anyfile-notepad.semaan.ca Open in urlscan Pro
82.196.8.62 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22acti...
Submission Tags: falconsandbox
Submission: On May 20 via api (May 20th 2021, 1:26:15 am UTC) from US

Summary HTTP 80 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 34 IPs in 7 countries across 36 domains to perform 80 HTTP transactions. The main IP is 82.196.8.62, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is anyfile-notepad.semaan.ca.
TLS certificate: Issued by R3 on April 30th 2021. Valid for: 3 months.

This is the only time anyfile-notepad.semaan.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	82.196.8.62 82.196.8.62	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2010	15169 (GOOGLE) (GOOGLE)
16	104.22.2.144 104.22.2.144	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	159.89.121.194 159.89.121.194	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	173.198.200.125 173.198.200.125	40244 (TURNKEY-I...) (TURNKEY-INTERNET)
1	104.154.142.214 104.154.142.214	15169 (GOOGLE) (GOOGLE)
1	198.148.27.133 198.148.27.133	19189 (PULSEPOINT) (PULSEPOINT)
7	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::200d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	208.100.17.190 208.100.17.190	32748 (STEADFAST) (STEADFAST)
2 9	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
5 5	185.64.190.79 185.64.190.79	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1 1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	185.33.221.15 185.33.221.15	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2 2	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
2 3	76.223.111.131 76.223.111.131	16509 (AMAZON-02) (AMAZON-02)
1 1	213.19.147.44 213.19.147.44	26120 (RHYTHMONE) (RHYTHMONE)
1 1	64.202.112.63 64.202.112.63	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	52.30.185.188 52.30.185.188	16509 (AMAZON-02) (AMAZON-02)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 2	35.156.106.231 35.156.106.231	16509 (AMAZON-02) (AMAZON-02)
1	38.27.122.158 38.27.122.158	174 (COGENT-174) (COGENT-174)
2 2	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1 1	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
1	208.100.17.171 208.100.17.171	32748 (STEADFAST) (STEADFAST)
1 2	52.46.130.13 52.46.130.13	16509 (AMAZON-02) (AMAZON-02)
1 1	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	35.171.130.4 35.171.130.4	14618 (AMAZON-AES) (AMAZON-AES)
1 1	3.91.110.183 3.91.110.183	14618 (AMAZON-AES) (AMAZON-AES)
1 2	35.170.231.210 35.170.231.210	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:80f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
1	198.148.27.139 198.148.27.139	19189 (PULSEPOINT) (PULSEPOINT)
80	34

8 82.196.8.62 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

anyfile-notepad.semaan.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 104.22.2.144 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
router.infolinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.89.121.194 (Toronto, Canada)

ASN14061 (DIGITALOCEAN-ASN, US)

api.anyfile-notepad.semaan.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.198.200.125 (Latham, United States)

ASN40244 (TURNKEY-INTERNET, US)

prebid.admedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.154.142.214 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)

lockerdome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.133 (New York, United States)

ASN19189 (PULSEPOINT, US)

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.190 (United States)

ASN32748 (STEADFAST, US)
PTR: ip190.208-100-17.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (France)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.64.190.79 (United Kingdom) 5 redirects

ASN62713 (AS-PUBMATIC, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.184.226 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.81 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.33.221.15 (Amsterdam, Netherlands) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 720.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.19.147.45 (United Kingdom) 2 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 76.223.111.131 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.44 (United Kingdom) 1 redirects

ASN26120 (RHYTHMONE, US)

sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.63 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.185.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

s.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

dsp.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.156.106.231 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-106-231.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.27.122.158 (United States)

ASN174 (COGENT-174, US)

match.bnmla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.48 (United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.128 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.171 (United States)

ASN32748 (STEADFAST, US)
PTR: ip171.208-100-17.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.46.130.13 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.149 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.171.130.4 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.91.110.183 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.170.231.210 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-170-231-210.compute-1.amazonaws.com

um2.eqads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a7b33f4bd1b1514d6abb2828dc3f60ac.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.139 (New York, United States)

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	infolinks.com resources.infolinks.com router.infolinks.com	275 KB
11	googlesyndication.com a7b33f4bd1b1514d6abb2828dc3f60ac.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	34 KB
9	casalemedia.com 2 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com	10 KB
9	doubleclick.net 4 redirects securepubads.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	119 KB
9	semaan.ca anyfile-notepad.semaan.ca api.anyfile-notepad.semaan.ca	2 MB
8	pubmatic.com 8 redirects image8.pubmatic.com image2.pubmatic.com image4.pubmatic.com	2 KB
7	google.com 1 redirects apis.google.com accounts.google.com adservice.google.com www.google.com	111 KB
5	ampproject.org cdn.ampproject.org	107 KB
4	adnxs.com 4 redirects ib.adnxs.com	4 KB
3	adsrvr.org 2 redirects match.adsrvr.org	1 KB
3	yahoo.com 3 redirects ups.analytics.yahoo.com	3 KB
3	googleapis.com fonts.googleapis.com storage.googleapis.com	174 KB
2	eqads.com 1 redirects um2.eqads.com	563 B
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	961 B
2	lijit.com 2 redirects ap.lijit.com	1 KB
2	advertising.com 2 redirects pixel.advertising.com	674 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	contextweb.com bid.contextweb.com bh.contextweb.com	923 B
2	google-analytics.com www.google-analytics.com	19 KB
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com	376 B
1	advangelists.com 1 redirects nep.advangelists.com	232 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com	299 B
1	33across.com ssc-cms.33across.com	72 B
1	rfihub.com 1 redirects p.rfihub.com	759 B
1	bnmla.com match.bnmla.com	114 B
1	adkernel.com dsp.adkernel.com	233 B
1	cpx.to s.cpx.to	945 B
1	sonobi.com sync.go.sonobi.com	474 B
1	zemanta.com 1 redirects b1sync.zemanta.com	288 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	475 B
1	onetag-sys.com onetag-sys.com	818 B
1	tynt.com de.tynt.com	289 B
1	gstatic.com ssl.gstatic.com	39 KB
1	lockerdome.com lockerdome.com	438 B
1	admedia.com prebid.admedia.com	701 B
1	googletagservices.com www.googletagservices.com	21 KB
80	36

	Domain	Requested by
13	router.infolinks.com	resources.infolinks.com router.infolinks.com ssum-sec.casalemedia.com
8	anyfile-notepad.semaan.ca	anyfile-notepad.semaan.ca
6	tpc.googlesyndication.com	securepubads.g.doubleclick.net anyfile-notepad.semaan.ca tpc.googlesyndication.com
6	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com um2.eqads.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	image8.pubmatic.com	5 redirects
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	ib.adnxs.com	4 redirects
4	cm.g.doubleclick.net	4 redirects
4	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net anyfile-notepad.semaan.ca
3	match.adsrvr.org	2 redirects ssum-sec.casalemedia.com
3	ups.analytics.yahoo.com	3 redirects
3	ssum-sec.casalemedia.com	1 redirects router.infolinks.com ssum-sec.casalemedia.com
3	resources.infolinks.com	anyfile-notepad.semaan.ca resources.infolinks.com
2	www.google.com	1 redirects anyfile-notepad.semaan.ca
2	um2.eqads.com	1 redirects ssum-sec.casalemedia.com
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	ap.lijit.com	2 redirects
2	pixel.advertising.com	2 redirects
2	sync.1rx.io	2 redirects
2	image4.pubmatic.com	2 redirects
2	accounts.google.com	apis.google.com ssl.gstatic.com
2	www.google-analytics.com	anyfile-notepad.semaan.ca www.google-analytics.com
2	apis.google.com	anyfile-notepad.semaan.ca apis.google.com
2	storage.googleapis.com	anyfile-notepad.semaan.ca
1	bh.contextweb.com
1	googleads.g.doubleclick.net	anyfile-notepad.semaan.ca
1	a7b33f4bd1b1514d6abb2828dc3f60ac.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	beacon.lynx.cognitivlabs.com	1 redirects
1	nep.advangelists.com	1 redirects
1	pixel-sync.sitescout.com	1 redirects
1	ssc-cms.33across.com	router.infolinks.com
1	p.rfihub.com	1 redirects
1	match.bnmla.com	router.infolinks.com
1	dsp.adkernel.com	router.infolinks.com
1	s.cpx.to	router.infolinks.com
1	sync.go.sonobi.com	router.infolinks.com
1	b1sync.zemanta.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	image2.pubmatic.com	1 redirects
1	onetag-sys.com	router.infolinks.com
1	de.tynt.com	router.infolinks.com
1	ssl.gstatic.com	accounts.google.com
1	bid.contextweb.com	storage.googleapis.com
1	lockerdome.com	storage.googleapis.com
1	prebid.admedia.com	storage.googleapis.com
1	api.anyfile-notepad.semaan.ca	anyfile-notepad.semaan.ca
1	www.googletagservices.com	anyfile-notepad.semaan.ca
1	fonts.googleapis.com	anyfile-notepad.semaan.ca
80	50

This site contains links to these domains. Also see Links.

Domain
accounts.google.com
bit.ly

Subject Issuer	Validity	Valid
anyfile-notepad.semaan.ca R3	`2021-04-30` - `2021-07-29`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-15` - `2021-08-15`	a year	crt.sh
*.apis.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
api.anyfile-notepad.semaan.ca R3	`2021-04-30` - `2021-07-29`	3 months	crt.sh
*.admedia.com Sectigo RSA Domain Validation Secure Server CA	`2020-02-27` - `2022-03-02`	2 years	crt.sh
*.lockerdome.com Go Daddy Secure Certificate Authority - G2	`2020-09-27` - `2021-10-29`	a year	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
accounts.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
onetag-sys.com R3	`2021-05-02` - `2021-07-31`	3 months	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
s.cpx.to Sectigo RSA Domain Validation Secure Server CA	`2021-02-03` - `2022-02-09`	a year	crt.sh
*.adkernel.com Sectigo RSA Domain Validation Secure Server CA	`2020-12-22` - `2022-01-05`	a year	crt.sh
*.bnmla.com Go Daddy Secure Certificate Authority - G2	`2021-01-06` - `2022-02-07`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
um3.eqads.com Amazon	`2020-07-24` - `2021-08-24`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Frame ID: 18A8159107784AA1EF816D47AC6E9934
Requests: 33 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Frame ID: 9DF517D9436AFA6D9CA2A54B8CB94F82
Requests: 16 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 89F87ECE6F85780D91E4A72ECA6AC244
Requests: 3 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: 0BE2E7CF2D40B61DD55A1E0119862C5B
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: 5BADAC39F1DB3643795FD19721C6E688
Requests: 9 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: 0A7228B9DA7635D470AAD4BD1F6D2352
Requests: 1 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 5A2D20E2556DDA3F89F3E228FBD9D0D9
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012103020108001/amp4ads-v0.mjs
Frame ID: DBE4D3AABA87F82A01E6F33EAAC686EF
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: E148459C5E51B8A8CD7BD56368DE3051
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Go (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /^Caddy$/i

Caddy (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^Caddy$/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

80
Requests

100 %
HTTPS

31 %
IPv6

36
Domains

50
Subdomains

34
IPs

7
Countries

3459 kB
Transfer

4884 kB
Size

17
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://accounts.google.com/AddSession
Title: Add account

Search URL Search Domain Scan URL

URL: http://bit.ly/afn-community-fb
Title: Seeing innapropriate ads ? Or have comments on them ? Click to post on the community

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

Request Chain 31

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RUNBMERBMjAtRkIxRS00NUEwLUJEQkMtNjE0Mjg0RTdEQTU1&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DECA0DA20-FB1E-45A0-BDBC-614284E7DA55 HTTP 302
https://router.infolinks.com/dyn/pbm-usync?uid=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55

Request Chain 32

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
https://router.infolinks.com/dyn/apn-usync?user_id=7676808510656171404

Request Chain 33

https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
https://router.infolinks.com/dyn/VR-usync?uid=y-.2.JPZNE2uFy3TxhpKl5ypOzZ0.9OgLYk6g5KN0-~A

Request Chain 34

https://sync.1rx.io/usersync2/infolinks HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4689432200 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4689432200 HTTP 302
https://sync.1rx.io/usersync/tradedesk/ef050923-00bb-4b12-8e85-74c9e6fb4650 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-82806bef-d3c8-4639-badd-2a6fe2286c44-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-82806bef-d3c8-4639-badd-2a6fe2286c44-003 HTTP 302
https://router.infolinks.com/dyn/r1-usync?uid=RX-82806bef-d3c8-4639-badd-2a6fe2286c44-003

Request Chain 35

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
https://router.infolinks.com/dyn/zmn-usync?uid=

Request Chain 37

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fanyfile-notepad.semaan.ca%252F&pid=12306&adnxs_uid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fanyfile-notepad.semaan.ca%25252F%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fanyfile-notepad.semaan.ca%2F&pid=12306&adnxs_uid=7676808510656171404

Request Chain 39

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP52a1d0f3-b90a-11eb-8fe6-06a224eca24a HTTP 302
https://router.infolinks.com/dyn/outh-usync?uid=y-dzYTQHJE2uFHVs9PHzHlWtmkJojy3OXZ~A~UP52a1d0f3-b90a-11eb-8fe6-06a224eca24a

Request Chain 41

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
https://router.infolinks.com/dyn/sovrn-usync?uid=84d8980637bc1a8abe4a4957

Request Chain 42

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID&rdf=1 HTTP 302
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3DECA0DA20-FB1E-45A0-BDBC-614284E7DA55 HTTP 302
https://router.infolinks.com/dyn/usersync?pmuservalue=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55

Request Chain 44

https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
https://router.infolinks.com/dyn/zeta-usync?uid=1875819619940461852

Request Chain 46

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&dcc=t

Request Chain 47

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&gdpr_consent=&us_privacy=&gdpr=1&google_tc= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEN9i0GCOD2JMnG3CrZcsUPk&google_cver=1

Request Chain 49

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YKW6owHi2sxnWs45Ot9X3QAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAFGMqwE-Me29tgH--I0x-I&google_cver=1&gdpr=1

Request Chain 50

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1624065955

Request Chain 51

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e75c1fea-f838-46d9-9e2e-d7c8d61115d0

Request Chain 52

https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=b821e83c-4e7e-40ea-be3e-f7a69953dd23&expiration=1653009955

Request Chain 54

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

Request Chain 73

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

80 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request app Show response
anyfile-notepad.semaan.ca/ 196 KB
196 KB 651ms
20ms Document
text/html 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: 5fb73a4f0d1c32d3b5dd32760d39b449edfbaec4f80fe083cf1c1f92a854e1bd

Request headers

:method: GET
:authority: anyfile-notepad.semaan.ca
:scheme: https
:path: /app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=utf-8
date: Thu, 20 May 2021 01:25:54 GMT
expires: 0
last-modified: Tue, 11 May 2021 23:58:16 GMT
pragma: no-cache
server: Caddy
x-afn-server: afn-srv-ams-1
content-length: 200745

GET
H2 200 icon
fonts.googleapis.com/ 568 B
461 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

08c8a6b9d55c71f4802ed4d7fc8ea16fd67585c92d74e488076fed2ef0907f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 20 May 2021 01:25:54 GMT
server: ESF
date: Thu, 20 May 2021 01:25:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 20 May 2021 01:25:54 GMT

GET
H2 200 application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
anyfile-notepad.semaan.ca/assets/ 299 KB
300 KB 44ms
41ms Stylesheet
text/css 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: 06dd0a69a7327645be89e0162d588b6d3cd7ba013e50c77c26ad67429f2ab819

Request headers

:path: /assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: anyfile-notepad.semaan.ca
referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-afn-server: afn-srv-ams-1
last-modified: Tue, 11 May 2021 23:58:01 GMT
server: Caddy
date: Thu, 20 May 2021 01:25:54 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
accept-ranges: bytes
content-length: 306593

GET
H2 200 application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js Show response
anyfile-notepad.semaan.ca/assets/ 654 KB
654 KB 43ms
41ms Script
text/javascript 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: 247547078d43ab49b4ddf8513f2ce6dcf8528a1aed51ba0f225def4663c1eefa

Request headers

:path: /assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: anyfile-notepad.semaan.ca
referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-afn-server: afn-srv-ams-1
last-modified: Tue, 11 May 2021 23:58:14 GMT
server: Caddy
date: Thu, 20 May 2021 01:25:54 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
accept-ranges: bytes
content-length: 669424

GET
H2 200 ace.js Show response
anyfile-notepad.semaan.ca/ace.js/ 353 KB
353 KB 44ms
41ms Script
text/javascript 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anyfile-notepad.semaan.ca/ace.js/ace.js
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: e9ce598bb515c234eb962bbafbd1128d45f6c2755538a9b5e04a72ee58ec333e

Request headers

:path: /ace.js/ace.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: anyfile-notepad.semaan.ca
referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
x-afn-server: afn-srv-ams-1
last-modified: Fri, 17 Aug 2018 01:36:41 GMT
server: Caddy
date: Thu, 20 May 2021 01:25:54 GMT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 360977
expires: 0

GET
H3-29 200 sdbmtiqbxqoopp7t3s9lq.js Show response
storage.googleapis.com/dbmtiqbxqoopp7t3s9lq/ 170 KB
170 KB 133ms
117ms Script
text/javascript 2a00:1450:4001:812::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/dbmtiqbxqoopp7t3s9lq/sdbmtiqbxqoopp7t3s9lq.js
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 08b280a4f0643253a52d633ead8ba7441919dd32155433b061a6032d31453b7b

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:54 GMT
age: 0
x-guploader-uploadid: ABg5-UwgoykpbsWdYSuMQBSCYGxu7QqNQeBlX_bw97-awM48Hcg3mne91vSg8BKLNUwduC5c4v9eOjI3QTnDPYEmePKLjoeMNg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 174265
last-modified: Fri, 26 Jul 2019 13:45:58 GMT
server: UploadServer
etag: "3ef537fdfae0face6e220c8bb8cc728e"
x-goog-hash: crc32c=Oug7Sw==, md5=PvU3/frg+s5uIgyLuMxyjg==
x-goog-generation: 1564148758016703
cache-control: public, max-age=3600
x-goog-stored-content-length: 174265
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 20 May 2021 02:25:54 GMT

GET
H2 200 vdbmtiqbxqoopp7t3s9lq.js Show response
storage.googleapis.com/dbmtiqbxqoopp7t3s9lq/ 3 KB
3 KB 145ms
121ms Script
text/javascript 2a00:1450:4001:812::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/dbmtiqbxqoopp7t3s9lq/vdbmtiqbxqoopp7t3s9lq.js
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 850279a1093701b0167c16a386ddb641dab5b7c9f03110dda4b60949d8a1bc6b

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:54 GMT
age: 0
x-guploader-uploadid: ABg5-Uy2KHOvkWZ_aQEeh3MxlKhH2Kb1QtkU7sKvuSubrq3Lho_c1IjunggD2qICod_T3E7y4BkcR9qA9fPHzY4dUphNwLAZXw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2652
last-modified: Fri, 26 Jul 2019 13:45:57 GMT
server: UploadServer
etag: "c9f34d2f36658e54d648aefdf7a9d5b7"
x-goog-hash: crc32c=w53zFg==, md5=yfNNLzZljlTWSK7996nVtw==
x-goog-generation: 1564148757543920
cache-control: public, max-age=3600
x-goog-stored-content-length: 2652
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 20 May 2021 02:25:54 GMT

GET
H2 200 application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.css
anyfile-notepad.semaan.ca/assets/ 344 KB
345 KB 57ms
57ms Stylesheet
text/css 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.css
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: b0ff61b6e636d89b155690f14a357af3d14a4426a56f1a5b77e320641a4469c2

Request headers

:path: /assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: anyfile-notepad.semaan.ca
referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-afn-server: afn-srv-ams-1
last-modified: Tue, 11 May 2021 23:57:59 GMT
server: Caddy
date: Thu, 20 May 2021 01:25:54 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
accept-ranges: bytes
content-length: 352688

GET
H2 200 infolinks_main.js Show response
resources.infolinks.com/js/ 3 KB
2 KB 40ms
21ms Script
application/javascript 104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/infolinks_main.js
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 78afc9cc33526517626217902b8fb470a8d07f0e80134a2d2ef1a8c32780cc4a

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 6521c615be314abd-FRA
date: Thu, 20 May 2021 01:25:54 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Wed, 19 May 2021 07:08:11 GMT
server: cloudflare
age: 8251
etag: W/"c40-5c2a97d50fea4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
content-encoding: gzip
cf-request-id: 0a28fa219000004abd45043000000001
expires: Thu, 20 May 2021 00:08:23 GMT

GET
H2 200 client.js Show response
apis.google.com/js/ 12 KB
5 KB 35ms
33ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/client.js?onload=oauth_loaded

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

504800a968b79c4bdfabb51f559f8850a972f3d374a9b5e7bb33d252d7401e0e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-aoMZZUFKiGeG6aQYkpQ0jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "03d4341b0854256bc59ebf17080c5367"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-aoMZZUFKiGeG6aQYkpQ0jw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Thu, 20 May 2021 01:25:54 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6958
date: Wed, 19 May 2021 23:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Thu, 20 May 2021 01:29:56 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 62 KB
21 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb4e083cee3e2b844ec6fdb1753ff81bd8b2787a03c9a009193bb1d0b054dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "877 / 752 of 1000 / last-modified: 1621462309"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21338
x-xss-protection: 0
expires: Thu, 20 May 2021 01:25:54 GMT

GET
H2 200 ice.js Show response
resources.infolinks.com/js/1747.002-3.012/ 588 KB
188 KB 20ms
16ms Script
application/javascript 104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/1747.002-3.012/ice.js
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffa811ff2834d53f32832c8b70d7df7208264e144629487bbd91179ca13a5eca

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 6521c6179fec4abd-FRA
date: Thu, 20 May 2021 01:25:54 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Mon, 10 May 2021 17:45:28 GMT
server: cloudflare
age: 430
etag: W/"9312d-5c1fd57dcd910"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
cf-request-id: 0a28fa22ba00004abd47175000000001
expires: Sat, 19 Jun 2021 01:18:44 GMT

POST
H/1.1 200
OK stats Show response
api.anyfile-notepad.semaan.ca/ 2 B
360 B 563ms
112ms XHR
text/plain 159.89.121.194
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.anyfile-notepad.semaan.ca/stats
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 159.89.121.194 Toronto, Canada, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: */*
Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 mod_wsgi/3.4 Python/2.7.5
Access-Control-Allow-Headers: Content-Type, Authorization
Content-Length: 2
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/plain; charset=utf-8

GET
H2 200 Lato-Regular.ttf
anyfile-notepad.semaan.ca/fonts/ 593 KB
594 KB 19ms
19ms Font
font/ttf 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anyfile-notepad.semaan.ca/fonts/Lato-Regular.ttf
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: 089ab6d4a57e0e6c4dd3b681b6fd50a5184f1b902429d35e1227e52d6ccad1bd

Request headers

:path: /fonts/Lato-Regular.ttf
pragma: no-cache
origin: https://anyfile-notepad.semaan.ca
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: anyfile-notepad.semaan.ca
referer: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://anyfile-notepad.semaan.ca
Referer: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-afn-server: afn-srv-ams-1
last-modified: Tue, 11 May 2021 23:57:24 GMT
server: Caddy
date: Thu, 20 May 2021 01:25:54 GMT
content-type: font/ttf
access-control-allow-origin: *
accept-ranges: bytes
content-length: 607720

GET
H2 200 Material-Design-Icons.woff
anyfile-notepad.semaan.ca/fonts/ 100 KB
100 KB 73ms
72ms Font
font/woff 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anyfile-notepad.semaan.ca/fonts/Material-Design-Icons.woff?3ocs8m
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: be00e19b662046cb8f2eb6eb86e4689edeefb0c003f6a215df9c22f0e15e16ad

Request headers

:path: /fonts/Material-Design-Icons.woff?3ocs8m
pragma: no-cache
origin: https://anyfile-notepad.semaan.ca
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: anyfile-notepad.semaan.ca
referer: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://anyfile-notepad.semaan.ca
Referer: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-afn-server: afn-srv-ams-1
last-modified: Tue, 11 May 2021 23:57:24 GMT
server: Caddy
date: Thu, 20 May 2021 01:25:54 GMT
content-type: font/woff
access-control-allow-origin: *
accept-ranges: bytes
content-length: 101968

GET
H2 200 logo.png
anyfile-notepad.semaan.ca/ 6 KB
6 KB 19ms
18ms Image
image/png 82.196.8.62
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://anyfile-notepad.semaan.ca/logo.png
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 82.196.8.62 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Caddy /
Resource Hash: bfb6a8799c9f3a60f0a04e2cc9c1d9df6c591708ae4aaa3eda711fcde2d31df9

Request headers

:path: /logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: anyfile-notepad.semaan.ca
referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-afn-server: afn-srv-ams-1
last-modified: Tue, 11 May 2021 23:57:24 GMT
server: Caddy
date: Thu, 20 May 2021 01:25:54 GMT
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 6277

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/ 304 KB
104 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/client.js?onload=oauth_loaded

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bef45a2d66e62100d6a4dad1b713dde1def59a7b963618e1d96c56593be00ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 08:40:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60332
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106903
x-xss-protection: 0
last-modified: Wed, 12 May 2021 20:19:21 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 May 2022 08:40:22 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
24 B 13ms
13ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1398265823&t=pageview&_s=1&dl=https%3A%2F%2Fanyfile-notepad.semaan.ca%2Fapp%3Fstate%3D%257B%2522ids%2522%253A%255B%25220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%2522%255D%252C%2522action%2522%253A%2522open%2522%252C%2522userId%2522%253A%2522101031074268179616323%2522%257D&ul=en-us&de=UTF-8&dt=Anyfile%20Notepad&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1323902579&gjid=85150001&cid=191706508.1621473955&tid=UA-69003440-1&_gid=674856414.1621473955&_r=1&_slc=1&z=1719653344

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://anyfile-notepad.semaan.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK / Show response
prebid.admedia.com/bidder/ 341 B
701 B 345ms
105ms XHR
application/json 173.198.200.125
TURNKEY-INTERNET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.admedia.com/bidder/
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/dbmtiqbxqoopp7t3s9lq/sdbmtiqbxqoopp7t3s9lq.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 173.198.200.125 Latham, United States, ASN40244 (TURNKEY-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ff076183546bd6b64b170cf1305fa344214c98d917a6abb1b610ebed2f9f7e1

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://anyfile-notepad.semaan.ca
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 0

POST
H/1.1 200
OK prebid Show response
lockerdome.com/ladbid/ 11 B
438 B 469ms
115ms XHR
application/json 104.154.142.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lockerdome.com/ladbid/prebid
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/dbmtiqbxqoopp7t3s9lq/sdbmtiqbxqoopp7t3s9lq.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.154.142.214 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Thu, 20 May 2021 01:25:55 GMT
Content-Encoding: gzip
P3P: CP='LockerDome does not have a P3P policy. Learn why here: http://lockerdome.com/p3p'
Access-Control-Allow-Origin: https://anyfile-notepad.semaan.ca
Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Content-Length: 31

POST
H2 204 ortb Show response
bid.contextweb.com/header/ 0
517 B 335ms
110ms XHR
text/plain 198.148.27.133
PULSEPOINT

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/dbmtiqbxqoopp7t3s9lq/sdbmtiqbxqoopp7t3s9lq.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.148.27.133 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 20 May 2021 01:25:54 GMT
server: envoy
cwdl: 22/110,22/110,22/110
access-control-allow-origin: https://anyfile-notepad.semaan.ca
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 4
cw-server: bid-deployment-c96855bdc-9v9s8

GET
H2 200 pubads_impl_2021051301.js Show response
securepubads.g.doubleclick.net/gpt/ 306 KB
108 KB 16ms
16ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

4bdcba71062ad849da6c41bb9130977f59af71c1b82e4c397b193469ece62ad6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 13 May 2021 08:39:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 110161
x-xss-protection: 0
expires: Thu, 20 May 2021 01:25:54 GMT

GET
H2 200 pbice.js Show response
resources.infolinks.com/js/pbice/3.012/ 253 KB
80 KB 28ms
27ms Script
application/javascript 104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://resources.infolinks.com/js/pbice/3.012/pbice.js
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1747.002-3.012/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef22755bc9501f967f1cb92530ea9a24c98432e12dfa2b35a71482b3e5579b21

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 6521c619dac84abd-FRA
date: Thu, 20 May 2021 01:25:54 GMT
via: 1.1 google
cf-cache-status: HIT
last-modified: Thu, 25 Feb 2021 13:31:34 GMT
server: cloudflare
age: 438
etag: W/"3f394-5bc292b988e82"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2592000
content-encoding: gzip
cf-request-id: 0a28fa242c00004abd779d3000000001
expires: Sat, 19 Jun 2021 01:18:36 GMT

GET
H2 200 manage Show response
router.infolinks.com/usync/ Frame 9DF5 8 KB
2 KB 183ms
181ms Document
text/html 104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1747.002-3.012/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 261f0652cd34758c72b9312c9e1f54fe080f1d2dfa7266056b4743c9a89142d8

Request headers

:method: GET
:authority: router.infolinks.com
:scheme: https
:path: /usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anyfile-notepad.semaan.ca/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://anyfile-notepad.semaan.ca/

Response headers

date: Thu, 20 May 2021 01:25:55 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store
p3p: CP="NON DSP NID OUR COR"
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 0a28fa244e00004abd40a19000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6521c61a1b064abd-FRA
content-encoding: gzip

GET
H2 200 lcmanage Show response
router.infolinks.com/usync/ 0
100 B 141ms
140ms Script
text/plain 104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://router.infolinks.com/usync/lcmanage?pid=3221959&wsid=0
Requested by: Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1747.002-3.012/ice.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6521c61a3b3c4abd-FRA
content-length: 0
cf-request-id: 0a28fa246200004abda99a9000000001

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame 89F8 513 B
904 B 69ms
49ms Document
text/html 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.p7L79FLXQCw.O/m=client/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCO6hl1EejjzC-wrWbDdgTxPi0Gs8g/cb=gapi.loaded_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

68ac037876c2c5d88068026e6de99ccdf3593d4554ac3f6eabe29f56532a1e5a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TdOX0vnMrfUjXd0qrXiivA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/iframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anyfile-notepad.semaan.ca/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=216=Wzs-GUmhh9mcm8ViLh4x0GJhKLrRnU8vtU5XISuIqVGcWYjXmSb4geN88VBzAEkHlfoYDy7PPEdO3IXningXFDTul4yce35BtsB4_d1DK5cmZFXH9oO_CGn7MAS0unWqta0i0VU_fzCfQlpdfl7lvxJdz3AUsbSIQeoFFOtvGaA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://anyfile-notepad.semaan.ca/

Response headers

content-type: text/html; charset=utf-8
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 20 May 2021 01:25:55 GMT
content-language: en-US
content-security-policy: script-src 'report-sample' 'nonce-TdOX0vnMrfUjXd0qrXiivA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 3855939171-idpiframe.js Show response
ssl.gstatic.com/accounts/o/ Frame 89F8 112 KB
39 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/3855939171-idpiframe.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6737086b7d5121d9b73988c310046850799d3a354fe2d78fd64d797a417d011

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 17 May 2021 19:29:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 04:35:02 GMT
server: sffe
age: 194180
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39153
x-xss-protection: 0
expires: Tue, 17 May 2022 19:29:35 GMT

GET
H3-29 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame 89F8 14 B
58 B 103ms
63ms XHR
application/json 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fanyfile-notepad.semaan.ca&client_id=249464630588-ombbls22arnr75jdl4uprsof9t9rrp42.apps.googleusercontent.com

Requested by

Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/3855939171-idpiframe.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XmlHttpRequest

Response headers

date: Thu, 20 May 2021 01:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Thu, 20 May 2021 02:25:55 GMT

GET
H2 200 / Show response
de.tynt.com/deb/ Frame 0BE2 75 B
289 B 339ms
113ms Document
text/html 208.100.17.190
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.190 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip190.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

:method: GET
:authority: de.tynt.com
:scheme: https
:path: /deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://router.infolinks.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://router.infolinks.com/

Response headers

cache-control: max-age=86400
expires: Fri, 21 May 2021 01:25:55 GMT
referrer-policy: unsafe-url
content-type: text/html
content-length: 75
date: Thu, 20 May 2021 01:25:54 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 5BAD
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1

2 KB
3 KB

23ms
17ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: ea33b32f5fa8d78d63bda6f1343353f1e9319a16383153a2855143c997e2f1b1

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://router.infolinks.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YKW6owHi2sxnWs45Ot9X3QAA; CMPS=3226
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://router.infolinks.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|230|39|45|40|64|195|8
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1779
Expires: Thu, 20 May 2021 01:25:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Connection: keep-alive
Set-Cookie: CMID=YKW6owHi2sxnWs45Ot9X3QAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 20 May 2022 01:25:55 GMT CMPS=3226;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 18 Aug 2021 01:25:55 GMT CMPRO=1179;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 18 Aug 2021 01:25:55 GMT CMRUM3=0860a5baa305a00&e660a5baa32760&4060a5baa305a0&f160a5baa305a0&2d60a5baa305a0&2860a5baa305a00&c360a5baa305a00&2760a5baa30b40;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 20 May 2022 01:25:55 GMT CMST=YKW6o2CluqMA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 21 May 2021 01:25:55 GMT

Redirect headers

Server: Apache
Content-Length: 311
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Thu, 20 May 2021 01:25:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Connection: keep-alive
Set-Cookie: CMID=YKW6owHi2sxnWs45Ot9X3QAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 20 May 2022 01:25:55 GMT CMPS=3226;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Wed, 18 Aug 2021 01:25:55 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 0A72 2 KB
818 B 91ms
7ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90

Requested by

Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=598ce3ddaee8c90
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://router.infolinks.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://router.infolinks.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H2

200

pbm-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RUNBMERBMjAtRkIxRS00NUEwLUJEQkMtNjE0Mjg0RTdEQTU1&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3DECA0DA20-FB1E-45A0-BDBC-614284E7DA55
https://router.infolinks.com/dyn/pbm-usync?uid=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55

0
200 B

113ms
107ms

Image
text/html

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/pbm-usync?uid=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, private
cf-ray: 6521c61e79014abd-FRA
content-length: 0
cf-request-id: 0a28fa270a00004abd76245000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

location: https://router.infolinks.com/dyn/pbm-usync?uid=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55
date: Thu, 20 May 2021 01:25:54 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

apn-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
https://router.infolinks.com/dyn/apn-usync?user_id=7676808510656171404

35 B
280 B

109ms
109ms

Image
image/gif

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/apn-usync?user_id=7676808510656171404
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61c3def4abd-FRA
content-length: 35
cf-request-id: 0a28fa25a700004abd6f2ab000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.42:80
AN-X-Request-Uuid: 0c222b29-8622-422f-8583-d049015b987e
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://router.infolinks.com/dyn/apn-usync?user_id=7676808510656171404
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

VR-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://ups.analytics.yahoo.com/ups/58422/occ
https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
https://router.infolinks.com/dyn/VR-usync?uid=y-.2.JPZNE2uFy3TxhpKl5ypOzZ0.9OgLYk6g5KN0-~A

35 B
235 B

174ms
170ms

Image
image/gif

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/VR-usync?uid=y-.2.JPZNE2uFy3TxhpKl5ypOzZ0.9OgLYk6g5KN0-~A
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61c3dec4abd-FRA
content-length: 35
cf-request-id: 0a28fa25a600004abd45071000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

Date: Thu, 20 May 2021 01:25:55 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://router.infolinks.com/dyn/VR-usync?uid=y-.2.JPZNE2uFy3TxhpKl5ypOzZ0.9OgLYk6g5KN0-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

r1-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://sync.1rx.io/usersync2/infolinks
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4689432200
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=4689432200
https://sync.1rx.io/usersync/tradedesk/ef050923-00bb-4b12-8e85-74c9e6fb4650
https://sync.targeting.unrulymedia.com/csync/RX-82806bef-d3c8-4639-badd-2a6fe2286c44-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-82806bef-d3c8-4639-badd-2a6fe2286c44-003
https://router.infolinks.com/dyn/r1-usync?uid=RX-82806bef-d3c8-4639-badd-2a6fe2286c44-003

35 B
271 B

130ms
129ms

Image
image/gif

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/r1-usync?uid=RX-82806bef-d3c8-4639-badd-2a6fe2286c44-003
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61eb9444abd-FRA
content-length: 35
cf-request-id: 0a28fa272f00004abdbc03c000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

location: https://router.infolinks.com/dyn/r1-usync?uid=RX-82806bef-d3c8-4639-badd-2a6fe2286c44-003
date: Thu, 20 May 2021 01:25:55 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX82806befd3c84639badd2a6fe2286c44003
content-type: text/html

GET
H2

200

zmn-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
https://router.infolinks.com/dyn/zmn-usync?uid=

35 B
202 B

133ms
131ms

Image
image/gif

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61e68f84abd-FRA
content-length: 35
cf-request-id: 0a28fa270500004abd5cb23000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 70
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 9DF5 0
474 B 117ms
14ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

ca.png
s.cpx.to/ Frame 9DF5
Redirect Chain

https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fanyfile-notepad.semaan.ca%252F&pid=12306&adnxs_uid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fanyfile-notepad.semaan.ca%25252F%26pid%3D12306%26adnxs_uid%3D%24UID
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fanyfile-notepad.semaan.ca%2F&pid=12306&adnxs_uid=7676808510656171404

95 B
945 B

181ms
33ms

Image
image/png

52.30.185.188
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.cpx.to/ca.png?ref=https%3A%2F%2Fanyfile-notepad.semaan.ca%2F&pid=12306&adnxs_uid=7676808510656171404

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.185.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache, no-cache
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Thu, 20 May 2021 01:25:55 GMT
X-Frame-Options: sameorigin
Connection: keep-alive
P3P: CP="NOI DEV ADM"
Cache-Control: no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/png
Content-Length: 95
Expires: Thu, 20 May 2021 01:25:55 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 720.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.9:80
AN-X-Request-Uuid: 572f6c8e-f389-4a78-8609-b729f7822ec1
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://s.cpx.to/ca.png?ref=https%3A%2F%2Fanyfile-notepad.semaan.ca%2F&pid=12306&adnxs_uid=7676808510656171404
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
dsp.adkernel.com/ Frame 9DF5 42 B
233 B 312ms
88ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2

200

outh-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP52a1d0f3-b90a-11eb-8fe6-06a224eca24a
https://router.infolinks.com/dyn/outh-usync?uid=y-dzYTQHJE2uFHVs9PHzHlWtmkJojy3OXZ~A~UP52a1d0f3-b90a-11eb-8fe6-06a224eca24a

35 B
260 B

271ms
254ms

Image
image/gif

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/outh-usync?uid=y-dzYTQHJE2uFHVs9PHzHlWtmkJojy3OXZ~A~UP52a1d0f3-b90a-11eb-8fe6-06a224eca24a
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61cce8a4abd-FRA
content-length: 35
cf-request-id: 0a28fa25fa00004abd63b29000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

Date: Thu, 20 May 2021 01:25:55 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://router.infolinks.com/dyn/outh-usync?uid=y-dzYTQHJE2uFHVs9PHzHlWtmkJojy3OXZ~A~UP52a1d0f3-b90a-11eb-8fe6-06a224eca24a
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK usersync
match.bnmla.com/ Frame 9DF5 0
114 B 338ms
96ms Image
text/plain 38.27.122.158
COGENT-174

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 20 May 2021 01:25:55 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

sovrn-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
https://router.infolinks.com/dyn/sovrn-usync?uid=84d8980637bc1a8abe4a4957

35 B
219 B

183ms
173ms

Image
image/gif

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/sovrn-usync?uid=84d8980637bc1a8abe4a4957
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61cff154abd-FRA
content-length: 35
cf-request-id: 0a28fa261f00004abd7228c000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

Date: Thu, 20 May 2021 01:25:55 GMT
Server: nginx
Location: https://router.infolinks.com/dyn/sovrn-usync?uid=84d8980637bc1a8abe4a4957
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

usersync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3DECA0DA20-FB1E-45A0-BDBC-614284E7DA55
https://router.infolinks.com/dyn/usersync?pmuservalue=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55

0
262 B

131ms
106ms

Image
text/plain

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/usersync?pmuservalue=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
cache-control: no-store
cf-ray: 6521c61dd8334abd-FRA
content-length: 0
cf-request-id: 0a28fa26a400004abd40a36000000001

Redirect headers

location: https://router.infolinks.com/dyn/usersync?pmuservalue=ECA0DA20-FB1E-45A0-BDBC-614284E7DA55
date: Wed, 19 May 2021 23:52:34 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 iq-usync
router.infolinks.com/dyn/ Frame 9DF5 0
60 B 123ms
115ms Image
text/plain 104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/iq-usync
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control: no-store
cf-ray: 6521c61cff174abd-FRA
content-length: 0
cf-request-id: 0a28fa261f00004abd9594c000000001

GET
H2

200

zeta-usync
router.infolinks.com/dyn/ Frame 9DF5
Redirect Chain

https://p.rfihub.com/cm?pub=43153&in=1
https://router.infolinks.com/dyn/zeta-usync?uid=1875819619940461852

35 B
213 B

189ms
172ms

Image
image/gif

104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/zeta-usync?uid=1875819619940461852
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61e38ae4abd-FRA
content-length: 35
cf-request-id: 0a28fa26de00004abd5683f000000001
expires: Wed, 20 May 2020 01:25:55 GMT

Redirect headers

Location: https://router.infolinks.com/dyn/zeta-usync?uid=1875819619940461852
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame 9DF5 0
72 B 389ms
110ms Image
text/plain 208.100.17.171
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by: Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3221959&wsid=0&pdom=anyfile-notepad.semaan.ca&purl=https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.171 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip171.208-100-17.static.steadfastdns.net
Software: 33XP002 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://router.infolinks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-33x-status: 2000208
date: Thu, 20 May 2021 01:25:55 GMT
server: 33XP002

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 5BAD
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&dcc=t

43 B
433 B

108ms
106ms

Image
image/gif

52.46.130.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.46.130.13 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 5BAD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&gdpr_consent=&us_privacy=&gdpr=1
https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YKW6owHi2sxnWs45Ot9X3QAABJsAAAAB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEN9i0GCOD2JMnG3CrZcsUPk&google_cver=1

43 B
315 B

15ms
10ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEN9i0GCOD2JMnG3CrZcsUPk&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Thu, 20 May 2021 01:25:55 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEN9i0GCOD2JMnG3CrZcsUPk&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 5BAD 70 B
265 B 107ms
39ms Image
image/gif 76.223.111.131
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=70&cm_user_id=YKW6owHi2sxnWs45Ot9X3QAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.131 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5BAD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YKW6owHi2sxnWs45Ot9X3QAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAFGMqwE-Me29tgH--I0x-I&google_cver=1&gdpr=1

43 B
1002 B

13ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAFGMqwE-Me29tgH--I0x-I&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 20 May 2021 01:25:55 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEAFGMqwE-Me29tgH--I0x-I&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5BAD
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1624065955

43 B
985 B

24ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1624065955
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 20 May 2021 01:25:55 GMT

Redirect headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:54 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=no-consent&expiration=1624065955
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5BAD
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e75c1fea-f838-46d9-9e2e-d7c8d61115d0

43 B
1023 B

14ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e75c1fea-f838-46d9-9e2e-d7c8d61115d0
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 20 May 2021 01:25:55 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-e75c1fea-f838-46d9-9e2e-d7c8d61115d0
date: Thu, 20 May 2021 01:25:55 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 5BAD
Redirect Chain

https://beacon.lynx.cognitivlabs.com/ix.gif
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=b821e83c-4e7e-40ea-be3e-f7a69953dd23&expiration=1653009955

43 B
1 KB

11ms
11ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=b821e83c-4e7e-40ea-be3e-f7a69953dd23&expiration=1653009955
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 20 May 2021 01:25:55 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=b821e83c-4e7e-40ea-be3e-f7a69953dd23&expiration=1653009955
date: Thu, 20 May 2021 01:25:55 GMT
server: Kestrel
content-length: 0

GET
H2 200 ix-usync
router.infolinks.com/dyn/ Frame 5BAD 35 B
220 B 187ms
181ms Image
image/gif 104.22.2.144
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://router.infolinks.com/dyn/ix-usync?uid=YKW6owHi2sxnWs45Ot9X3QAA%261179
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 104.22.2.144 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:55 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: CP="NON DSP NID OUR COR"
content-type: image/gif
cache-control: no-store, no-cache, private
cf-ray: 6521c61c6e244abd-FRA
content-length: 35
cf-request-id: 0a28fa25c100004abd511c2000000001
expires: Wed, 20 May 2020 01:25:55 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 5A2D
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

109ms
101ms

Document
text/html

35.170.231.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.170.231.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-170-231-210.compute-1.amazonaws.com
Software: /
Resource Hash: 062a56423ef0657a03f3cd606c5a6442ce22d37d6fe8ef770ddb3b1364e35500

Request headers

:method: GET
:authority: um2.eqads.com
:scheme: https
:path: /um/cs&eq_cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: EQUser=UID=67ea8a8d-09fb-491c-933f-9ce73cbc5f2b
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ssum-sec.casalemedia.com/

Response headers

date: Thu, 20 May 2021 01:25:55 GMT
content-type: text/html; charset=utf-8
content-length: 186
cache-control: no-cache, must-revalidate
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Thu, 20 May 2021 01:25:55 GMT
pragma: no-cache

Redirect headers

date: Thu, 20 May 2021 01:25:55 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/cs&eq_cc=1
set-cookie: EQUser=UID=67ea8a8d-09fb-491c-933f-9ce73cbc5f2b; Path=/; Domain=eqads.com; Expires=Fri, 20 Aug 2021 01:25:55 GMT; Secure; SameSite=None

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 23ms
14ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=anyfile-notepad.semaan.ca

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 May 2021 01:25:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 696ms
696ms XHR
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1030050173570054&correlator=4463049625843321&output=ldjh&impl=fif&eid=31060439%2C31060854%2C21068111%2C31061142%2C31060507&vrg=2021051301&ptt=17&sc=1&sfv=1-0-38&ecs=20210520&iu_parts=61772569%2Cdbmtiqbxqoopp7t3s9lq_anyfilenotepadsemaanca_160x600_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1620777496&dt=1621473955291&dlt=1621473954131&idt=893&frm=20&biw=1600&bih=1200&oid=3&adxs=1440&adys=170&adks=450036033&ucis=1&ifi=1&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fanyfile-notepad.semaan.ca%2Fapp%3Fstate%3D%257B%2522ids%2522%253A%255B%25220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%2522%255D%252C%2522action%2522%253A%2522open%2522%252C%2522userId%2522%253A%2522101031074268179616323%2522%257D&vis=1&dmc=8&scr_x=0&scr_y=0&psz=160x-1&msz=160x-1&ga_vid=191706508.1621473955&ga_sid=1621473955&ga_hid=1398265823&ga_fc=false&fws=644&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

2564809abc5ad915286398b37e880e21dfaf24cb5babe7482ee84ea2a8dbdea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10571
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://anyfile-notepad.semaan.ca
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
a7b33f4bd1b1514d6abb2828dc3f60ac.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 52ms
13ms Other
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a7b33f4bd1b1514d6abb2828dc3f60ac.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1 200
OK crum
dsum-sec.casalemedia.com/ Frame 5A2D 43 B
1 KB 14ms
12ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=67ea8a8d-09fb-491c-933f-9ce73cbc5f2b&expiration=1629422755
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 20 May 2021 01:25:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 20 May 2021 01:25:55 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012103020108001/ Frame DBE4 190 KB
54 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e553b4e88ac4a1819d608fe9dcb46544ca5fb776d4e0c84d773f37b1df18211

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 73129
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55046
x-xss-protection: 0
server: sffe
date: Wed, 19 May 2021 05:07:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aeaf363b1ad89b36"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 05:07:07 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame DBE4 12 KB
5 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f9560479a05fb86854546c40ec030edc2bac692d4142391d69b16e5c033a185

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 73130
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4548
x-xss-protection: 0
server: sffe
date: Wed, 19 May 2021 05:07:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4eb73d471ab4cb2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 05:07:06 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame DBE4 87 KB
27 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6f768cbb894f2690011ee62662d3ac9480d12f5088fa46be57e650fcc4d835c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 73130
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27208
x-xss-protection: 0
server: sffe
date: Wed, 19 May 2021 05:07:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "22950e05e749846e"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 05:07:06 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame DBE4 27 KB
9 KB 44ms
43ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21d45a4ed77653b3b1ee2b47a786a4dbb936a3b19fc56e1b44c16aed35eb80ee

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 73130
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9587
x-xss-protection: 0
server: sffe
date: Wed, 19 May 2021 05:07:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "739644f32ad1483f"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 05:07:06 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012103020108001/v0/ Frame DBE4 40 KB
13 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012103020108001/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c6af60796cc240ad277098308cf363c2700f5296264ec1b43b4e1362763c439

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 73130
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12827
x-xss-protection: 0
server: sffe
date: Wed, 19 May 2021 05:07:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "5cc8dcc2368726c7"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 19 May 2022 05:07:06 GMT

GET
DATA 200
OK truncated
/ Frame DBE4 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3b006a3c357cb66c4dd501dc0427a8c4d0d74f52e93d4dfb16101cbb9bec9ee8

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 3540637422635977908
tpc.googlesyndication.com/simgad/ Frame DBE4 6 KB
6 KB 60ms
9ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/3540637422635977908?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnzL-LZWIeeGECUW3qIPTtcKxOldw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7fd0d8121bb370a10af77a7ab85e99d3e6faab88fba7ee887d600420bfbc2d66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 06:06:37 GMT
x-content-type-options: nosniff
last-modified: Mon, 12 Apr 2021 06:08:16 GMT
server: sffe
age: 69559
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6234
x-xss-protection: 0
expires: Thu, 19 May 2022 06:06:37 GMT

GET
H3-29 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DBE4 2 KB
2 KB 33ms
8ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 03:59:16 GMT
x-content-type-options: nosniff
server: cafe
age: 77200
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Thu, 20 May 2021 03:59:16 GMT

GET
H3-29 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame DBE4 295 B
319 B 32ms
7ms Image
image/png 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 05:03:57 GMT
x-content-type-options: nosniff
server: cafe
age: 73319
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Thu, 20 May 2021 05:03:57 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame DBE4 0
0 39ms
13ms Image
text/html 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR2WOBpgAn4IfULBxCoG6p5MVf00ZvUqG35txpkARYrzUEbxb6gQDxA7W3zRYUWXsVX0QAK
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DBE4 0
0 70ms
46ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C7iHRo7qlYMTyE-Om3gOg25PwCpaPxehi-5G1stQN2tkeEAEgtNzBJ2CVAqABtZD1sALIAQKpAs2oXEEGEJI-4AIAqAMByAMIqgSVAk_QqOJNoT5eofVIvU0iejIQ3IS_nMy9hfZZK5mUOTJlp30MenSE0caqZS2feYsk1ry8PD1GPFXxfhNqkWSlu8VKv2lol2DxU3lq0L-wo_NLtqr7kuQAqxkv9Oe1Xj6-CNNuSz2-Vrqzia4ao-WPtH7ayJnkGtnH-yWlwpi_oygwryGxvchtLCv9XB43C-18qTev558e50THAkFTepIISB5ATf_tgeJq_eaaP2_YQU0GOzlRJihokuaB9qc5saIrROqTPsbdPpH2XxYwHJHuIDRXFrEEe_4c8fuWXUTsWdZpeD9wDSrjOEoEaHX-xge_mHYZ84TDkD5f3gqbYj6Ir9dLbn29eVBG5DbWB8SSfhWst-V1pcbABLDAwcfKA-AEAaAGAoAHs--KzwGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQiNgv0ggJCIDhgHAQARgdgAoDyAsB2BMD0BUBgBcBshcaChgIABIUcHViLTk5MTA4OTM3NTg0MTg0ODQ&sigh=FfiOoijOFwE
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 22ms
17ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021051301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb20410c9e41397335ff7d4e79a95a1553aff7fa978305e069ee2809f67c0160

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 20 May 2021 01:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8141
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021051301.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 20 May 2021 01:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Thu, 20 May 2021 01:25:56 GMT

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame DBE4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
14ms

Image
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: anyfile-notepad.semaan.ca
URL: https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Redirect headers

date: Thu, 20 May 2021 01:25:56 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame E148 12 KB
5 KB 9ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://anyfile-notepad.semaan.ca/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://anyfile-notepad.semaan.ca/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 19 May 2021 21:05:56 GMT
expires: Thu, 19 May 2022 21:05:56 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 15600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame E148 14 KB
6 KB 7ms
6ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 15:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 36075
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 15:24:41 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 18ms
16ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gpt_2021051301&jk=1030050173570054&bg=!q6ilqOzNAAZ7hX_Ue4U7ACkAdvg8WuKR5cxwAz7oZ5wVtyDbxZMOAK6kpuYYhLlcJZwk0imqrpGTWAIAAADLUgAAACBoAQcKAJwazZ867rVVqC_yoyx9LjdR05URn9x525wuWTHEIi9rYl60hB4BkEvbPbTU6Zf-EGTXFGTdDUX7FDMlkJ8tkvo77uGbt4aN-wVMjOPhMeCaYwzmo2l6sqHdGw_yP0y4Ytlee-PjDTpiC-K-nM4CNytCVPEI0wyypADWdJTTQn4KSsZe23zeE6ArUQDFqt0tW8K71IsGEQIF1pmqJuqZAk7-dlhFrtWivanlo-Pzi2au9XmVL_F5DvHJJzYcGeBXZ8emnKxN7aLk79w8_mpmiNaQ_0rmfKcsWmQRC6nzkCzN5KlGM1bfQ4aDefH_RoAHjYTRut6Mowt-PILUv2gQiE9pYFYcIiMvrzDrRYXKRGFf1w6hB1gONIFyN6cgWeOXFmilVPtxvYmuNBKXgyXOcw10WeqilGqjreAG-zHFtcghNhaq8snA-UFxKpIZvAD9DpoHeTcv6ckOZR_ekck2st_VjhDb-cDuxuKORaYSAh4iDJHQIju03udyQn40n1fqN_NjFBiaRWm6sTG_PE3Gy3zD05bsN9Q-Eerz3Pa6RnZgLT9BKGQFI0Nx1NFEh7-gQ7YgzW9fG6lcxMSF468lAo79oJPIuStcl8G7_mu8Y9up-B7-_eGO__Jnu1ZaKtZ5fRncDyXq2ta8R84sbu8k6vt1FMegWhr7TiuCkPce9U6c5fBNBMYb8811dyqcsqwdSk2WJ75yk-OtEDVxrPsYBLzrawDyk88Ho3XvQ1J3XBJTqWSyCVjRx54i18vYmDfkQ98RHDuGVvhOFb1WLbkCmKfcan2qx3vEk0PucTJ3vpXWwS8codoXkpAvJ5tfAPkuIcfbYlGhgReg6tree2nc7fdeWlI0sYTKHCgVRER7PZh_NPs54dfkBetUKNHLbSxC039AXiAYKP0KY6jT9XQRZdgZyroySYMbFCOp0r3PW1suEaghJxDnjaIuJ1pk-Amp0h-PuEQ9s6Ex2V8eIzLeT-LFk7MqDgeC9H1QdWE0JA

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DBE4 0
0 45ms
45ms Image
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CdCiro7qlYMTyE-Om3gOg25PwCpaPxehi-5G1stQN2tkeEAEgtNzBJ2CVAqABtZD1sALIAQKpAs2oXEEGEJI-4AIAqAMBqgSVAk_QqOJNoT5eofVIvU0iejIQ3IS_nMy9hfZZK5mUOTJlp30MenSE0caqZS2feYsk1ry8PD1GPFXxfhNqkWSlu8VKv2lol2DxU3lq0L-wo_NLtqr7kuQAqxkv9Oe1Xj6-CNNuSz2-Vrqzia4ao-WPtH7ayJnkGtnH-yWlwpi_oygwryGxvchtLCv9XB43C-18qTev558e50THAkFTepIISB5ATf_tgeJq_eaaP2_YQU0GOzlRJihokuaB9qc5saIrROqTPsbdPpH2XxYwHJHuIDRXFrEEe_4c8fuWXUTsWdZpeD9wDSrjOEoEaHX-xge_mHYZ84TDkD5f3gqbYj6Ir9dLbn29eVBG5DbWB8SSfhWst-V1pcbABLDAwcfKA-AEAaAGAoAHs--KzwGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQiNgv0ggJCIDhgHAQARgdgAoDyAsB2BMD0BUBgBcBshcaChgIABIUcHViLTk5MTA4OTM3NTg0MTg0ODQ&sigh=FVZ1L31RcC4&vt=1
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s08-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ Frame DBE4 42 B
113 B 49ms
47ms Image
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssxSdo3K9auOMi6LoVWVSugLTCuW_zMY4BQMSnPXc6jSofTbdxijPJJgyFkJbx5W2GnXvP9bm-CfCDV8ODhPzFj1Ri8i_3_vg1gO4G0QqP4tZjChcCukqRZW3Wcqw&sai=AMfl-YTS36WoP_1KPzO_tKACjHc_Z10Y1psUaY_LDQDsxmNI5GOeVjIFa-br1vkM2t3gF35HThPqWCLHxv7tMNP5Z31dCgWaFGA7MXrXwTQuk278GGB3GjQDpmK_HqORqQ8&sig=Cg0ArKJSzB1dSXs4Ol4nEAE&cid=CAASPeRoFDczMm2VSXjkExgIYRBuNjP_mPPSuMv0HcfwMXb9m7Bky4ODzDfoJYbl79wvYfp40AlsDdm2mtd-nQw&id=ampim&o=1440,170&d=160,600&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=225&tls=1225&g=100&h=100&tt=1226&r=v&avms=ampa&adk=450036033

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 20 May 2021 01:25:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 prebid
bh.contextweb.com/visitormatch/ 49 B
406 B 334ms
103ms Image
image/gif 198.148.27.139
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/visitormatch/prebid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.139 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(9.4.14.v20181114) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://anyfile-notepad.semaan.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
content-language: en-US
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
content-type: image/gif;charset=iso-8859-1
cw-server: bh-deployment-686fd4fb4c-nvzfg
expires: -1

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.eqads.com/	1970-01-19 20:37:02	Name: EQUser Value: UID=67ea8a8d-09fb-491c-933f-9ce73cbc5f2b
.casalemedia.com/	1970-01-20 03:10:09	Name: CMRUM3 Value: 4060a5baa32760no-consent&e660a5baa32760&0860a5baa32760b821e83c-4e7e-40ea-be3e-f7a69953dd23&f160a5baa305a0&2860a5baa3276067ea8a8d-09fb-491c-933f-9ce73cbc5f2b&2d60a5baa305a0&2760a5baa30b40&c360a5baa32760av-e75c1fea-f838-46d9-9e2e-d7c8d61115d0
.casalemedia.com/	1970-01-20 03:10:09	Name: CMID Value: YKW6owHi2sxnWs45Ot9X3QAA
.casalemedia.com/	1970-01-19 20:34:09	Name: CMPS Value: 3226
.infolinks.com/	1970-01-19 18:26:00	Name: SOVRNUSERCOOKIE Value: 84d8980637bc1a8abe4a4957
.infolinks.com/	1970-01-19 18:26:00	Name: IXUSERCOOKIE Value: YKW6owHi2sxnWs45Ot9X3QAA&1179
.infolinks.com/	1970-01-19 18:26:00	Name: R1USERCOOKIE Value: RX-82806bef-d3c8-4639-badd-2a6fe2286c44-003
.infolinks.com/	1970-01-19 18:26:00	Name: PUBMUSERCOOKIE Value: ECA0DA20-FB1E-45A0-BDBC-614284E7DA55
.infolinks.com/	1970-01-19 18:26:00	Name: KADUSERCOOKIE Value: ECA0DA20-FB1E-45A0-BDBC-614284E7DA55~1621474041946
.casalemedia.com/	1970-01-19 18:26:00	Name: CMST Value: YKW6o2CluqMA
.infolinks.com/	1970-01-19 18:26:00	Name: OUTHUSERCOOKIE Value: y-dzYTQHJE2uFHVs9PHzHlWtmkJojy3OXZ~A~UP52a1d0f3-b90a-11eb-8fe6-06a224eca24a
.infolinks.com/	1970-01-19 18:26:00	Name: VRUSERCOOKIE Value: y-.2.JPZNE2uFy3TxhpKl5ypOzZ0.9OgLYk6g5KN0-~A
.casalemedia.com/	1970-01-19 20:34:09	Name: CMPRO Value: 1179
.infolinks.com/	1970-01-19 18:26:00	Name: ZTUSERCOOKIE Value: 1875819619940461852
.infolinks.com/	1970-01-19 20:34:09	Name: ZMNUSERCOOKIE Value: ""
.infolinks.com/	1970-01-19 20:34:09	Name: ANUSERCOOKIE Value: 7676808510656171404
.semaan.ca/	1970-01-20 03:46:09	Name: __gads Value: ID=12896cfb73675bbf-22df504019c80059:T=1621473955:S=ALNI_MYNhThYVB0vWSuSLBpxVkO_FHEG2w

102 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Starting up application
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Hang tight...
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Restarting
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after The app is being restarted, please wait.
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Your file is being loaded
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Depending on the file size, this can be long.
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after The authentication failed with Google
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after You need to enable the popups in your browser, then login in your Google account and accept the app's authorization requests.
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Restart app
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after An unexpected error occurred with the provider server
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after The app flow will still continue but unexpected behavior may occur. When in doubt restart the app.
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Close
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after You need to authorize this app to access your Google Drive
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Without this the app is useless to you.
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Authorize!
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Switch user
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after In order to open this file, you need to switch user.
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Switch user
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after File provider
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after File name
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after File id
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Folder id
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Mime type
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Your device
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Close
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after File
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after File
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after New
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after New file
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Open
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Recent files
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Favorites
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Select syntax
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Select syntax
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after A B
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after C
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after D E F G
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after H I
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after J K
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after L
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after M N O
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after P Q R
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after S
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after T
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after U V W X Y Z
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Save
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Download file
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Share
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Print
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Search
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Search & replace
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Show file info
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Help (FAQ)
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Restart app
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Options
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Accounts
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Account options
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Google Drive
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Add account
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Switch user
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Dropbox
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Connect account
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Editor
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Editor options
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Word wrapping
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Tabs as spaces
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Display hidden characters
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Display print margin
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Autosave
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Advanced
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Advanced options
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Select theme
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Select language
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Reset preferences
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Editor mode
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Normal
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after vim
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Emacs
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Tab size
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Font size
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Help
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Help
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Contact us
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after App home page
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Keyboard shortcuts
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Frequently asked questions (FAQ)
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Privacy Policy
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Upgrade to ad-free version
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after About
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Filename
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Save
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Autosave is enabled
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Autosave is disabled
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Logged in as
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Switch user
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: after Add account
console-api	log	URL: https://resources.infolinks.com/js/1747.002-3.012/ice.js(Line 1) Message: [object Object]
console-api	log	URL: https://resources.infolinks.com/js/1747.002-3.012/ice.js(Line 1) Message: Failed to log to loggly because of this exception: TypeError: Converting circular structure to JSON --> starting at object with constructor 'Window' --- property 'window' closes the circle
console-api	log	URL: https://resources.infolinks.com/js/1747.002-3.012/ice.js(Line 1) Message: Failed log data: [object Object]
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: AUTH RESULT [object Object]
console-api	info	URL: https://cdn.ampproject.org/rtv/012103020108001/amp4ads-v0.mjs(Line 10) Message: Powered by AMP ⚡ HTML – Version 2103020108001 https://anyfile-notepad.semaan.ca/app?state=%7B%22ids%22%3A%5B%220B8lvGFFnMHITa3dzbGVfMVhrMll2ZGVJcnVUWXBPVE9RVWR3%22%5D%2C%22action%22%3A%22open%22%2C%22userId%22%3A%22101031074268179616323%22%7D
console-api	log	URL: https://anyfile-notepad.semaan.ca/assets/application-c43fe2d0bde48c9d014f988ce113c669bc9aedee.min.js(Line 1) Message: Auth came back

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a7b33f4bd1b1514d6abb2828dc3f60ac.safeframe.googlesyndication.com
accounts.google.com
adservice.google.com
anyfile-notepad.semaan.ca
ap.lijit.com
api.anyfile-notepad.semaan.ca
apis.google.com
b1sync.zemanta.com
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bid.contextweb.com
cdn.ampproject.org
cm.g.doubleclick.net
de.tynt.com
dsp.adkernel.com
dsum-sec.casalemedia.com
fonts.googleapis.com
googleads.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
lockerdome.com
match.adsrvr.org
match.bnmla.com
nep.advangelists.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.advertising.com
prebid.admedia.com
resources.infolinks.com
router.infolinks.com
s.amazon-adsystem.com
s.cpx.to
securepubads.g.doubleclick.net
ssc-cms.33across.com
ssl.gstatic.com
ssum-sec.casalemedia.com
storage.googleapis.com
sync.1rx.io
sync.go.sonobi.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
um2.eqads.com
ups.analytics.yahoo.com
www.google-analytics.com
www.google.com
www.googletagservices.com
104.154.142.214
104.22.2.144
142.250.184.226
142.250.186.162
159.89.121.194
173.198.200.125
174.137.133.49
178.162.133.149
185.33.221.15
185.64.190.79
185.64.190.80
185.64.190.81
193.0.160.128
198.148.27.133
198.148.27.139
2.18.234.21
208.100.17.171
208.100.17.190
213.19.147.44
213.19.147.45
216.52.2.48
2a00:1450:4001:802::2003
2a00:1450:4001:802::200e
2a00:1450:4001:803::2001
2a00:1450:4001:808::2004
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2004
2a00:1450:4001:812::2002
2a00:1450:4001:812::2010
2a00:1450:4001:813::2002
2a00:1450:4001:828::200d
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200a
2a00:1450:4001:82f::200e
3.126.56.137
3.91.110.183
35.156.106.231
35.170.231.210
35.171.130.4
38.27.122.158
51.38.120.206
52.30.185.188
52.46.130.13
64.202.112.63
66.155.71.149
76.223.111.131
82.196.8.62
062a56423ef0657a03f3cd606c5a6442ce22d37d6fe8ef770ddb3b1364e35500
06dd0a69a7327645be89e0162d588b6d3cd7ba013e50c77c26ad67429f2ab819
089ab6d4a57e0e6c4dd3b681b6fd50a5184f1b902429d35e1227e52d6ccad1bd
08b280a4f0643253a52d633ead8ba7441919dd32155433b061a6032d31453b7b
08c8a6b9d55c71f4802ed4d7fc8ea16fd67585c92d74e488076fed2ef0907f01
096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
21d45a4ed77653b3b1ee2b47a786a4dbb936a3b19fc56e1b44c16aed35eb80ee
247547078d43ab49b4ddf8513f2ce6dcf8528a1aed51ba0f225def4663c1eefa
2564809abc5ad915286398b37e880e21dfaf24cb5babe7482ee84ea2a8dbdea4
261f0652cd34758c72b9312c9e1f54fe080f1d2dfa7266056b4743c9a89142d8
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3b006a3c357cb66c4dd501dc0427a8c4d0d74f52e93d4dfb16101cbb9bec9ee8
4bdcba71062ad849da6c41bb9130977f59af71c1b82e4c397b193469ece62ad6
4c6af60796cc240ad277098308cf363c2700f5296264ec1b43b4e1362763c439
504800a968b79c4bdfabb51f559f8850a972f3d374a9b5e7bb33d252d7401e0e
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5fb73a4f0d1c32d3b5dd32760d39b449edfbaec4f80fe083cf1c1f92a854e1bd
5ff076183546bd6b64b170cf1305fa344214c98d917a6abb1b610ebed2f9f7e1
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
68ac037876c2c5d88068026e6de99ccdf3593d4554ac3f6eabe29f56532a1e5a
6e553b4e88ac4a1819d608fe9dcb46544ca5fb776d4e0c84d773f37b1df18211
78afc9cc33526517626217902b8fb470a8d07f0e80134a2d2ef1a8c32780cc4a
7bef45a2d66e62100d6a4dad1b713dde1def59a7b963618e1d96c56593be00ec
7fd0d8121bb370a10af77a7ab85e99d3e6faab88fba7ee887d600420bfbc2d66
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
846949c5a40e3ffbb702473e54dfac0646541aa624a844369b6e24e51ddaf96b
850279a1093701b0167c16a386ddb641dab5b7c9f03110dda4b60949d8a1bc6b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
8f9560479a05fb86854546c40ec030edc2bac692d4142391d69b16e5c033a185
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6f768cbb894f2690011ee62662d3ac9480d12f5088fa46be57e650fcc4d835c
b0ff61b6e636d89b155690f14a357af3d14a4426a56f1a5b77e320641a4469c2
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
be00e19b662046cb8f2eb6eb86e4689edeefb0c003f6a215df9c22f0e15e16ad
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
bfb6a8799c9f3a60f0a04e2cc9c1d9df6c591708ae4aaa3eda711fcde2d31df9
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6737086b7d5121d9b73988c310046850799d3a354fe2d78fd64d797a417d011
cb20410c9e41397335ff7d4e79a95a1553aff7fa978305e069ee2809f67c0160
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9ce598bb515c234eb962bbafbd1128d45f6c2755538a9b5e04a72ee58ec333e
ea33b32f5fa8d78d63bda6f1343353f1e9319a16383153a2855143c997e2f1b1
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef22755bc9501f967f1cb92530ea9a24c98432e12dfa2b35a71482b3e5579b21
efb4e083cee3e2b844ec6fdb1753ff81bd8b2787a03c9a009193bb1d0b054dde
ffa811ff2834d53f32832c8b70d7df7208264e144629487bbd91179ca13a5eca

anyfile-notepad.semaan.ca Open in urlscan Pro 82.196.8.62 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

80 Requests

100 %HTTPS

31 %IPv6

36 Domains

50 Subdomains

34 IPs

7 Countries

3459 kBTransfer

4884 kBSize

17 Cookies

2 Outgoing links

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

anyfile-notepad.semaan.ca Open in urlscan Pro
82.196.8.62 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

100 %
HTTPS

31 %
IPv6

36
Domains

50
Subdomains

34
IPs

7
Countries

3459 kB
Transfer

4884 kB
Size

17
Cookies

80 HTTP transactions
1 data transactions