www.notepad.pw Open in urlscan Pro
151.139.128.11  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request o0dmsyt1r Show response www.notepad.pw/share/	216 KB 86 KB	449ms 337ms	Document text/html	151.139.128.11 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software fbs / Resource Hash a021b21d126fb4032062da89a2ed526474395f3a7dacb8ff98c7d330e43ed932 Request headers :method GET :authority www.notepad.pw :scheme https :path /share/o0dmsyt1r pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 04 Dec 2020 11:27:54 GMT cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 set-cookie SPSI=06f316f4625d8d7d253bd0ffc05743e2; path=/; HttpOnly; SPSE=Q4ocsbudFlZK8EiToVA27XW7GYmVBU16SsiMTFqpU0Fk0qaJfmini9ToDfyICUsEYh2szKAbCNAdOmne7HrTOg==; path=/; HttpOnly; spcsrf=6299057e0ee332fd2e392ae1113106f2; path=/; SameSite=Strict; HttpOnly; expires=Fri, 04-Dec-20 13:27:54 GMT adOtr=obsvl; path=/; expires=Thu, 2 Aug 2001 20:47:11 UTC UTGv2=D-h439c483cd70b82c30ae6c1777d56a8efc34; path=/; expires=Sat, 04-Dec-21 11:27:54 GMT pad_cookie=b567055736ff2b5adfeb91bba1f37e2a99a04523; expires=Fri, 04-Dec-2020 13:29:14 GMT; Max-Age=7200; path=/; HttpOnly sp_lit=sgeIYRXDg5hGrf+wgLCCLg==; path=/; SameSite=Strict; HttpOnly; expires=Fri, 04-Dec-20 11:32:54 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server fbs access-control-allow-origin * x-hw 1607081274.cds004.lo4.hn,1607081274.cds003.lo4.sc,1607081274.cdn2-wafbe01-lhr1.stackpath.systems.-.wx,1607081274.cds003.lo4.p
GET H2	200	css fonts.googleapis.com/	5 KB 802 B	15ms 14ms	Stylesheet text/css	2a00:1450:4001:820::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Noto+Sans:400,700 Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:820::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 51839cd54fbd59d491d731aa9f28bf46a0c44fd332a461e267e2e61c247adf1c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff last-modified Fri, 04 Dec 2020 10:00:24 GMT server ESF link <https://fonts.gstatic.com>; rel=preconnect; crossorigin date Fri, 04 Dec 2020 11:27:54 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 expires Fri, 04 Dec 2020 11:27:54 GMT
GET H2	200	normalize.min.css cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/	2 KB 1 KB	41ms 25ms	Stylesheet text/css	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/normalize/6.0.0/normalize.min.css Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 04 Dec 2020 11:27:54 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 169280 cross-origin-resource-policy cross-origin vary Accept-Encoding content-length 742 cf-request-id 06cf1b44e5000018e5bf89c000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:13:31 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03f2b-8a8" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ynweogc98ZgKyucq2tlH3qRg7Es9VlZIrrrNhbsad6H4EbjUISKUANWiUREa%2FMugsXUYLZsoC%2FfERnmMJLzsuBZazdGOEK07Mpod%2FrOwS2IxUfUTFpPzsLrWC9jNO6Klsg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes cf-ray 5fc52e4e390618e5-FRA expires Wed, 24 Nov 2021 11:27:54 GMT
GET H2	200	new-main.css www.notepad.pw/content/css/	8 KB 2 KB	241ms 241ms	Stylesheet text/css	151.139.128.11 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://www.notepad.pw/content/css/new-main.css?73 Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software fbs / Resource Hash 4fa641e423a7b9c1027389af5f3a74671a49265554c566e0a20173932a2368f8 Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 04 Dec 2020 11:27:54 GMT content-encoding gzip last-modified Thu, 29 Sep 2016 03:03:34 GMT server fbs etag "57ec8486-20b5" x-hw 1607081274.cds004.lo4.hn,1607081274.cds235.lo4.sc,1607081274.cdn2-wafbe03-lhr1.stackpath.systems.-.wx,1607081274.cds235.lo4.p content-type text/css access-control-allow-origin * accept-ranges bytes
GET H2	200	ionicons.min.css cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/	50 KB 7 KB	29ms 14ms	Stylesheet text/css	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 04 Dec 2020 11:27:54 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 25616 cross-origin-resource-policy cross-origin vary Accept-Encoding content-length 6642 cf-request-id 06cf1b44e6000018e5cb16d000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:20 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ea8-c854" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Oa38Hpra3Dp64IdOENAvLN2rf6l%2FYwJ7dl%2FHBZuld6SRB4%2FcQNGczjC04s7XMGwFHbVFSpweI1%2BDZyCiWg%2BO1R6MEw%2B4lFtPQu3nM5Ro%2B7HYToHE2V00WU9VEmmhfRoYzw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes cf-ray 5fc52e4e390d18e5-FRA expires Wed, 24 Nov 2021 11:27:54 GMT
GET H2	200	/ Show response www.notepad.pw/sbbi/ Frame B263	25 KB 11 KB	60ms 59ms	Document text/html	151.139.128.11 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software fbs / Resource Hash 52d36476640b7819910cac6e89d30c46fa79c96fe5fb928b340614257e688256 Request headers :method GET :authority www.notepad.pw :scheme https :path /sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.notepad.pw/share/o0dmsyt1r accept-encoding gzip, deflate, br accept-language en-US cookie SPSI=06f316f4625d8d7d253bd0ffc05743e2; SPSE=Q4ocsbudFlZK8EiToVA27XW7GYmVBU16SsiMTFqpU0Fk0qaJfmini9ToDfyICUsEYh2szKAbCNAdOmne7HrTOg==; spcsrf=6299057e0ee332fd2e392ae1113106f2; pad_cookie=b567055736ff2b5adfeb91bba1f37e2a99a04523; sp_lit=sgeIYRXDg5hGrf+wgLCCLg==; PRLST=FN; UTGv2=h439c483cd70b82c30ae6c1777d56a8efc34 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.notepad.pw/share/o0dmsyt1r Response headers date Fri, 04 Dec 2020 11:27:54 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 server fbs x-accel-expires 0 access-control-allow-origin * x-hw 1607081274.cds004.lo4.hn,1607081274.cds255.lo4.sc,1607081274.cdn2-wafbe03-lhr1.stackpath.systems.-.i,1607081274.cds255.lo4.p
GET H2	200	/ www.notepad.pw/sbbi/	43 B 167 B	61ms 60ms	Image image/gif	151.139.128.11 HIGHWINDS3
General Check archive.org Show headers Download Go to Show image Full URL https://www.notepad.pw/sbbi/?sbbpg=utMedia&vii=0h64f3391c64f8436c2d57d08bd872dc23503abed60cf1f7c7075d75463ae82esfgcs3q4 Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software fbs / Resource Hash b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers access-control-allow-origin * x-accel-expires 0 date Fri, 04 Dec 2020 11:27:54 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 server fbs x-hw 1607081274.cds004.lo4.hn,1607081274.cds224.lo4.sc,1607081274.cdn2-wafbe01-lhr1.stackpath.systems.-.i,1607081274.cds224.lo4.p content-type image/gif
GET H2	200	o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2 fonts.gstatic.com/s/notosans/v11/	10 KB 10 KB	7ms 6ms	Font font/woff2	2a00:1450:4001:814::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/notosans/v11/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Origin https://www.notepad.pw Referer https://fonts.googleapis.com/css?family=Noto+Sans:400,700 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 03 Dec 2020 16:55:14 GMT x-content-type-options nosniff last-modified Thu, 24 Sep 2020 23:50:56 GMT server sffe age 66760 content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 10292 x-xss-protection 0 expires Fri, 03 Dec 2021 16:55:14 GMT
GET H/1.1	200 OK	carbon.js Show response cdn.carbonads.com/	15 KB 6 KB	123ms 38ms	Script application/javascript	23.111.10.140 HIGHWINDS2
General Check archive.org Show headers Download Go to Full URL https://cdn.carbonads.com/carbon.js?serve=CK7IT277&placement=notepadpw Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 23.111.10.140 Phoenix, United States, ASN33438 (HIGHWINDS2, US), Reverse DNS Software NetDNA-cache/2.2 / Resource Hash f08c10337bc4dd1825785f3a460bc03f2fd076e16d691040b5f8106bf2f14864 Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Fri, 04 Dec 2020 11:27:55 GMT Content-Encoding gzip Last-Modified Tue, 27 Oct 2020 20:53:30 GMT Server NetDNA-cache/2.2 ETag W/"3d43-5b2ad3d436e46" Vary Accept-Encoding X-Cache HIT Content-Type application/javascript Transfer-Encoding chunked Connection keep-alive
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/	82 KB 26 KB	13ms 13ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 04 Dec 2020 11:27:55 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 26057 cross-origin-resource-policy cross-origin vary Accept-Encoding content-length 26646 cf-request-id 06cf1b4871000018e5e1225000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:48 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ec4-1499c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=b3o73%2Be93hqWYXExewF8cju5NnrB4bRX6GuT%2BDGaQ5ApHgmOMAkJdsFXd1Tk8MxaapvqXOPRw8uaSsL1O%2BRjt3z%2FUyYGFP8Z2loQsiIY5HyKnTrUtZdx8%2Fe6TQ1YWQIwQg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes cf-ray 5fc52e53ed4b18e5-FRA expires Wed, 24 Nov 2021 11:27:55 GMT
GET H2	200	linkify.min.js Show response cdnjs.cloudflare.com/ajax/libs/jQuery-linkify/2.1.4/	15 KB 6 KB	12ms 12ms	Script application/javascript	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jQuery-linkify/2.1.4/linkify.min.js Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fea87c8fa2f4fce4f1fbb898f0101e2e2af108306cbb73f5e428b96e8ec125a5 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 04 Dec 2020 11:27:55 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 169254 cross-origin-resource-policy cross-origin vary Accept-Encoding content-length 6085 cf-request-id 06cf1b4871000018e5de238000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:41 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ebd-3ca1" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=291FPxGQNkqEKjtYdaLuj5r7cuaAxdo%2BtFn%2FqYS01H8qDwmHNWKebqqus5NC%2F3zqYcRiQjxCTgIRBjLbppTbR%2F6IKQi3RY0V2Lze1ZYR2wQXGVeBFj%2Bt6DSo0h2EcoApuw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes cf-ray 5fc52e53ed4f18e5-FRA expires Wed, 24 Nov 2021 11:27:55 GMT
GET H2	200	ionicons.ttf cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/	184 KB 96 KB	27ms 13ms	Font application/octet-stream	2606:4700::6810:135e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/fonts/ionicons.ttf?v=2.0.0 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Origin https://www.notepad.pw Referer https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 04 Dec 2020 11:27:55 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 32923 cross-origin-resource-policy cross-origin vary Accept-Encoding content-length 97438 cf-request-id 06cf1b488000001f2d7a051000000001 timing-allow-origin * last-modified Mon, 04 May 2020 16:11:20 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03ea8-2e05c" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FgwEloqnx%2BMUixWBYUZI5JyaJsyrdurSwGo6ISvjB1f6aVpdAcJDYu2rTLck3zjGM27u%2F7pM2gBaN9KMy5%2BAdIXlMT9O16hqWsTgYV%2BOyECGsreVFy6ipnrLg3aq4Hp5wA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes cf-ray 5fc52e53ff681f2d-FRA expires Wed, 24 Nov 2021 11:27:55 GMT
GET H/1.1	200 OK	CK7IT277.json Show response srv.carbonads.net/ads/	653 B 726 B	171ms 77ms	Script application/javascript	174.138.11.135 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://srv.carbonads.net/ads/CK7IT277.json?segment=placement:notepadpw&callback=_carbonads_go Requested by Host: cdn.carbonads.com URL: https://cdn.carbonads.com/carbon.js?serve=CK7IT277&placement=notepadpw Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 174.138.11.135 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS srv-eu-nl-7.buysellads.com Software //srv.buysellads.com / Resource Hash 1019cf7d6b957bf35b50aedb010469db9af1ced5216839ee3d0e6e7277f50c72 Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Fri, 04 Dec 2020 11:27:56 GMT Content-Encoding gzip Server //srv.buysellads.com Content-Length 487 Vary Accept-Encoding Content-Type application/javascript; charset=utf-8
GET H/1.1	200 OK	CK7DT53I.json Show response srv.carbonads.net/ads/	653 B 726 B	86ms 86ms	Script application/javascript	174.138.11.135 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://srv.carbonads.net/ads/CK7DT53I.json?segment=placement:notepadpw&callback=_carbonads_go Requested by Host: cdn.carbonads.com URL: https://cdn.carbonads.com/carbon.js?serve=CK7IT277&placement=notepadpw Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 174.138.11.135 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS srv-eu-nl-7.buysellads.com Software //srv.buysellads.com / Resource Hash f9d4f6f1cfd542898d17a8d803e9ce10261ff164d98c2f0b4a3eb308ea24e80d Request headers Referer https://www.notepad.pw/share/o0dmsyt1r User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Access-Control-Allow-Origin * Date Fri, 04 Dec 2020 11:27:56 GMT Content-Encoding gzip Server //srv.buysellads.com Content-Length 487 Vary Accept-Encoding Content-Type application/javascript; charset=utf-8
POST H2	200	/ Show response www.notepad.pw/sbbi/ Frame B263	516 B 473 B	55ms 54ms	Document text/html	151.139.128.11 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 Requested by Host: www.notepad.pw URL: https://www.notepad.pw/share/o0dmsyt1r Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software fbs / Resource Hash d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b Request headers :method POST :authority www.notepad.pw :scheme https :path /sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 content-length 655 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 origin https://www.notepad.pw content-type application/x-www-form-urlencoded user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 accept-encoding gzip, deflate, br accept-language en-US cookie SPSI=06f316f4625d8d7d253bd0ffc05743e2; SPSE=Q4ocsbudFlZK8EiToVA27XW7GYmVBU16SsiMTFqpU0Fk0qaJfmini9ToDfyICUsEYh2szKAbCNAdOmne7HrTOg==; spcsrf=6299057e0ee332fd2e392ae1113106f2; pad_cookie=b567055736ff2b5adfeb91bba1f37e2a99a04523; sp_lit=sgeIYRXDg5hGrf+wgLCCLg==; PRLST=FN; UTGv2=h439c483cd70b82c30ae6c1777d56a8efc34; adOtr=136604f6f52 Upgrade-Insecure-Requests 1 Origin https://www.notepad.pw Content-Type application/x-www-form-urlencoded User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 Response headers date Fri, 04 Dec 2020 11:27:56 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 server fbs x-accel-expires 0 access-control-allow-origin * x-hw 1607081276.cds004.lo4.hn,1607081276.cds211.lo4.sc,1607081276.cdn2-wafbe04-lhr1.stackpath.systems.-.i,1607081276.cds211.lo4.p
GET H2	200	/ Show response www.notepad.pw/sbbi/ Frame B263	7 KB 3 KB	70ms 70ms	Document text/html	151.139.128.11 HIGHWINDS3
General Check archive.org Show headers Download Go to Full URL https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=FN Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US), Reverse DNS Software fbs / Resource Hash 7c491d81ff6cc92a9fb3760169b926eb9fc125878c724c8b3cb516013b02a905 Request headers :method GET :authority www.notepad.pw :scheme https :path /sbbi/?sbbpg=sbbShell&gprid=FN pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site same-origin sec-fetch-mode navigate sec-fetch-dest iframe referer https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 accept-encoding gzip, deflate, br accept-language en-US cookie SPSI=06f316f4625d8d7d253bd0ffc05743e2; SPSE=Q4ocsbudFlZK8EiToVA27XW7GYmVBU16SsiMTFqpU0Fk0qaJfmini9ToDfyICUsEYh2szKAbCNAdOmne7HrTOg==; spcsrf=6299057e0ee332fd2e392ae1113106f2; pad_cookie=b567055736ff2b5adfeb91bba1f37e2a99a04523; sp_lit=sgeIYRXDg5hGrf+wgLCCLg==; PRLST=FN; UTGv2=h439c483cd70b82c30ae6c1777d56a8efc34; adOtr=136604f6f52 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.notepad.pw/sbbi/?sbbpg=sbbShell&gprid=FN&sbbgs=h439c483cd70b82c30ae6c1777d56a8efc34&ddl=1 Response headers date Fri, 04 Dec 2020 11:27:56 GMT cache-control no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0 content-encoding gzip content-type text/html; charset=UTF-8 server fbs x-accel-expires 0 access-control-allow-origin * x-hw 1607081276.cds004.lo4.hn,1607081276.cds232.lo4.sc,1607081276.cdn2-wafbe02-lhr1.stackpath.systems.-.i,1607081276.cds232.lo4.p

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated string| sbbvscc string| sbbgscc function| genPid function| nsbbfetch function| sbbgc function| addmg function| addprid function| sbbeccf function| m2vr function| sbbls string| y string| x string| gprid object| sbbeccfi string| sbbgs number| lX number| lY string| csr object| otr object| cnv string| lk__ function| setUGEvals number| tt number| sbbtstflgsbbhbka boolean| sbbhbka function| $ function| jQuery object| linkify object| _carbonads function| _carbonads_go object| _carbon_where string| ignoretargeting function| _bsap_serving_callback boolean| sbrmp

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.notepad.pw/	1969-12-31 23:59:59	Name: adOtr Value: 136604f6f52
			www.notepad.pw/	1970-01-19 14:24:41	Name: sp_lit Value: sgeIYRXDg5hGrf+wgLCCLg==
			www.notepad.pw/	1970-01-19 14:24:48	Name: spcsrf Value: 6299057e0ee332fd2e392ae1113106f2
			www.notepad.pw/	1970-01-19 14:24:48	Name: pad_cookie Value: b567055736ff2b5adfeb91bba1f37e2a99a04523
			www.notepad.pw/	1969-12-31 23:59:59	Name: PRLST Value: FN
			www.notepad.pw/	1969-12-31 23:59:59	Name: SPSE Value: Q4ocsbudFlZK8EiToVA27XW7GYmVBU16SsiMTFqpU0Fk0qaJfmini9ToDfyICUsEYh2szKAbCNAdOmne7HrTOg==
			www.notepad.pw/	1970-01-23 06:41:45	Name: UTGv2 Value: h439c483cd70b82c30ae6c1777d56a8efc34
			www.notepad.pw/	1969-12-31 23:59:59	Name: SPSI Value: 06f316f4625d8d7d253bd0ffc05743e2

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.carbonads.com
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
srv.carbonads.net
www.notepad.pw
151.139.128.11
174.138.11.135
23.111.10.140
2606:4700::6810:135e
2a00:1450:4001:814::2003
2a00:1450:4001:820::200a
1019cf7d6b957bf35b50aedb010469db9af1ced5216839ee3d0e6e7277f50c72
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
3c5b6bb603a4f7556b94532674f3847b430b9495afbb3a4dcfe5ba718baa59ad
4fa641e423a7b9c1027389af5f3a74671a49265554c566e0a20173932a2368f8
51839cd54fbd59d491d731aa9f28bf46a0c44fd332a461e267e2e61c247adf1c
52d36476640b7819910cac6e89d30c46fa79c96fe5fb928b340614257e688256
55b731aa03064189b7abca9931deb7b844c75d7664aacecc1356c4bc0635c4af
7c491d81ff6cc92a9fb3760169b926eb9fc125878c724c8b3cb516013b02a905
a021b21d126fb4032062da89a2ed526474395f3a7dacb8ff98c7d330e43ed932
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d155160aea288964eebe06a362795ab879ed657ca75f7ca60d5a1c8e9fe05d7b
de2bbd8e0b32f53a53c1729bedb350cea59e9115fba4f2bed8e2e3dd1f76d9fa
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
f08c10337bc4dd1825785f3a460bc03f2fd076e16d691040b5f8106bf2f14864
f9d4f6f1cfd542898d17a8d803e9ce10261ff164d98c2f0b4a3eb308ea24e80d
fea87c8fa2f4fce4f1fbb898f0101e2e2af108306cbb73f5e428b96e8ec125a5