urlscan.io logo urlscan.io
SecurityTrails logo

notepad.pw Open in urlscan Pro
2606:4700:30::681b:942f  Public Scan

Go To Rescan Add Verdict Report
URL: https://notepad.pw/hadc18z0
Submission: On March 02 via manual from RO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 4 countries across 8 domains to perform 24 HTTP transactions. The main IP is 2606:4700:30::681b:942f, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is notepad.pw.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on August 29th 2018. Valid for: a year.
This is the only time notepad.pw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 2606:4700:30:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 23.111.10.140 33438 (HIGHWINDS2)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 178.128.255.150 14061 (DIGITALOC...)
1 94.31.29.32 33438 (HIGHWINDS2)
1 2 172.217.16.166 15169 (GOOGLE)
24 9
8    2606:4700:30::681b:942f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
notepad.pw
live.notepad.pw
1    2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
8    2606:4700::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
1    23.111.10.140 (Phoenix, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
cdn.carbonads.com
1    2606:4700::6813:c797 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
2    2a00:1450:4001:825::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com
1    178.128.255.150 (Greece)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)
PTR: srv-eu-nl-11.buysellads.com
srv.carbonads.net
1    94.31.29.32 (United Kingdom)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
PTR: 94.31.29.32.IPYX-077437-ZYO.above.net
cdn4.buysellads.net
2    172.217.16.166 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s11-in-f166.1e100.net
ad.doubleclick.net
Domain Requested by
9 cdnjs.cloudflare.com notepad.pw
4 live.notepad.pw cdnjs.cloudflare.com
4 notepad.pw notepad.pw
2 ad.doubleclick.net 1 redirects notepad.pw
2 fonts.gstatic.com notepad.pw
cdnjs.cloudflare.com
1 cdn4.buysellads.net notepad.pw
1 srv.carbonads.net cdn.carbonads.com
1 cdn.carbonads.com notepad.pw
1 fonts.googleapis.com notepad.pw
24 9

This site contains links to these domains. Also see Links.

Domain
about.notepad.pw
srv.carbonads.net
carbonads.net
www.facebook.com
twitter.com
reddit.com
Subject Issuer Validity Valid
notepad.pw
CloudFlare Inc ECC CA-2		 2018-08-29 -
2019-08-29		 a year crt.sh
*.googleapis.com
Google Internet Authority G3		 2019-02-13 -
2019-05-08		 3 months crt.sh
ssl412106.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-03-02 -
2019-09-08		 6 months crt.sh
*.carbonads.com
COMODO RSA Domain Validation Secure Server CA		 2018-03-12 -
2020-04-08		 2 years crt.sh
*.google.com
Google Internet Authority G3		 2019-02-13 -
2019-05-08		 3 months crt.sh
*.carbonads.net
COMODO RSA Domain Validation Secure Server CA		 2018-10-13 -
2019-10-13		 a year crt.sh
cdn4.buysellads.net
COMODO RSA Domain Validation Secure Server CA		 2018-08-27 -
2019-08-30		 a year crt.sh
*.doubleclick.net
Google Internet Authority G3		 2019-02-13 -
2019-05-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://notepad.pw/hadc18z0
Frame ID: FEFE20FA12290A38E1BE1F710E7EB926
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • env /^io$/i
Overall confidence: 100%
Detected patterns
  • env /^angular$/i
Overall confidence: 100%
Detected patterns
  • env /^io$/i
Overall confidence: 100%
Detected patterns
  • env /^_bsa/i
Overall confidence: 100%
Detected patterns
  • env /^_carbonads/i
Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+ionicons(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

24
Requests

100 %
HTTPS

56 %
IPv6

8
Domains

9
Subdomains

9
IPs

4
Countries

413 kB
Transfer

717 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://ad.doubleclick.net/ddm/trackimp/N728909.734586CARBONADS.NET/B20652854.213032112;dc_trk_aid=416746103;dc_trk_cid=104372695;ord=155156819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua= HTTP 302
  • https://ad.doubleclick.net/ddm/trackimp/N728909.734586CARBONADS.NET/B20652854.213032112;dc_pre=CLjJrvjJ5OACFReWdwodbVUBSg;dc_trk_aid=416746103;dc_trk_cid=104372695;ord=155156819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request hadc18z0
notepad.pw/ 		13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4d73d0a9ce1ec498d109ee3efff3b572c4b52cfee696fc681898d3838e6aee2

Request headers

:method
GET
:authority
notepad.pw
:scheme
https
:path
/hadc18z0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Sat, 02 Mar 2019 23:09:53 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193; expires=Sun, 01-Mar-20 23:09:53 GMT; path=/; domain=.notepad.pw; HttpOnly pad_cookie=24b1a7685cf32826a19f8593bc2f6f957be3cc67; expires=Sun, 03-Mar-2019 23:11:44 GMT; Max-Age=86400; path=/; HttpOnly
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4b170a790bb4beee-FRA
content-encoding
br
css
fonts.googleapis.com/ 		5 KB
758 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
0c4592cb56bec1a745568b3dd0746818ec4cb08e996c96175e7abd37d774dc8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Sat, 02 Mar 2019 23:09:53 GMT
server
ESF
access-control-allow-origin
*
date
Sat, 02 Mar 2019 23:09:53 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
1; mode=block
expires
Sat, 02 Mar 2019 23:09:53 GMT
global.css
notepad.pw/content/css/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://notepad.pw/content/css/global.css?229
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
06e82371b1f0e8c6f998dee7a0dd26077866f989a138908b11f4b03da47d31aa

Request headers

:path
/content/css/global.css?229
pragma
no-cache
cookie
__cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193; pad_cookie=24b1a7685cf32826a19f8593bc2f6f957be3cc67
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/css,*/*;q=0.1
cache-control
no-cache
:authority
notepad.pw
referer
https://notepad.pw/hadc18z0
:scheme
https
:method
GET
Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 02 Oct 2017 03:48:05 GMT
server
cloudflare
etag
W/"59d1b6f5-1821"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
public, max-age=31536000
cf-polished
origSize=6177
cf-bgj
minify
cf-ray
4b170a7abe05beee-FRA
expires
Sun, 01 Mar 2020 23:09:53 GMT
normalize.min.css
cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/ 		2 KB
952 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:24:31 GMT
server
cloudflare
etag
W/"5afd4a4f-8a8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7aba7197aa-FRA
served-in-seconds
0.000
ionicons.min.css
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ 		50 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:20:52 GMT
server
cloudflare
etag
W/"5afd4974-c854"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7aba7297aa-FRA
served-in-seconds
0.001
logo-dark.png
notepad.pw/content/images/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://notepad.pw/content/images/logo-dark.png
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda

Request headers

:path
/content/images/logo-dark.png
pragma
no-cache
cookie
__cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193; pad_cookie=24b1a7685cf32826a19f8593bc2f6f957be3cc67
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
notepad.pw
referer
https://notepad.pw/hadc18z0
:scheme
https
:method
GET
Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
cf-cache-status
HIT
last-modified
Thu, 30 Aug 2018 21:59:20 GMT
server
cloudflare
etag
"5b8868b8-57f4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
4b170a7abe08beee-FRA
content-length
22516
expires
Sun, 01 Mar 2020 23:09:53 GMT
carbon.js
cdn.carbonads.com/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.carbonads.com/carbon.js?serve=CK7IT277&placement=notepadpw
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.10.140 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
3a6c27a6d8f7fce4f236beffe2d14446e08c2031a7b7d8a42a89a93111ba2d18

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 02 Mar 2019 23:09:53 GMT
Content-Encoding
gzip
Last-Modified
Tue, 26 Feb 2019 20:42:24 GMT
Server
NetDNA-cache/2.2
ETag
W/"9445-582d218309182"
Vary
Accept-Encoding
X-Cache
HIT
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
keep-alive
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/ 		82 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-1499c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7aca7597aa-FRA
served-in-seconds
0.003
angular.min.js
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 		156 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:15:35 GMT
server
cloudflare
etag
W/"5afd4837-27130"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7aca7697aa-FRA
served-in-seconds
0.003
angular-cookies.min.js
cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/ 		1 KB
829 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.5.8/angular-cookies.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:15:33 GMT
server
cloudflare
etag
W/"5afd4835-5a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7aca7797aa-FRA
served-in-seconds
0.001
socket.io.min.js
cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/ 		68 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:26:47 GMT
server
cloudflare
etag
W/"5afd4ad7-10ec3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7aca7997aa-FRA
served-in-seconds
0.003
app.min.js
notepad.pw/content/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://notepad.pw/content/js/app.min.js?366
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e

Request headers

:path
/content/js/app.min.js?366
pragma
no-cache
cookie
__cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193; pad_cookie=24b1a7685cf32826a19f8593bc2f6f957be3cc67
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
notepad.pw
referer
https://notepad.pw/hadc18z0
:scheme
https
:method
GET
Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 30 Aug 2018 22:33:49 GMT
server
cloudflare
etag
W/"5b8870cd-2089"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=31536000
cf-ray
4b170a7abe0cbeee-FRA
expires
Sun, 01 Mar 2020 23:09:53 GMT
store.min.js
cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/store.js/1.3.20/store.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:26:51 GMT
server
cloudflare
etag
W/"5afd4adb-a35"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7ada8f97aa-FRA
served-in-seconds
0.004
clipboard.min.js
cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
content-encoding
br
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
last-modified
Thu, 17 May 2018 09:18:33 GMT
server
cloudflare
etag
W/"5afd48e9-2aa5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
cf-ray
4b170a7ada9b97aa-FRA
served-in-seconds
0.001
ionicons.ttf
cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ 		184 KB
185 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:c797 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css
Origin
https://notepad.pw

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
cf-cache-status
HIT
status
200
strict-transport-security
max-age=15780000; includeSubDomains
content-length
188508
last-modified
Thu, 17 May 2018 09:20:05 GMT
server
cloudflare
etag
"5afd4945-2e05c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/octet-stream
access-control-allow-origin
*
expires
Thu, 20 Feb 2020 23:09:53 GMT
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
4b170a7b083b9718-FRA
served-in-seconds
0.009
o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
fonts.gstatic.com/s/notosans/v8/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v8/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Origin
https://notepad.pw

Response headers

date
Thu, 21 Feb 2019 03:48:11 GMT
x-content-type-options
nosniff
last-modified
Tue, 19 Feb 2019 22:29:01 GMT
server
sffe
age
847302
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
10292
x-xss-protection
1; mode=block
expires
Fri, 21 Feb 2020 03:48:11 GMT
CK7IT277.json
srv.carbonads.net/ads/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://srv.carbonads.net/ads/CK7IT277.json?segment=placement:notepadpw&callback=_carbonads_go
Requested by
Host: cdn.carbonads.com
URL: https://cdn.carbonads.com/carbon.js?serve=CK7IT277&placement=notepadpw
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.128.255.150 , Greece, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
srv-eu-nl-11.buysellads.com
Software
//srv.buysellads.com /
Resource Hash
962be43d43490f18bfa30dda980bec5f1ad1eb61997b04f9036147ddc1955891

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 02 Mar 2019 23:09:53 GMT
Content-Encoding
gzip
Server
//srv.buysellads.com
Content-Length
969
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
/
live.notepad.pw/socket.io/ 		101 B
267 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=Mb0gybZ
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb2d3b45ba2ead317a01b6ec3d52a33300b8ca033b9765f8db84ff3d90b277aa

Request headers

:path
/socket.io/?EIO=3&transport=polling&t=Mb0gybZ
pragma
no-cache
cookie
__cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193
origin
https://notepad.pw
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
live.notepad.pw
referer
https://notepad.pw/hadc18z0
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://notepad.pw/hadc18z0
Origin
https://notepad.pw

Response headers

date
Sat, 02 Mar 2019 23:09:54 GMT
via
1.1 vegur
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/octet-stream
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
set-cookie
io=JE0Ge-e2GXAmim7gAMRD
cf-ray
4b170a7c0fddbeee-FRA
content-length
101
1546366186-1538007927-Monday-laptop_mac_red.png
cdn4.buysellads.net/uu/1/42500/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn4.buysellads.net/uu/1/42500/1546366186-1538007927-Monday-laptop_mac_red.png
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
94.31.29.32 , United Kingdom, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
94.31.29.32.IPYX-077437-ZYO.above.net
Software
NetDNA-cache/2.2 /
Resource Hash
7f03f63d7d57ed63a7956d9903da741297fbac23c3a3a9f3ec9b716880a46a49

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Mar 2019 23:09:53 GMT
last-modified
Tue, 01 Jan 2019 18:09:47 GMT
server
NetDNA-cache/2.2
x-amz-request-id
76AD063DCC9041A4
etag
"75e21ed4f83e8298f205fcac2b827874"
x-cache
HIT
content-type
image/png
status
200
cache-control
max-age=31104000
accept-ranges
bytes
content-length
48569
x-amz-id-2
Owjoz+1ZoaYd0jQTw7ialDsv5lS70TprDchXAUNKyp4LABgc1Sl7WW3Rku7TOsrGaQfIls5qO7s=
expires
Tue, 25 Feb 2020 23:09:53 GMT
B20652854.213032112;dc_pre=CLjJrvjJ5OACFReWdwodbVUBSg;dc_trk_aid=416746103;dc_trk_cid=104372695;ord=155156819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/trackimp/N728909.734586CARBONADS.NET/
Redirect Chain
  • https://ad.doubleclick.net/ddm/trackimp/N728909.734586CARBONADS.NET/B20652854.213032112;dc_trk_aid=416746103;dc_trk_cid=104372695;ord=155156819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
  • https://ad.doubleclick.net/ddm/trackimp/N728909.734586CARBONADS.NET/B20652854.213032112;dc_pre=CLjJrvjJ5OACFReWdwodbVUBSg;dc_trk_aid=416746103;dc_trk_cid=104372695;ord=155156819;dc_lat=;dc_rdid=;ta...
42 B
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/ddm/trackimp/N728909.734586CARBONADS.NET/B20652854.213032112;dc_pre=CLjJrvjJ5OACFReWdwodbVUBSg;dc_trk_aid=416746103;dc_trk_cid=104372695;ord=155156819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: notepad.pw
URL: https://notepad.pw/hadc18z0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.16.166 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s11-in-f166.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://notepad.pw/hadc18z0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 02 Mar 2019 23:09:53 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 02 Mar 2019 23:09:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/trackimp/N728909.734586CARBONADS.NET/B20652854.213032112;dc_pre=CLjJrvjJ5OACFReWdwodbVUBSg;dc_trk_aid=416746103;dc_trk_cid=104372695;ord=155156819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
302
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT
o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
fonts.gstatic.com/s/notosans/v8/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notosans/v8/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Noto+Sans:400,700
Origin
https://notepad.pw

Response headers

date
Thu, 21 Feb 2019 12:18:18 GMT
x-content-type-options
nosniff
last-modified
Tue, 19 Feb 2019 22:30:29 GMT
server
sffe
age
816695
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
10116
x-xss-protection
1; mode=block
expires
Fri, 21 Feb 2020 12:18:18 GMT
/
live.notepad.pw/socket.io/ 		5 B
62 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=Mb0gyeG&sid=JE0Ge-e2GXAmim7gAMRD
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a

Request headers

:path
/socket.io/?EIO=3&transport=polling&t=Mb0gyeG&sid=JE0Ge-e2GXAmim7gAMRD
pragma
no-cache
cookie
io=JE0Ge-e2GXAmim7gAMRD; __cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193
origin
https://notepad.pw
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
live.notepad.pw
referer
https://notepad.pw/hadc18z0
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://notepad.pw/hadc18z0
Origin
https://notepad.pw

Response headers

date
Sat, 02 Mar 2019 23:09:54 GMT
via
1.1 vegur
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/octet-stream
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
set-cookie
io=JE0Ge-e2GXAmim7gAMRD
cf-ray
4b170a7ce90bbeee-FRA
content-length
5
/
live.notepad.pw/socket.io/ 		2 B
69 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=Mb0gygM&sid=JE0Ge-e2GXAmim7gAMRD
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

:path
/socket.io/?EIO=3&transport=polling&t=Mb0gygM&sid=JE0Ge-e2GXAmim7gAMRD
pragma
no-cache
cookie
io=JE0Ge-e2GXAmim7gAMRD; __cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193
origin
https://notepad.pw
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
content-type
text/plain;charset=UTF-8
accept
*/*
cache-control
no-cache
:authority
live.notepad.pw
referer
https://notepad.pw/hadc18z0
:scheme
https
content-length
29
:method
POST
Referer
https://notepad.pw/hadc18z0
Origin
https://notepad.pw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

cf-ray
4b170a7dca3fbeee-FRA
date
Sat, 02 Mar 2019 23:09:54 GMT
via
1.1 vegur
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
text/html
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
set-cookie
io=JE0Ge-e2GXAmim7gAMRD
content-encoding
br
/
live.notepad.pw/socket.io/ 		4 B
61 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.notepad.pw/socket.io/?EIO=3&transport=polling&t=Mb0gygN&sid=JE0Ge-e2GXAmim7gAMRD
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/socket.io/1.4.8/socket.io.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:30::681b:942f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474

Request headers

:path
/socket.io/?EIO=3&transport=polling&t=Mb0gygN&sid=JE0Ge-e2GXAmim7gAMRD
pragma
no-cache
cookie
io=JE0Ge-e2GXAmim7gAMRD; __cfduid=d7d759174a1d8e211731c94aa9e4de5061551568193
origin
https://notepad.pw
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
live.notepad.pw
referer
https://notepad.pw/hadc18z0
:scheme
https
:method
GET
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://notepad.pw/hadc18z0
Origin
https://notepad.pw

Response headers

date
Sat, 02 Mar 2019 23:09:54 GMT
via
1.1 vegur
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
200
content-type
application/octet-stream
access-control-allow-origin
https://notepad.pw
access-control-allow-credentials
true
set-cookie
io=JE0Ge-e2GXAmim7gAMRD
cf-ray
4b170a7dca43beee-FRA
content-length
4

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| _carbonads function| _carbonads_go object| _carbon_where string| ignoretargeting function| _bsap_serving_callback function| $ function| jQuery object| angular function| io boolean| note_created boolean| password_set number| caret string| pad_key string| url_key number| version function| checkEnter function| swapsheets object| app object| store function| initiate_localStorage function| update_localStorage string| input_value

3 Cookies

Domain/Path Name / Value
notepad.pw/ Name: typography
Value: %7B%22sp_class%22%3A%22not-active%22%7D
notepad.pw/ Name: pad_cookie
Value: 24b1a7685cf32826a19f8593bc2f6f957be3cc67
.notepad.pw/ Name: __cfduid
Value: d7d759174a1d8e211731c94aa9e4de5061551568193

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
cdn.carbonads.com
cdn4.buysellads.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
live.notepad.pw
notepad.pw
srv.carbonads.net
172.217.16.166
178.128.255.150
23.111.10.140
2606:4700:30::681b:942f
2606:4700::6813:c597
2606:4700::6813:c797
2a00:1450:4001:820::200a
2a00:1450:4001:825::2003
94.31.29.32
06e82371b1f0e8c6f998dee7a0dd26077866f989a138908b11f4b03da47d31aa
0c4592cb56bec1a745568b3dd0746818ec4cb08e996c96175e7abd37d774dc8c
0da7fc1ae23678b2872653962d147fcd1cbd0a5a9c8f84d44ae99bc581fd9062
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2ba7f20b1d8990e17a47fe3d88e4c766628aaa2baf1dd30fca0a0db59836f5f9
3a6c27a6d8f7fce4f236beffe2d14446e08c2031a7b7d8a42a89a93111ba2d18
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
560ee8213cda78828e88fbcbe2fbe6d3337d563384ea57d344ce3e3559da1dda
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
7f03f63d7d57ed63a7956d9903da741297fbac23c3a3a9f3ec9b716880a46a49
888b41bb493f82bc787b507deee35df8a9dca32d9f59e5e4434334bb04aa1e17
962be43d43490f18bfa30dda980bec5f1ad1eb61997b04f9036147ddc1955891
a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474
c9c41579990e491b31185c662e701facbcd6dab9ec0b06edef8feec2f981812e
cb2d3b45ba2ead317a01b6ec3d52a33300b8ca033b9765f8db84ff3d90b277aa
d23807344428eec21271b708fcf73919827e568b0a335989f9f2348ae4356bd1
d4d73d0a9ce1ec498d109ee3efff3b572c4b52cfee696fc681898d3838e6aee2
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
e92af41ea36051ffe9f3c83abec97cec2ac09cdaa2396863958e8b4bc8de5870
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f79dfaabb417f7b777458a24663c5075dd1e56026e20578a0d74568b3c762375