Report - gamingfun.me/NUM912.rar

Report Overview

Submitted URL
gamingfun.me/NUM912.rar
IP
52.173.151.229
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Submitted
2024-04-19 18:37:50
Access
public
Website Title
SafeNote | Encrypt and send files and notes with a link that automatically destruct after being read.
Final URL
safenote.co/expired
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gamingfun.me	unknown	2020-09-23	2020-09-23	2024-04-16	740 B	1.8 kB	52.173.151.229
grabify.world	unknown	2019-04-10	2020-03-11	2024-04-18	478 B	866 B	188.114.96.1
safenote.co	117539	2018-11-29	2019-05-28	2023-11-27	6.4 kB	439 kB	192.99.70.154
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-04-19	951 B	15 kB	104.17.25.14
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-19	869 B	164 kB	142.250.74.168
use.fontawesome.com	942	2012-10-18	2017-01-30	2024-04-18	2.1 kB	213 kB	172.67.142.245
grabify.link	181878	2015-07-05	2015-07-08	2024-04-17	5.0 kB	178 kB	104.26.9.202
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-19	431 B	31 kB	151.101.194.137
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-19	876 B	18 kB	142.250.74.106
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	557 B	14 kB	216.58.207.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-04-19 18:37:24	medium	Client IP	104.26.9.202	ET INFO Observed IP Tracking Domain (grabify .link in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-19	medium	gamingfun.me	Sinkholed
2024-04-19	medium	gamingfun.me	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-05-02
Pretty URL code.jquery.com/jquery-3.3.1.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-02 18:42:07 Times Seen107768 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-02
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-02 18:39:17 Times Seen343624 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	cdnjs.cloudflare.com/ajax/libs/dropzone/5.5.1/min/dropzone.min.js	43 kB	2023-03-07	2024-04-19
Pretty URL cdnjs.cloudflare.com/ajax/libs/dropzone/5.5.1/min/dropzone.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:22:19 Last Seen2024-04-19 22:50:33 Times Seen29 Hash 33148c7d5e055ea747149d025cc9c0cf 7c8fadac2e33330b6f632075de1c9ff0f15da48b 72ce2d8528437e392a146939b362f18f7e6c81246be0c45cc9c7268b458aa823 Loading...

	safenote.co/sandbox%20eval%20code	128 B	2023-05-06	2024-05-02
Pretty URL safenote.co/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-02 16:16:17 Times Seen21325 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	www.googletagmanager.com/gtag/js?id=G-VLFN2PT7RM&l=dataLayer&cx=c	252 kB	2024-04-19	2024-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-VLFN2PT7RM&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 20:37:51 Last Seen2024-04-19 20:37:51 Times Seen2 Hash 3948b052fd073b8fee2aeeab1f2d0ed0 324ad5bb15339b790723ba3367ce28bcb2f81281 1c70476ce00dfb247170544e75234c2a59a618ea94c43b6a3f4d1ad988a520bb Loading...

	unknown	54 B	2023-04-11	2024-05-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:34:44 Last Seen2024-05-02 18:06:25 Times Seen863 Hash 21ad6a5e027895d7fef5bee4de0a6c02 1997f8ca0f217c1001a42318dc5976a0d5a56469 6e97ed48cf9a0f9bf4e5199bc5546e24c1067a10e7a582b886143be40f479bb5 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-05-02
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-02 16:16:17 Times Seen21188 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	safenote.co/sandbox%20eval%20code	147 B	2023-04-11	2024-05-02
Pretty URL safenote.co/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-02 18:39:17 Times Seen344131 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.googletagmanager.com/gtag/js?id=UA-130084942-1	203 kB	2024-04-19	2024-04-19
Pretty URL www.googletagmanager.com/gtag/js?id=UA-130084942-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 20:37:51 Last Seen2024-04-19 20:37:51 Times Seen2 Hash 5a4d92fb5dd2fa16268e44cf6317725d 61e69707cc62acf0c31bab59541759a86f44f436 f3310fcdbadbebd960a2dda5cb261373bcad74e7c23d4c22cd449c909bb9ec79 Loading...

	safenote.co/expired	183 B	2023-03-12	2024-04-19
Pretty URL safenote.co/expired IP 192.99.70.154 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 17:03:00 Last Seen2024-04-19 22:50:33 Times Seen9 Hash a5ad374a1a46e937bb355c22e76759a9 0f5b31d57711a22706eee8b960e982e9e090c9a7 3f02db33f51b2f40b0a12d6f62cf48cef9d48ccee90bc6323a0e1e43e057bb5b Loading...

	safenote.co/expired	64 B	2023-03-07	2024-04-19
Pretty URL safenote.co/expired IP 192.99.70.154 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:27:28 Last Seen2024-04-19 22:50:33 Times Seen318 Hash 70957b6ae83bf1935f2916febf7391da fe30cd795d82f571f1a536490848ba717b62d2d3 cacff1f6e2c3732b8ae94335c5162b5a3291d6ae9cd72c6cc1acfa567f83ee5a Loading...

	safenote.co/expired	441 B	2023-03-12	2024-04-19
Pretty URL safenote.co/expired IP 192.99.70.154 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 17:02:59 Last Seen2024-04-19 22:50:33 Times Seen9 Hash f70ed9d06cd940c4d5cfc80980be9528 10ccdbf4e63f311630ccc54669ab020fe7021684 5bcdb119d27bd2308027a6f6d967cb9191b0583a9b1776dd998dcf69b4ece13a Loading...

	safenote.co/js/app.js	333 kB	2023-03-12	2024-04-19
Pretty URL safenote.co/js/app.js IP 192.99.70.154 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 17:03:00 Last Seen2024-04-19 22:50:33 Times Seen15 Hash 5a7133a0db86cf88dedb815b140e1978 205b8069673bef93adcf26ab171ac37479ffaf4b ba61e92bc0fb8c2a9e3fcd717e7d8f302e028d4ee31a43291ee5c7cf612292c9 Loading...

HTTP Transactions (27)

URL IP Response Size

gamingfun.me/NUM912.rar

52.173.151.229

0 B

URL
gamingfun.me/NUM912.rar
IP
52.173.151.229:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /NUM912.rar HTTP/1.1
Host: gamingfun.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Fri, 19 Apr 2024 18:37:24 GMT
Server: Apache
Location: https://grabify.world/NUM912.rar
Status: 301 Moved Permanently
cf-cache-status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 56137e603e72eeba

grabify.world/NUM912.rar

188.114.96.1

143 B

URL
grabify.world/NUM912.rar
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with CRLF line terminators
Size
143 B (143 bytes)
Hash
cb7b8f439b04c00f4a2d78160ddfee8d
9aa44b5d68f6359f10de0dcd24ea3e12548d9bd4
12755429beb15d5eb57eafa45b8dba326343dd099bf0552038694c3856e8860e

HTTP Headers

GET /NUM912.rar HTTP/1.1
Host: grabify.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 19 Apr 2024 18:37:24 GMT
content-type: text/html
content-length: 143
location: https://grabify.link/NUM912.rar
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ww3CJkTq61CVRuJYFUad7445ON4BTRYkR2NMMhedKpxUAA3bYV3hwBSIbaB4pqfTfXkOqwDR4yNiTkEHcETZ9y8%2B1ahXJQnxwG0P9l6IZkAFn4PT3R3AIYzalmFJgW%2BV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876f01754d7056bf-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

grabify.link/js/ads.js

104.26.9.202

19 B

URL
grabify.link/js/ads.js
IP
104.26.9.202:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
19 B (19 bytes)
Hash
14380b81da6c1f82d54ddad07bdca87c
a72b216e23ce2fd0c275f0c66381255e2b34c1be
6a0f6cf6b4648c192d81b5fc7b70cb2f6819ef4a799e421e8626cae9697aa85a

HTTP Headers

GET /js/ads.js HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjJlSDg5RzFLWC9WNjRrVFhlTmx2dkE9PSIsInZhbHVlIjoiRXdIUll0aFVPazF4cmV1Wk1MdkFpT0JUTUQxZFN2WEtvNzFYMWtRTDhFRVVIVG9QL0V4a0lSRjg0S0Exam9tRW5Hc0xUN1VxU08xRmlNZ0hycVVnbXVIUm1SS0lEOWRBWXE5QTIxc3RVdkNjY29FWjlyRHV0WklwNE5uZzJSNFQiLCJtYWMiOiIzODdhNTZjOTlkNzM1YWFiODcxM2MyYTgzZGZmMWI3NWI4ZTQ4MzY0YmFjYWQ4ZGE2ODdjZjliOGQ3NTcyZDczIiwidGFnIjoiIn0%3D; g_session=eyJpdiI6IkVUc25ZVUxURXY3RDRmVzhNZi9ORVE9PSIsInZhbHVlIjoielNJMGVUZnN5d3Z4Qlo1dHk5ZVJ6OEpCREVlNy9XOWFjUWZYNFVYWlg4NVZCZWR6UVZNTUtlU3A0aVVmUEV0N0tsYTV2TjFCOE1DOVpsa0lONUE0UVpYQVVWbDNac0Vnd1VhUHJoRjlHbzhNQlN4OE8rUi9JZks1NVc0RzNiZUIiLCJtYWMiOiIxZjM1MjYyNGE4ZjIzZGU4YmY4YTBhOGY3MWZlNmY5MmZiZDFiNDkzODI3NGJkMjQ2N2NlZWY1NmQ3NjA0NWRhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 18:37:27 GMT
content-type: application/javascript
content-length: 19
cf-bgj: minify
cf-polished: origSize=22
etag: "16-60f850cd8071e"
last-modified: Mon, 22 Jan 2024 08:59:40 GMT
cf-cache-status: HIT
age: 4046
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jgwECnzwrnJDuJhO65vQn0sYx7XrwYQtSFAce6xwxXnPtZ680JKGquEx0neP%2Fxv%2FbR8pLndIwRlgeaV0AKlxC9sA18NInWIjAf9YRBdOEMVBxPEgYnnc1Hsbojnlfw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876f0185fde55687-OSL
alt-svc: h3=":443"; ma=86400

gamingfun.me/

52.173.151.229

1.1 kB

URL
gamingfun.me/
IP
52.173.151.229:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (1104), with CRLF line terminators
Size
1.1 kB (1137 bytes)
Hash
faf38a9ab18237c83bf0053317bcbe89
840ac42b9993a2614ecb723fe6fa8f3fd684bcd1
ccb5730b30c9d18ea3482f8c24963f77448127fabe1926fed2fd78c31a77103f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: gamingfun.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 1137
Content-Type: text/html; charset=utf-8
Date: Fri, 19 Apr 2024 18:37:27 GMT
Server: Apache
Content-Encoding: gzip
Vary: Accept-Encoding
cf-cache-status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 56137e603e72eeba

grabify.link/cdn-cgi/rum?

104.26.9.202

204 No Content

0 B

URL POST HTTP/3
grabify.link/cdn-cgi/rum?
IP
104.26.9.202:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grabify.link/NUM912.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectgrabify.link
Fingerprint21:0E:1C:67:0B:C7:CA:94:A3:D8:EC:9A:76:1F:DC:2A:41:08:76:69
ValidityFri, 09 Feb 2024 16:12:49 GMT - Thu, 09 May 2024 16:12:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1056
Origin: https://grabify.link
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjJlSDg5RzFLWC9WNjRrVFhlTmx2dkE9PSIsInZhbHVlIjoiRXdIUll0aFVPazF4cmV1Wk1MdkFpT0JUTUQxZFN2WEtvNzFYMWtRTDhFRVVIVG9QL0V4a0lSRjg0S0Exam9tRW5Hc0xUN1VxU08xRmlNZ0hycVVnbXVIUm1SS0lEOWRBWXE5QTIxc3RVdkNjY29FWjlyRHV0WklwNE5uZzJSNFQiLCJtYWMiOiIzODdhNTZjOTlkNzM1YWFiODcxM2MyYTgzZGZmMWI3NWI4ZTQ4MzY0YmFjYWQ4ZGE2ODdjZjliOGQ3NTcyZDczIiwidGFnIjoiIn0%3D; g_session=eyJpdiI6IkVUc25ZVUxURXY3RDRmVzhNZi9ORVE9PSIsInZhbHVlIjoielNJMGVUZnN5d3Z4Qlo1dHk5ZVJ6OEpCREVlNy9XOWFjUWZYNFVYWlg4NVZCZWR6UVZNTUtlU3A0aVVmUEV0N0tsYTV2TjFCOE1DOVpsa0lONUE0UVpYQVVWbDNac0Vnd1VhUHJoRjlHbzhNQlN4OE8rUi9JZks1NVc0RzNiZUIiLCJtYWMiOiIxZjM1MjYyNGE4ZjIzZGU4YmY4YTBhOGY3MWZlNmY5MmZiZDFiNDkzODI3NGJkMjQ2N2NlZWY1NmQ3NjA0NWRhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 19 Apr 2024 18:37:29 GMT
access-control-allow-origin: https://grabify.link
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 876f0192b9c25687-OSL
x-frame-options: DENY
x-content-type-options: nosniff

safenote.co/r/649b9d6d99f505@43692128

192.99.70.154

302 Found

478 B

URL User Request GET HTTP/1.1
safenote.co/r/649b9d6d99f505@43692128
IP
192.99.70.154:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectsafenote.co
Fingerprint6B:C2:24:18:FF:7F:60:50:65:4D:6E:D4:21:4E:6A:B9:19:54:7C:F5
ValidityThu, 04 Apr 2024 01:04:17 GMT - Wed, 03 Jul 2024 01:04:16 GMT

File type
HTML document, ASCII text
Size
478 B (478 bytes)
Hash
d8b1067ec13c61c52bea59e88b92015c
db2c70bda62aa603a1905f293c10837d38b1c843
7be6a12342f98b2f43df19083ce928f6e3397e6ce2b68bb028533ab9df67178d

HTTP Headers

GET /r/649b9d6d99f505@43692128 HTTP/1.1
Host: safenote.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 19 Apr 2024 18:38:04 GMT
Server: Apache
Cache-Control: no-cache, private
Location: https://safenote.co/open?reference=649b9d6d99f505@43692128
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImFwVDdNeDFTYXphc0xZWG5id3lwbWc9PSIsInZhbHVlIjoiU0RaWXBudDNRWlBsYVp3NE9TU0NYRm5TNXB1cVIyRWhzVjNoR2MrZGlLTU5PZmdpQ2hidUZoMGw3VWpIbjNEeCIsIm1hYyI6ImY3ZDNhYTdiNzVjODM0ODQwM2EzOGNmMjBiYjYxMjdkODJhNmQwODk0MWQ1NjRiZWZhNzc1ZDMwNzg1OTAwYjEifQ%3D%3D; expires=Fri, 19-Apr-2024 20:38:04 GMT; Max-Age=7200; path=/
safenote_session=eyJpdiI6IlZPSWVxajd6SFwvXC96Y25CXC9sSWF4VlE9PSIsInZhbHVlIjoiQ1U2VDd5R1phXC93RGZkQjFPTzE4bHU0c1BkZCtqaFFYaXplUzV6N0YrejVLSitvRUFkRkhVXC9EM1QxK0JcL1A1SSIsIm1hYyI6ImQ0MTE5YmRhMzMxYWI1ZTJhNDFhMGJjNmMwMTk5Yjc2MDdjZDc2MzM3MDRmZGI5Y2FjZGY5MDAzMDM0MWJlZTkifQ%3D%3D; expires=Fri, 19-Apr-2024 20:38:04 GMT; Max-Age=7200; path=/; httponly
Content-Length: 478
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

safenote.co/open?reference=649b9d6d99f505@43692128

192.99.70.154

302 Found

354 B

URL User Request GET HTTP/1.1
safenote.co/open?reference=649b9d6d99f505@43692128
IP
192.99.70.154:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectsafenote.co
Fingerprint6B:C2:24:18:FF:7F:60:50:65:4D:6E:D4:21:4E:6A:B9:19:54:7C:F5
ValidityThu, 04 Apr 2024 01:04:17 GMT - Wed, 03 Jul 2024 01:04:16 GMT

File type
HTML document, ASCII text
Size
354 B (354 bytes)
Hash
1f197d885a0c78481ecebd9cf77914d8
02a25f9e188bfd794d05f55e48e9bc27d7e58b23
b36215dba2e9d568f4934f4b326232ca9969f4ce6b4440c1781ea7d9833f8fa3

HTTP Headers

GET /open?reference=649b9d6d99f505@43692128 HTTP/1.1
Host: safenote.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImFwVDdNeDFTYXphc0xZWG5id3lwbWc9PSIsInZhbHVlIjoiU0RaWXBudDNRWlBsYVp3NE9TU0NYRm5TNXB1cVIyRWhzVjNoR2MrZGlLTU5PZmdpQ2hidUZoMGw3VWpIbjNEeCIsIm1hYyI6ImY3ZDNhYTdiNzVjODM0ODQwM2EzOGNmMjBiYjYxMjdkODJhNmQwODk0MWQ1NjRiZWZhNzc1ZDMwNzg1OTAwYjEifQ%3D%3D; safenote_session=eyJpdiI6IlZPSWVxajd6SFwvXC96Y25CXC9sSWF4VlE9PSIsInZhbHVlIjoiQ1U2VDd5R1phXC93RGZkQjFPTzE4bHU0c1BkZCtqaFFYaXplUzV6N0YrejVLSitvRUFkRkhVXC9EM1QxK0JcL1A1SSIsIm1hYyI6ImQ0MTE5YmRhMzMxYWI1ZTJhNDFhMGJjNmMwMTk5Yjc2MDdjZDc2MzM3MDRmZGI5Y2FjZGY5MDAzMDM0MWJlZTkifQ%3D%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Date: Fri, 19 Apr 2024 18:38:04 GMT
Server: Apache
Cache-Control: no-cache, private
Location: https://safenote.co/expired
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im9MRHd6Q1UwN2crdU12YWdSZmRkTnc9PSIsInZhbHVlIjoidThVUGI3TEVGOElGOTJXVU1Ha1hIaldFWlFMalpWSnRHMUJjVnA5TWNPd3U3RTBmdFdMWSszaTRkZlF6U0RPUyIsIm1hYyI6ImJmMzIxN2U5NzdhMWQyN2FjZWYwMjU2ZWUzZWI0MDk1ZWNlMzEwM2UyMjYwMDljOGM2NTQxM2E5Nzg0MDRmNzEifQ%3D%3D; expires=Fri, 19-Apr-2024 20:38:04 GMT; Max-Age=7200; path=/
safenote_session=eyJpdiI6Ind5cytLQk9tQytOa0ZSNkR2U2RjekE9PSIsInZhbHVlIjoiSlAzWEVBbVdodjN1cXFRWkJUdW1lcU5VWkhuMXMxZHFybFh0amtDMjhJWldZTEZvZUYzVlwvd243M204clAybU8iLCJtYWMiOiI0YmZhOThiYzNlODk1ZDUxZGQ2NTA4MzQxMDQyNGY2Y2ZlZDAxYzgwNDgzYzYzMjY3NzY3NzJjZTVjMzYzYjMzIn0%3D; expires=Fri, 19-Apr-2024 20:38:04 GMT; Max-Age=7200; path=/; httponly
Content-Length: 354
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

grabify.link/js/jquery-2.5.2.min.js

104.26.9.202

9.6 kB

URL
grabify.link/js/jquery-2.5.2.min.js
IP
104.26.9.202:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (12739), with no line terminators
Size
9.6 kB (9573 bytes)
Hash
55b5fd3e7afc0a14b9dabac943d58257
a1ed1b0f19604bc616aaa3fa47026da50213cba0
90c47288479a5e1f475bad913b7e0eced1479ceaa7e7761c332d278f5634f52a

HTTP Headers

GET /js/jquery-2.5.2.min.js HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjJlSDg5RzFLWC9WNjRrVFhlTmx2dkE9PSIsInZhbHVlIjoiRXdIUll0aFVPazF4cmV1Wk1MdkFpT0JUTUQxZFN2WEtvNzFYMWtRTDhFRVVIVG9QL0V4a0lSRjg0S0Exam9tRW5Hc0xUN1VxU08xRmlNZ0hycVVnbXVIUm1SS0lEOWRBWXE5QTIxc3RVdkNjY29FWjlyRHV0WklwNE5uZzJSNFQiLCJtYWMiOiIzODdhNTZjOTlkNzM1YWFiODcxM2MyYTgzZGZmMWI3NWI4ZTQ4MzY0YmFjYWQ4ZGE2ODdjZjliOGQ3NTcyZDczIiwidGFnIjoiIn0%3D; g_session=eyJpdiI6IkVUc25ZVUxURXY3RDRmVzhNZi9ORVE9PSIsInZhbHVlIjoielNJMGVUZnN5d3Z4Qlo1dHk5ZVJ6OEpCREVlNy9XOWFjUWZYNFVYWlg4NVZCZWR6UVZNTUtlU3A0aVVmUEV0N0tsYTV2TjFCOE1DOVpsa0lONUE0UVpYQVVWbDNac0Vnd1VhUHJoRjlHbzhNQlN4OE8rUi9JZks1NVc0RzNiZUIiLCJtYWMiOiIxZjM1MjYyNGE4ZjIzZGU4YmY4YTBhOGY3MWZlNmY5MmZiZDFiNDkzODI3NGJkMjQ2N2NlZWY1NmQ3NjA0NWRhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 19 Apr 2024 18:37:29 GMT
content-type: application/javascript
last-modified: Sat, 13 Apr 2024 05:23:14 GMT
etag: W/"31c3-615f395cd0130-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SZN3izbGP1V12HQU9GM4zmY44hO9QsIYxv6TabJm9CQACoO%2FwVZn%2B2lqiM1aen1qJgqSslMhsi9nmxx3scqiVf10u6wS64%2BJ0G06PeWF5aJUusxHFBYY1c4HHXDP0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876f018f9f4d5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

grabify.link/cdn-cgi/rum?

104.26.9.202

204 No Content

0 B

URL POST HTTP/3
grabify.link/cdn-cgi/rum?
IP
104.26.9.202:443
ASN
#13335 CLOUDFLARENET

Requested by
https://grabify.link/NUM912.rar
Certificate
IssuerGoogle Trust Services LLC
Subjectgrabify.link
Fingerprint21:0E:1C:67:0B:C7:CA:94:A3:D8:EC:9A:76:1F:DC:2A:41:08:76:69
ValidityFri, 09 Feb 2024 16:12:49 GMT - Thu, 09 May 2024 16:12:48 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 493
Origin: https://grabify.link
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InE4VHRHVmNCeGg4dG5Td2F1aUJpd2c9PSIsInZhbHVlIjoiN0JWZ1l1aUM3LzI5cWtwZVRKSnF5eHlNTUFISnVGdk9qZVZnU1N3TVYwWWRuL2QwTHFiQlBMaXZNV05ZSE1KNGlxZWp5RWVKbjg3eXVrS2pVaUFSWEhieWIwNUhFbW9UK2k1ZGtpMnZ2MFJuWEVZaFVqWVU0U2ErQjNManZHNGYiLCJtYWMiOiJlODRiNDljMmQ5ZTI4YmRlYTU3NjdlN2NkZWM1ZWI2YmNiODJlNzM0MzIwZjk1MGY5M2YzYWMyYTdjZDA5YjM4IiwidGFnIjoiIn0%3D; g_session=eyJpdiI6Ijlud2d0RHhBUTlwYkhZWjZ2WENJVWc9PSIsInZhbHVlIjoiUWNhTlo0ZFF0Q05FandvazNVWTR4bG9HVXVLdTY3bXZsQWM1Kzg4cW5wbnpMMWtLekR4UG9veklUS1Jxc3NKUEFWVXpad3hGTjdBTWhhamlFMVNqVU9Dd1ZJOThLaWNXZUkrZGNTNTZ3Q1ZraWxyR0Z4Sm1UYXAyRHdLWjVHZ1QiLCJtYWMiOiJjZmE3MTc1M2Y5ZWY5ZWJhNmI5MzllZjZiZjY4ZTQwYTljNGI3YzYzYzk5MTNiMTI0NjdlYzk5MzE1MTgzYTI2IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/3 204 No Content
date: Fri, 19 Apr 2024 18:37:30 GMT
access-control-allow-origin: https://grabify.link
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 876f019b49fe5687-OSL
x-frame-options: DENY
x-content-type-options: nosniff

cdnjs.cloudflare.com/ajax/libs/dropzone/5.5.1/min/dropzone.min.css

104.17.25.14

200 OK

1.3 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/dropzone/5.5.1/min/dropzone.min.css
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://safenote.co/expired
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (9716)
Size
1.3 kB (1274 bytes)
Hash
2f735dbf472afcd77604ecf439319f7b
e464a73ee11c8299b350071ee5332f1cd6214d73
7b8ef13a45ecd495c56e38e9a11af5fcb85572a4b34661a63eab2b510795b3e8

HTTP Headers

GET /ajax/libs/dropzone/5.5.1/min/dropzone.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 19 Apr 2024 18:37:30 GMT
content-type: text/css; charset=utf-8
content-length: 1274
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e3e-25f5"
last-modified: Mon, 04 May 2020 16:09:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 12925622
expires: Wed, 09 Apr 2025 18:37:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tiQGCjgLbxxEUAWFRX%2FOAb9u8DlSaTLnBYMFIo7yXu5Kv9e1Rt01eC2iQeHfhOw72iQetkeeYmE5%2FFeVSg4bseGP6h5SepauoEcFlrFfDAfzxQpj45jDaIxTtV%2F2WRYbIwlyol7u"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 876f019bbde356ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/dropzone/5.5.1/min/dropzone.min.js

104.17.25.14

200 OK

11 kB

URL GET HTTP/2
cdnjs.cloudflare.com/ajax/libs/dropzone/5.5.1/min/dropzone.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://safenote.co/expired
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D
ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (31998)
Size
11 kB (11347 bytes)
Hash
33148c7d5e055ea747149d025cc9c0cf
7c8fadac2e33330b6f632075de1c9ff0f15da48b
72ce2d8528437e392a146939b362f18f7e6c81246be0c45cc9c7268b458aa823

HTTP Headers

GET /ajax/libs/dropzone/5.5.1/min/dropzone.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 18:37:30 GMT
content-type: application/javascript; charset=utf-8
content-length: 11347
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e3e-a7fb"
last-modified: Mon, 04 May 2020 16:09:34 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 262132
expires: Wed, 09 Apr 2025 18:37:30 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32bwASOHSRyRc4XtEXLePYO0JY7LQOBEC0WbqeXJZs63mpUZeVmCHha3LHr%2BWJrcsc%2F6c5hKg5Qcqw%2BOGlvwUc2FdXWRU6iD30RsaM5GED%2BfIq7fU1oexCjJ6JFM4l6G%2F4lBnQhB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 876f019bbddf56ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.3.1.min.js

151.101.194.137

200 OK

30 kB

URL GET HTTP/2
code.jquery.com/jquery-3.3.1.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://safenote.co/expired
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
30 kB (30288 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 19 Apr 2024 18:37:30 GMT
age: 18751247
x-served-by: cache-lga13622-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 36, 672342
x-timer: S1713551851.901566,VS0,VE0
vary: Accept-Encoding
content-length: 30288
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-130084942-1

142.250.74.168

200 OK

73 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-130084942-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://safenote.co/expired
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
73 kB (73295 bytes)
Hash
5a4d92fb5dd2fa16268e44cf6317725d
61e69707cc62acf0c31bab59541759a86f44f436
f3310fcdbadbebd960a2dda5cb261373bcad74e7c23d4c22cd449c909bb9ec79

HTTP Headers

GET /gtag/js?id=UA-130084942-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 18:37:30 GMT
expires: Fri, 19 Apr 2024 18:37:30 GMT
cache-control: private, max-age=900
last-modified: Fri, 19 Apr 2024 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-VLFN2PT7RM&l=dataLayer&cx=c

142.250.74.168

200 OK

89 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-VLFN2PT7RM&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://safenote.co/expired
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintBF:40:8C:8B:CB:69:1E:3F:E2:3B:B7:8A:8E:C0:D6:98:5F:81:FA:2D
ValidityMon, 04 Mar 2024 06:35:45 GMT - Mon, 27 May 2024 06:35:44 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
89 kB (88979 bytes)
Hash
3948b052fd073b8fee2aeeab1f2d0ed0
324ad5bb15339b790723ba3367ce28bcb2f81281
1c70476ce00dfb247170544e75234c2a59a618ea94c43b6a3f4d1ad988a520bb

HTTP Headers

GET /gtag/js?id=G-VLFN2PT7RM&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 19 Apr 2024 18:37:31 GMT
expires: Fri, 19 Apr 2024 18:37:31 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88979
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

grabify.link/NUM912.rar

104.26.9.202

164 kB

URL
grabify.link/NUM912.rar
IP
104.26.9.202:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, Unicode text, UTF-8 text, with very long lines (370)
Size
164 kB (164403 bytes)
Hash
9f1e2c95e71ac47b65885d99d7166b9e
44b7ee414c41d9d4cd637bc8f5bc7be969c7390a
f401826110b753286b8b08b3951076f58264eea7deb83bef99c5e5da9fb7fd81

HTTP Headers

GET /NUM912.rar HTTP/1.1
Host: grabify.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 18:37:27 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
x-ratelimit-limit: 15
x-ratelimit-remaining: 14
vary: Accept-Encoding
cf-cache-status: BYPASS
set-cookie: XSRF-TOKEN=eyJpdiI6IjJlSDg5RzFLWC9WNjRrVFhlTmx2dkE9PSIsInZhbHVlIjoiRXdIUll0aFVPazF4cmV1Wk1MdkFpT0JUTUQxZFN2WEtvNzFYMWtRTDhFRVVIVG9QL0V4a0lSRjg0S0Exam9tRW5Hc0xUN1VxU08xRmlNZ0hycVVnbXVIUm1SS0lEOWRBWXE5QTIxc3RVdkNjY29FWjlyRHV0WklwNE5uZzJSNFQiLCJtYWMiOiIzODdhNTZjOTlkNzM1YWFiODcxM2MyYTgzZGZmMWI3NWI4ZTQ4MzY0YmFjYWQ4ZGE2ODdjZjliOGQ3NTcyZDczIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 23:37:26 GMT; Max-Age=18000; path=/; secure
g_session=eyJpdiI6IkVUc25ZVUxURXY3RDRmVzhNZi9ORVE9PSIsInZhbHVlIjoielNJMGVUZnN5d3Z4Qlo1dHk5ZVJ6OEpCREVlNy9XOWFjUWZYNFVYWlg4NVZCZWR6UVZNTUtlU3A0aVVmUEV0N0tsYTV2TjFCOE1DOVpsa0lONUE0UVpYQVVWbDNac0Vnd1VhUHJoRjlHbzhNQlN4OE8rUi9JZks1NVc0RzNiZUIiLCJtYWMiOiIxZjM1MjYyNGE4ZjIzZGU4YmY4YTBhOGY3MWZlNmY5MmZiZDFiNDkzODI3NGJkMjQ2N2NlZWY1NmQ3NjA0NWRhIiwidGFnIjoiIn0%3D; expires=Fri, 19 Apr 2024 23:37:26 GMT; Max-Age=18000; path=/; secure; httponly
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14HFuxSb6RJPkGCFsbHcWt0y%2FYi%2BgYlgua2tNrvrcJscgFuAM6Kn5u2xvwl8hru3Rq0p18K3d0I52JXd%2Bfj6f8pJvyOsEM6fF%2BeTFRkRNF9leD2aOAnxP2Dj30gRlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876f01762f9fb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

safenote.co/css/app.css

192.99.70.154

200 OK

22 kB

URL GET HTTP/1.1
safenote.co/css/app.css
IP
192.99.70.154:443
ASN
#16276 OVH SAS

Requested by
https://safenote.co/expired
Certificate
IssuerLet's Encrypt
Subjectsafenote.co
Fingerprint6B:C2:24:18:FF:7F:60:50:65:4D:6E:D4:21:4E:6A:B9:19:54:7C:F5
ValidityThu, 04 Apr 2024 01:04:17 GMT - Wed, 03 Jul 2024 01:04:16 GMT

File type
ASCII text, with very long lines (65264)
Size
22 kB (21905 bytes)
Hash
3dbb53663d049de74f8d846cf7b26afc
bb89caf91dce7a45c1145a6fe65279a3737faf69
9d15453db3933c69ec4e054632d7a126000f767218357881713f39c0bc6d1357

HTTP Headers

GET /css/app.css HTTP/1.1
Host: safenote.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/expired
Cookie: XSRF-TOKEN=eyJpdiI6Im9DZ3UyaUZIZUJEWnN5SWdwcVlJbmc9PSIsInZhbHVlIjoiTWY0dWhiYTJwYlVwczhDOUFVdUVoYktQcHM1ZWk4emhTUEh1VlNISUkwXC82dVlma3JtZ2RRRTZDVnlFVlwvY1pwIiwibWFjIjoiNmQ1OTE3OGZiMmRmNjEyMzFkODVlZjg0MmZlODEyOTQ2NGYzMGNkMTUyYWFhNDM0Mjc2NTI3Y2FiZWYyOWViNCJ9; safenote_session=eyJpdiI6IlE5ZzV2WjBcL0RNeHRqd1NlQVNvUnN3PT0iLCJ2YWx1ZSI6IjlBVlFaWVVHR05tcFRTVnc5UzNCMFZ1dHJSM0F5SnFkWEpSWXZ2dEQrV2lEd3UreGpDTlRuM1lzbklPdVdWVkMiLCJtYWMiOiIxYjA0OTI0YjJhYjNmOWY0NTgzNWQyMDljNGJmMjc0YWZmZTc3OWMxYzkwNmQzODMzNDBhYWZmZTIwN2MwZDc4In0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 18:38:05 GMT
Server: Apache
Last-Modified: Fri, 23 Nov 2018 13:42:31 GMT
ETag: "2639a-57b5527a83f57-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 21905
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

use.fontawesome.com/releases/v5.5.0/webfonts/fa-regular-400.woff2

172.67.142.245

200 OK

15 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.5.0/webfonts/fa-regular-400.woff2
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://safenote.co/expired
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14844, version 1.0
Size
15 kB (14844 bytes)
Hash
bdadb6ce95c5a2e7b673940721450d3c
f1e8cb035436d638da83d4696248cec831dcbe7a
92ba7bfaa43a35c94353e96860d99376313ee9b5fce6124d4e64067280f9a841

HTTP Headers

GET /releases/v5.5.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 19 Apr 2024 18:37:31 GMT
content-type: font/woff2
content-length: 14844
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "bdadb6ce95c5a2e7b673940721450d3c"
last-modified: Fri, 22 Sep 2023 01:45:39 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 123693
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EbotRQ7V%2BWXlzQSpCKwEy4BYarqAvHdje%2FIjJEAoAH5L9wE4gZvvL9O1nOfAyOmKYqXz66xgl0WWfweao58%2FU7thSHE4DzhTTnYlWbRysj81kJdM0f9%2Bt7ePRpc7FVDbeyLvgk32"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876f019ec91cb4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.5.0/webfonts/fa-solid-900.woff2

172.67.142.245

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.5.0/webfonts/fa-solid-900.woff2
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://safenote.co/expired
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 73852, version 1.0
Size
74 kB (73852 bytes)
Hash
fb493903265cad425ccdf8e04fc2de61
fef2f08d60e907750df0bc41ce64a7139642ddf0
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2

HTTP Headers

GET /releases/v5.5.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 19 Apr 2024 18:37:31 GMT
content-type: font/woff2
content-length: 73852
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "fb493903265cad425ccdf8e04fc2de61"
last-modified: Fri, 22 Sep 2023 01:45:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 123693
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v3XZhb5eUFJC2XoetKCmKiJoZf2p4K%2Fi54FvaPiFdHZ%2FMbKHObAXk8KuoTEFrdYCOnmMuG7rUkOIsOPryFw0f0c8BCiarE5lzpVTP58Elws34j9%2BaV9bRbOFTRjEXWj7oLjRLuaa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876f019ed92eb4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

safenote.co/image/safenote-logo.png

192.99.70.154

200 OK

29 kB

URL GET HTTP/1.1
safenote.co/image/safenote-logo.png
IP
192.99.70.154:443
ASN
#16276 OVH SAS

Requested by
https://safenote.co/expired
Certificate
IssuerLet's Encrypt
Subjectsafenote.co
Fingerprint6B:C2:24:18:FF:7F:60:50:65:4D:6E:D4:21:4E:6A:B9:19:54:7C:F5
ValidityThu, 04 Apr 2024 01:04:17 GMT - Wed, 03 Jul 2024 01:04:16 GMT

File type
PNG image data, 879 x 166, 8-bit/color RGBA, non-interlaced
Size
29 kB (29204 bytes)
Hash
b1180ee8cb45783fc3dc0591c13d41fc
98497964e8b5f8b503d32d1d328153f526385ddf
0065e71c9ca77af9aa15f95c78e5e4c5ae1aaa4d591d03c194001b9368e511ba

HTTP Headers

GET /image/safenote-logo.png HTTP/1.1
Host: safenote.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/expired
Cookie: XSRF-TOKEN=eyJpdiI6Im9DZ3UyaUZIZUJEWnN5SWdwcVlJbmc9PSIsInZhbHVlIjoiTWY0dWhiYTJwYlVwczhDOUFVdUVoYktQcHM1ZWk4emhTUEh1VlNISUkwXC82dVlma3JtZ2RRRTZDVnlFVlwvY1pwIiwibWFjIjoiNmQ1OTE3OGZiMmRmNjEyMzFkODVlZjg0MmZlODEyOTQ2NGYzMGNkMTUyYWFhNDM0Mjc2NTI3Y2FiZWYyOWViNCJ9; safenote_session=eyJpdiI6IlE5ZzV2WjBcL0RNeHRqd1NlQVNvUnN3PT0iLCJ2YWx1ZSI6IjlBVlFaWVVHR05tcFRTVnc5UzNCMFZ1dHJSM0F5SnFkWEpSWXZ2dEQrV2lEd3UreGpDTlRuM1lzbklPdVdWVkMiLCJtYWMiOiIxYjA0OTI0YjJhYjNmOWY0NTgzNWQyMDljNGJmMjc0YWZmZTc3OWMxYzkwNmQzODMzNDBhYWZmZTIwN2MwZDc4In0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 18:38:05 GMT
Server: Apache
Last-Modified: Sun, 20 Oct 2019 15:21:32 GMT
ETag: "7214-595591f3c7867"
Accept-Ranges: bytes
Content-Length: 29204
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: image/png

use.fontawesome.com/releases/v5.5.0/webfonts/fa-brands-400.woff2

172.67.142.245

200 OK

70 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.5.0/webfonts/fa-brands-400.woff2
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://safenote.co/expired
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 69608, version 1.0
Size
70 kB (69608 bytes)
Hash
659c4d58b00226541ef95c3a76e169c5
333b0d6bb7e10601f4bd99e048608d5581be2a98
05dbc51654b96590d176c27efbcef2cf4ac0497499a9f28b731b73eea399070c

HTTP Headers

GET /releases/v5.5.0/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 19 Apr 2024 18:37:31 GMT
content-type: font/woff2
content-length: 69608
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "659c4d58b00226541ef95c3a76e169c5"
last-modified: Fri, 22 Sep 2023 01:45:38 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 123693
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j%2FXU2Jmcc0jiQqS11zLpzaMbGH%2Bq1zsbj1CgtL2OpObfyKrWZicBj3tmFJVNxbOmw85LuOoeGinNmFQbnQsoU1%2Bac3LpxYLgSGf6iVNlqGSA0rp906dC5jAqfvz3R1JL7pdLLVId"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876f019ee95cb4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Nunito

142.250.74.106

200 OK

14 kB

URL GET HTTP/3
fonts.googleapis.com/css?family=Nunito
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://safenote.co/expired
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
14 kB (13858 bytes)
Hash
1bba69f75ed8a8770bbd13a6e1a4a255
14c09e52948e5e62222a387da4d0ee95fe139aa4
c31beb615f3f32b08b7493ad9ab51dc75e1fac1ba43584301061274d684f66cd

HTTP Headers

GET /css?family=Nunito HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 18:37:31 GMT
date: Fri, 19 Apr 2024 18:37:31 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

safenote.co/image/safenote.png

192.99.70.154

200 OK

28 kB

URL GET HTTP/1.1
safenote.co/image/safenote.png
IP
192.99.70.154:443
ASN
#16276 OVH SAS

Requested by
https://safenote.co/expired
Certificate
IssuerLet's Encrypt
Subjectsafenote.co
Fingerprint6B:C2:24:18:FF:7F:60:50:65:4D:6E:D4:21:4E:6A:B9:19:54:7C:F5
ValidityThu, 04 Apr 2024 01:04:17 GMT - Wed, 03 Jul 2024 01:04:16 GMT

File type
PNG image data, 573 x 574, 8-bit/color RGBA, non-interlaced
Size
28 kB (28299 bytes)
Hash
b4fa32d209561c196b98a6083deb357e
472092787027eca962156a56743d01a6cb1eece8
449a2b9cf6b4c1c80defe75ab2f7cb542b02da5252fb6b6289a09b130133a62e

HTTP Headers

GET /image/safenote.png HTTP/1.1
Host: safenote.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/expired
Cookie: XSRF-TOKEN=eyJpdiI6Im9DZ3UyaUZIZUJEWnN5SWdwcVlJbmc9PSIsInZhbHVlIjoiTWY0dWhiYTJwYlVwczhDOUFVdUVoYktQcHM1ZWk4emhTUEh1VlNISUkwXC82dVlma3JtZ2RRRTZDVnlFVlwvY1pwIiwibWFjIjoiNmQ1OTE3OGZiMmRmNjEyMzFkODVlZjg0MmZlODEyOTQ2NGYzMGNkMTUyYWFhNDM0Mjc2NTI3Y2FiZWYyOWViNCJ9; safenote_session=eyJpdiI6IlE5ZzV2WjBcL0RNeHRqd1NlQVNvUnN3PT0iLCJ2YWx1ZSI6IjlBVlFaWVVHR05tcFRTVnc5UzNCMFZ1dHJSM0F5SnFkWEpSWXZ2dEQrV2lEd3UreGpDTlRuM1lzbklPdVdWVkMiLCJtYWMiOiIxYjA0OTI0YjJhYjNmOWY0NTgzNWQyMDljNGJmMjc0YWZmZTc3OWMxYzkwNmQzODMzNDBhYWZmZTIwN2MwZDc4In0%3D; _ga_VLFN2PT7RM=GS1.1.1713551851.1.0.1713551851.0.0.0; _ga=GA1.1.546932530.1713551851
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 18:38:05 GMT
Server: Apache
Last-Modified: Sun, 20 Oct 2019 15:21:32 GMT
ETag: "6e8b-595591f3c7867"
Accept-Ranges: bytes
Content-Length: 28299
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: image/png

fonts.googleapis.com/css?family=Noto+Sans&display=swap

142.250.74.106

200 OK

3.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Noto+Sans&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://safenote.co/expired
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
ASCII text, with very long lines (3272), with no line terminators
Size
3.2 kB (3192 bytes)
Hash
3e15972e34db57f193696124445a1644
ff4b0708bdf3485af4b7e58a1a16ce8df13a4fc1
7e6944d56f8a2f198951ed53bb3d51bb012d1b724b6f6cf88258e82b2737b077

HTTP Headers

GET /css?family=Noto+Sans&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 19 Apr 2024 18:37:30 GMT
date: Fri, 19 Apr 2024 18:37:30 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

safenote.co/expired

192.99.70.154

200 OK

22 kB

URL User Request GET HTTP/1.1
safenote.co/expired
IP
192.99.70.154:443
ASN
#16276 OVH SAS

Certificate
IssuerLet's Encrypt
Subjectsafenote.co
Fingerprint6B:C2:24:18:FF:7F:60:50:65:4D:6E:D4:21:4E:6A:B9:19:54:7C:F5
ValidityThu, 04 Apr 2024 01:04:17 GMT - Wed, 03 Jul 2024 01:04:16 GMT

File type

Size
22 kB (21622 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /expired HTTP/1.1
Host: safenote.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9MRHd6Q1UwN2crdU12YWdSZmRkTnc9PSIsInZhbHVlIjoidThVUGI3TEVGOElGOTJXVU1Ha1hIaldFWlFMalpWSnRHMUJjVnA5TWNPd3U3RTBmdFdMWSszaTRkZlF6U0RPUyIsIm1hYyI6ImJmMzIxN2U5NzdhMWQyN2FjZWYwMjU2ZWUzZWI0MDk1ZWNlMzEwM2UyMjYwMDljOGM2NTQxM2E5Nzg0MDRmNzEifQ%3D%3D; safenote_session=eyJpdiI6Ind5cytLQk9tQytOa0ZSNkR2U2RjekE9PSIsInZhbHVlIjoiSlAzWEVBbVdodjN1cXFRWkJUdW1lcU5VWkhuMXMxZHFybFh0amtDMjhJWldZTEZvZUYzVlwvd243M204clAybU8iLCJtYWMiOiI0YmZhOThiYzNlODk1ZDUxZGQ2NTA4MzQxMDQyNGY2Y2ZlZDAxYzgwNDgzYzYzMjY3NzY3NzJjZTVjMzYzYjMzIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 18:38:04 GMT
Server: Apache
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im9DZ3UyaUZIZUJEWnN5SWdwcVlJbmc9PSIsInZhbHVlIjoiTWY0dWhiYTJwYlVwczhDOUFVdUVoYktQcHM1ZWk4emhTUEh1VlNISUkwXC82dVlma3JtZ2RRRTZDVnlFVlwvY1pwIiwibWFjIjoiNmQ1OTE3OGZiMmRmNjEyMzFkODVlZjg0MmZlODEyOTQ2NGYzMGNkMTUyYWFhNDM0Mjc2NTI3Y2FiZWYyOWViNCJ9; expires=Fri, 19-Apr-2024 20:38:04 GMT; Max-Age=7200; path=/
safenote_session=eyJpdiI6IlE5ZzV2WjBcL0RNeHRqd1NlQVNvUnN3PT0iLCJ2YWx1ZSI6IjlBVlFaWVVHR05tcFRTVnc5UzNCMFZ1dHJSM0F5SnFkWEpSWXZ2dEQrV2lEd3UreGpDTlRuM1lzbklPdVdWVkMiLCJtYWMiOiIxYjA0OTI0YjJhYjNmOWY0NTgzNWQyMDljNGJmMjc0YWZmZTc3OWMxYzkwNmQzODMzNDBhYWZmZTIwN2MwZDc4In0%3D; expires=Fri, 19-Apr-2024 20:38:04 GMT; Max-Age=7200; path=/; httponly
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5121
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

safenote.co/js/app.js

192.99.70.154

200 OK

333 kB

URL GET HTTP/1.1
safenote.co/js/app.js
IP
192.99.70.154:443
ASN
#16276 OVH SAS

Requested by
https://safenote.co/expired
Certificate
IssuerLet's Encrypt
Subjectsafenote.co
Fingerprint6B:C2:24:18:FF:7F:60:50:65:4D:6E:D4:21:4E:6A:B9:19:54:7C:F5
ValidityThu, 04 Apr 2024 01:04:17 GMT - Wed, 03 Jul 2024 01:04:16 GMT

File type

Size
333 kB (333363 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /js/app.js HTTP/1.1
Host: safenote.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/expired
Cookie: XSRF-TOKEN=eyJpdiI6Im9DZ3UyaUZIZUJEWnN5SWdwcVlJbmc9PSIsInZhbHVlIjoiTWY0dWhiYTJwYlVwczhDOUFVdUVoYktQcHM1ZWk4emhTUEh1VlNISUkwXC82dVlma3JtZ2RRRTZDVnlFVlwvY1pwIiwibWFjIjoiNmQ1OTE3OGZiMmRmNjEyMzFkODVlZjg0MmZlODEyOTQ2NGYzMGNkMTUyYWFhNDM0Mjc2NTI3Y2FiZWYyOWViNCJ9; safenote_session=eyJpdiI6IlE5ZzV2WjBcL0RNeHRqd1NlQVNvUnN3PT0iLCJ2YWx1ZSI6IjlBVlFaWVVHR05tcFRTVnc5UzNCMFZ1dHJSM0F5SnFkWEpSWXZ2dEQrV2lEd3UreGpDTlRuM1lzbklPdVdWVkMiLCJtYWMiOiIxYjA0OTI0YjJhYjNmOWY0NTgzNWQyMDljNGJmMjc0YWZmZTc3OWMxYzkwNmQzODMzNDBhYWZmZTIwN2MwZDc4In0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 19 Apr 2024 18:38:05 GMT
Server: Apache
Last-Modified: Fri, 23 Nov 2018 13:42:31 GMT
ETag: "51633-57b5527a84ef7-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: application/javascript

fonts.gstatic.com/s/notosans/v36/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9a6VI.woff2

216.58.207.227

200 OK

13 kB

URL GET HTTP/2
fonts.gstatic.com/s/notosans/v36/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9a6VI.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://safenote.co/expired
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint8F:81:43:71:C4:F3:8C:FA:6D:EC:B4:5E:1F:58:71:AA:48:42:0E:E9
ValidityMon, 04 Mar 2024 07:16:39 GMT - Mon, 27 May 2024 07:16:38 GMT

File type
Web Open Font Format (Version 2), TrueType, length 13336, version 1.0
Size
13 kB (13336 bytes)
Hash
b07180cf0f81951de10205e371bb7994
6e73dee82a9e2a3a50ecd76f44e0df99ace1871d
4c0aea6139bcfbb5d8295db45717b7dab4b1ea854564068c5cac0c2cefc679fd

HTTP Headers

GET /s/notosans/v36/o-0mIpQlx3QUlC5A4PNB6Ryti20_6n1iPHjcz6L1SoM-jCpoiyD9A-9a6VI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13336
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:54:32 GMT
expires: Fri, 18 Apr 2025 02:54:32 GMT
cache-control: public, max-age=31536000
age: 142979
last-modified: Wed, 14 Feb 2024 22:28:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.5.0/css/all.css

172.67.142.245

200 OK

51 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.5.0/css/all.css
IP
172.67.142.245:443
ASN
#13335 CLOUDFLARENET

Requested by
https://safenote.co/expired
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (51030)
Size
51 kB (51215 bytes)
Hash
1cc6c92172d124fbd305ba3d8e263333
d24f4d0e56617d3663d5a929500f05a17d71246e
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2

HTTP Headers

GET /releases/v5.5.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://safenote.co
DNT: 1
Connection: keep-alive
Referer: https://safenote.co/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 19 Apr 2024 18:37:30 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"1cc6c92172d124fbd305ba3d8e263333"
last-modified: Fri, 22 Sep 2023 01:45:37 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 350421
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xbuEs1U9u6lzWqCFVeO2rgj1mvO4UcLJfKbogHCF0bH29WYpRIOBBTGPotExZS2AuPoPJO%2Bi76rAsYPOv6Jcx6utIhPpU49ufxn9r4uNjEpzbppVVe9FuR8D50R%2B5%2FydSEzlHByt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876f019bee3cb4eb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL