2600:1901:0:328a::1
2600:1f18:4e9:5a01:57e7:e371:5d38:89ec
2600:9000:21dd:6600:6:44e3:f8c0:93a1
2600:9000:23ca:0:8:48e:53c0:93a1
2600:9000:23cb:4e00:1b:6b7d:2300:93a1
2602:803:c002:200::116
2606:4700:10::6816:3556
2606:4700:10::6816:545
2606:4700:10::ac43:246e
2606:4700:20::681a:78b
2606:4700:20::681a:832
2606:4700:20::ac43:4513
2606:4700:3031::6815:1ef3
2606:4700:3034::6815:137c
2606:4700:3034::ac43:c611
2606:4700:4400::ac40:99f6
2606:4700::6811:180e
2606:4700::6812:15ce
2606:ae80:1450:16::2040
2607:f8b0:4006:80d::2002
2607:f8b0:4006:80f::200e
2607:f8b0:4006:817::2001
2607:f8b0:4006:817::2002
2607:f8b0:4006:81c::2004
2607:f8b0:4006:81c::200a
2607:f8b0:4006:81e::2002
2607:f8b0:4006:820::2003
2607:f8b0:4006:820::2008
2607:f8b0:4006:821::2002
2607:f8b0:4006:824::2002
2607:f8b0:4006:824::2006
2620:100:a001::c
2620:112:f002:bbbb::21
2620:116:800b:21:1456:d0e1:7db4:a56b
2620:1ec:21::14
2a02:6ea0:c454::1
2a04:4e42:400::485
3.233.8.239
34.102.146.192
34.107.140.113
34.111.113.62
34.111.152.239
34.120.135.53
34.160.128.112
34.160.152.31
34.171.234.26
34.200.65.202
34.202.191.141
34.96.70.87
34.98.67.3
35.190.39.111
35.190.60.146
35.190.90.30
35.207.24.140
35.210.53.219
35.211.178.172
35.227.252.103
35.244.159.8
35.71.131.137
44.213.57.151
50.16.16.77
50.16.251.137
51.222.39.185
52.223.22.214
52.4.33.45
52.46.128.147
52.73.67.166
54.147.151.176
54.242.205.90
63.251.114.136
63.251.28.233
64.202.112.127
64.74.236.31
67.202.105.21
67.220.228.203
68.67.160.186
69.166.1.10
69.173.151.100
74.119.119.139
74.121.140.211
8.28.7.84
8.43.72.98
00aa695df9f0eb57abcca9881d8d83303f54e8a7f9b9be1d55d647dcecda24f8
00c70cff3fd21f8dd2e78511e7a61494a5957ba6daab50490314784fe1c7f481
06561bda77a1dd4753097c553958f27be60447681b02526b6c91544b6e8d039e
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0996ee07105c2448c5a9183bb8f2f9402cc60cbae16538724d0574a84d380588
0a7468c8590db5b9d0bf5301cbe0f6ab2825cd7425b8afdf0fc1f219cddfea50
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
0ec6510d989109184b53430be7b56d3c8e021a30d1e3074c76d755ea090fbfcb
10730811c5e6c638696bacac570f78c617aac67b3d8d0056714cf09a0c380a4d
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15917ae3b94b66bc36e1fd8f18752570c3d0d9d64bbfed23764670288b08e791
15a10961eed18ca044eb50fc117a606e972504d595f464b78f0ef359d017ef32
1a8919931b8b4ccc1fcb054f13f9fe77de773ffcd4d39c02f2c528b0c6f95552
1a9c7d6f24b3e74076e2ab43269fc80efa2cd53587e4f50f35216962f1c3d5cb
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1de73eb8bbaafba4f0c0df290c5ff936d026bc180b84919b9ac7885f8edc5c0d
1e9e62fa4a2bebc6cd0311b93fde6ec82d8d468c6daac0883272ff130d6421bc
1f6b6eac774c17644b4f4816d3039d16137665087c384e5d5b3d4b015fae7949
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28058f974e5807bfbb316a68d4e32b9d891b9a7eefdd834dd8d52f7bdbb7a261
2b60310189012686567c541c72a40acf74adb416bdc524008822d6c7c73ccd97
2ffd682978600218b840e3c6f9aeee91c676f7867e43723056e5873043332cb7
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
323058a0aa254af268a274e6bc5216bbdcdc827c009c6478dcf511e9b65b14e0
3300ffb6d0366a591ecd81493b38634aa807a43d7c84d3aa96ab9738ff0f1b85
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
33c1ab6a01b4049878497c2874d8cbb72e14ee7cf14fafec3c09b45f9874b67e
34a1ac8e32ded2b3b904fa0519c94bc0d6aea20236146bb5acfa4c60a895f7ce
34aff0229000197ac182288139f7bd04cb2d5e23ab4b6d37c2ba454c1138dc78
3551641c0239d5880e0ff1ed747aab53bf63c2954099d3ec4f34079473c0c414
3735e94afb2539b14515fdd10d7cc066cffa99d4b52762959e342295e08a770e
3b89401fea631023de67ae75bf8f246b1af109a9a4247c3862016949eacc462b
3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f8844d4689bf09cdc56f90d258d9c3607b6c0f062bf53db0ea3415f0d90f6ad
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
438f716fea0464247732f41161158f124399532de2a861749eaaaa3bda6dd44a
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
45f0f27fb78191006375051ee3046fae3105b652d11680432511cba61b32c330
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
487aec7746a83542b3573383df65747e31c494d8412103b5675329f3d4befaeb
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49552038fd4b93a14b230f5cc664423ae4d787a17ad159568af0baf240adf538
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bea3f2380e43853dc5987ca89b789793ee7644a7994e683bedef415cc385a63
4c7b884f7ad813ab071f360126fe9457cd75ff86ccee28c672a9bc04777c9a5c
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6a1772116a9df50a616452fa3b92615fc7617363e1a6e7cc16fc2a2cb8ff1f
4f3b933077b738b503f7543ffc82fa0a061f0fe7d0ff1470865fde561a324bcc
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda
56962bc48f2acb175c71b59298782cc1e841afb9f725986955105139e52078e9
5988eaae22120f97f63bc18a49f364e7863566e39a3c2151ce6982c171b13237
5a217a6233baa473011dee13badc4d4a3adb47833c0e9c926b4e222c083e32f9
5f02add46061bb37a4d3dd4eb3e19f4697f8b6463b61ef441b856844a3d7428d
5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
604c8ac85733ea3011ecf899d26755382dfc03b76d425899f02e6e0e5e3f1576
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6b4b1eb81b3ccc816c9daf9c0c95f7be3d060cb879f7095745c32b47031ad6c7
71def38900e14a55588ad551dfaff69945e688e5b5e7419d2e95fd3b0ab08e8d
73c99e6dcaeb871bb0b4958181aecd48c231c639b3a61230a548d5866ba64748
7640ea68730a2bc40616a49c2bfcbde39bc05f50662be6b27b434de566f7b9bb
7726d9d585fae7a7c2043351068557aa322f3744fd3cf9593127c49c60c08ab2
86ad42807f9939d3efabe3a79f19916fb9bcf014212ee9d169fa58c24e2a0fd6
8842c968bf1d952c933446a078e6103cae33b999b18bde05723590a5d91d7b46
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
89fc3373db42a9b16906f0fbe18c40cb287a64dbd10949ff5cb929e33e402b65
8b084e8bbf16a384a4dadf9caf4898e27db9eed5a5d378252a4d13b3c41f54f0
8bd69d0dddab8bc553263c254faad469c2a3e08bfb0b737e763f7feabe571225
8c2a54278c4cb87438f4a1c73242d727fc3eea82dc59abb393dd3937b17ce1d7
90223887289d9f9207ca6e8a12ec69c4c422fd481ef18a3742b64bf862de29be
9157edb728e39bc13861291d3dd90c3228adb53ce9532598f1ec8cf1fea5bd93
929701ed632814943e3df803ddd9e3f179ccf889c0ad7b7f3392bd8d109b174f
9318577a3483be547445e67d5a8c1ef5308bf90227c1615c9a3990bf82fe4683
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba56f5ffa579747efde1d2a429b325a9fb7220d30f4268e4a44ecbe4a9bf034
9da0fed77a1053951bc483aa73ea62fb3804786473defd3fb401678489608e7a
9e084759af1c8aa9b960d67e32ee3e5952ae2c532c0c83e80d2292782b85cacc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a30596690396eb97e9bcc62ba28042f9256665c41526ce5ddab8e6ce935b1e54
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a5e6f8c443f2972a9dc8895ab7376db278062c4972aca7cc3957dc46bddff1ae
a79fc2b881d270478835377ae9375c123c6911c17f8c2902eae4d0689479d34d
a7b5f5f96f81dea4efc53e1d4dae8b37c28bec27a45b42ccf604ee759e20caec
a91fca903f7f2a3d051f657b5b25baed4e99b6c1e51bfee63737f73ff54f2b7c
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
a9b8757ef83403b67a3f6d10da0c8f4259179fe48a775020aeb65ab9e1791cc3
ae8017866a6744d35f26aa9da389e9771d40bcae3ee65df4c1b5e16e57b09fda
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1c4706a9dc2e10615dbb97ea0bac27212753e77de3d721b6650339550d0da4e
b1f394404c3edaa9c55d673191a35e6c39af1fb01682181e49e19d6044902c72
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b60f65161ce3517c2794eecab25981c51ffbcbc951a781270403e2f3572d0290
b9f2957fe49b7c02d7a24812d13b78b151436cce176d78aaf6480e5a0b224e1d
c0c2ec1f2d626ab278d81abe34d30681f0007e8c79a890165f27e3e1550e99b7
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c61b54fb4bbf7083918be7066e50126d1a95e56ccc9be9fafd69deb50ac7424b
c67561901bb3313c5feaa2631feb552dc9b25419663ad669c6f04c5cc04cef3a
c6df03d6bd1a8ca1ce49d6b92d5fd80d5c1358191040696703718ce2054b1b2b
c91c370adc1a26d939df0936521af0aa7a90cf340308cf2f1ac56a4bedeea3b4
c9395ff8458051d8bac1886bcfb165c33a7f6976a9678bfa7db4210b4b91c62e
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e
c9d69c16657e693b274b6b2a9ce6dbf55e3d3ef9eef9411bcee32a2cb0e74ffd
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ce481022f9c5233e98210e2c88213be3c5efdfffff3149664e43e3cf54ee5517
ce93b22a842452f93c21916876a56758877c3501f51f54482104e909780dc2c6
cf2bfd3d70c08597ae7544a00faede24fe517518beaf3c756fd23e977cb35961
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf5c3facd1801fbc01714ccac981a1a8c9e4aa81d2e3270bbf4313c8bbf90983
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
d3f1f119eab957ff7b3c38932ab2e6a2c96fd4851169e77dec853ac30531dfc0
d47ab8b853eb7bc984b66b4ab30a1c214fe6bd59bcc40c2744476b337ba8ab56
d69c318c5a18ce860870df13878596d3d7bb7efd57b77a0f32b5478d1cfe1c52
d6c7b602a1154e624f534cd51b19b385fd624a2042ec17a548178a67da71cc18
d8e6a9b3d33e6cc38a76282cc624bb880c06d512313beb690881bcb98e78c9e7
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
da634ce7864c0ed82184e805f97112842458eb7ab26d82b0f16780e635392971
daebb3c78c6d2847ee5af8011f38f86d6198b1627abf42691b4cfdfbf7a8c9b5
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e23decabee8464b650d1d0241283ba0c469806e14a2199efc5bb41771cb673c1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f5130c846dd2b8362310a320f23c7f7969ac5cc50143e5d39ec4355a498597
e5455fe11eef6ea9da6fd8b89ec7d0376cf18b8d863a31fd6f4e13225055049a
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e92773045a6b526ce37b536c557e0cf9728c71a3b60ce7cb3f2060982754e3d4
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
e9fe5d51a31188be5d39bf8f8b1e454068933ac1b96f073fd399d76afd4627ff
eebc1e16930f8c02d8df7b36daf1d89122876c974d5599cc37d6f6c4b6c7519d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375
f984088ce31e693a3c993d64dc2ce177c8ffb938e12fded55c75424a013c2103
f9e9d6c9d3b76ddbbaf7cd44bbcb5e7c0eb9cdb69bb4c3895117f2341474b75f
feb093f173be5d927aefe7ff084083559160f8b7620ca5762c437c020d24f83d
ffe6df855df9c4400aba3d207778f8bd6d901f504eb04b59563af178a3fc8167
ffed8740954251d18d6b8a02ad791f06e961ff74a45f5a9319156b8865699824