gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital Open in urlscan Pro
34.95.11.30 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Effective URL:
https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Submission: On February 03 via api (February 3rd 2022, 6:39:36 pm UTC) from CA — Scanned from CA

Summary HTTP 291 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 71 IPs in 5 countries across 63 domains to perform 291 HTTP transactions. The main IP is 34.95.11.30, located in Montreal, Canada and belongs to GOOGLE-PRIVATE-CLOUD, US. The main domain is gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital.
TLS certificate: Issued by R3 on February 3rd 2022. Valid for: 3 months.

This is the only time gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 26	34.95.11.30 34.95.11.30	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
8	142.250.65.194 142.250.65.194	15169 (GOOGLE) (GOOGLE)
4	54.239.200.177 54.239.200.177	16509 (AMAZON-02) (AMAZON-02)
2 17	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.85.61.107 52.85.61.107	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:81d::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3032::ac43:c0b6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6816:49e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.85.61.89 52.85.61.89	16509 (AMAZON-02) (AMAZON-02)
1	13.33.46.5 13.33.46.5	16509 (AMAZON-02) (AMAZON-02)
4	34.149.157.221 34.149.157.221	15169 (GOOGLE) (GOOGLE)
3	13.225.230.62 13.225.230.62	16509 (AMAZON-02) (AMAZON-02)
4	2607:f8b0:400... 2607:f8b0:4006:820::2003	15169 (GOOGLE) (GOOGLE)
2	2600:9000:220... 2600:9000:2209:5200:8:f216:eb80:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2607:f8b0:400... 2607:f8b0:4006:81f::2008	15169 (GOOGLE) (GOOGLE)
2 6	52.85.61.100 52.85.61.100	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:600... 2a04:4e42:600::645	54113 (FASTLY) (FASTLY)
9	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
5	52.44.16.134 52.44.16.134	14618 (AMAZON-AES) (AMAZON-AES)
4	2a04:4e42:400... 2a04:4e42:400::645	54113 (FASTLY) (FASTLY)
2	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
1	2600:1400:900... 2600:1400:9000::687e:74bb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f03... 2a03:2880:f03a:1c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	199.232.36.157 199.232.36.157	54113 (FASTLY) (FASTLY)
2	75.2.40.13 75.2.40.13	16509 (AMAZON-02) (AMAZON-02)
11	2607:f8b0:400... 2607:f8b0:4006:80e::2016	15169 (GOOGLE) (GOOGLE)
1 12	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:823::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:809::2002	15169 (GOOGLE) (GOOGLE)
12	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
4 4	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	108.174.10.14 108.174.10.14	14413 (LINKEDIN) (LINKEDIN)
1 2	104.18.98.194 104.18.98.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	185.184.10.30 185.184.10.30	203690 (RTB-HOUSE...) (RTB-HOUSE-ASH)
5 10	52.44.19.43 52.44.19.43	14618 (AMAZON-AES) (AMAZON-AES)
2 2	199.38.167.129 199.38.167.129	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	3.218.90.66 3.218.90.66	14618 (AMAZON-AES) (AMAZON-AES)
3 3	34.233.34.144 34.233.34.144	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:400... 2607:f8b0:4006:823::2001	15169 (GOOGLE) (GOOGLE)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1 3	2607:f8b0:400... 2607:f8b0:4006:816::2002	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f13... 2a03:2880:f13a:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 4	2607:f8b0:400... 2607:f8b0:4006:81d::2004	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81e::2003	15169 (GOOGLE) (GOOGLE)
2	23.221.203.12 23.221.203.12	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.50.66.244 23.50.66.244	16625 (AKAMAI-AS) (AKAMAI-AS)
2 6	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
4 4	68.67.179.153 68.67.179.153	29990 (ASN-APPNEX) (ASN-APPNEX)
1 7	63.251.86.49 63.251.86.49	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
3 3	35.71.139.29 35.71.139.29	16509 (AMAZON-02) (AMAZON-02)
5 5	3.94.164.110 3.94.164.110	14618 (AMAZON-AES) (AMAZON-AES)
8 11	142.250.80.34 142.250.80.34	15169 (GOOGLE) (GOOGLE)
12	18.213.185.73 18.213.185.73	14618 (AMAZON-AES) (AMAZON-AES)
2 4	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
1 1	104.76.100.229 104.76.100.229	16625 (AKAMAI-AS) (AKAMAI-AS)
8 8	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
3 3	74.121.140.14 74.121.140.14	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 3	34.235.23.231 34.235.23.231	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.150.85 143.204.150.85	16509 (AMAZON-02) (AMAZON-02)
4 4	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	54.166.244.71 54.166.244.71	14618 (AMAZON-AES) (AMAZON-AES)
9 9	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:1f18:4e9... 2600:1f18:4e9:5a02:5944:263c:7447:bef1	14618 (AMAZON-AES) (AMAZON-AES)
3 3	35.211.178.172 35.211.178.172	15169 (GOOGLE) (GOOGLE)
2 3	185.167.164.42 185.167.164.42	198622 (ADFORM) (ADFORM)
1 1	2620:116:800b... 2620:116:800b:21:44af:4f54:8af4:5563	14618 (AMAZON-AES) (AMAZON-AES)
4 4	199.127.204.142 199.127.204.142	26120 (RHYTHMONE) (RHYTHMONE)
1	8.28.7.81 8.28.7.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 6	8.43.72.98 8.43.72.98	26667 (RUBICONPR...) (RUBICONPROJECT)
3	104.36.115.109 104.36.115.109	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	15169 (GOOGLE) (GOOGLE)
1	104.36.115.114 104.36.115.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	104.36.113.17 104.36.113.17	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	169.61.103.241 169.61.103.241	36351 (SOFTLAYER) (SOFTLAYER)
1 1	2620:112:f002... 2620:112:f002:bbbb::21	6336 (TURN-US-ASN) (TURN-US-ASN)
1	2607:f8b0:400... 2607:f8b0:4006:822::2006	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80a::2001	15169 (GOOGLE) (GOOGLE)
5	8.43.72.97 8.43.72.97	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2001:4998:1c:... 2001:4998:1c:800::1001	14779 (YAHOO) (YAHOO)
2	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
47	2607:f8b0:400... 2607:f8b0:4006:820::2006	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80e::2002	15169 (GOOGLE) (GOOGLE)
4	2600:9000:220... 2600:9000:2209:6400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
12	52.43.241.68 52.43.241.68	16509 (AMAZON-02) (AMAZON-02)
5	2607:f8b0:400... 2607:f8b0:4006:80c::2002	15169 (GOOGLE) (GOOGLE)
1	8.28.7.84 8.28.7.84	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a04:4e42::645 2a04:4e42::645	54113 (FASTLY) (FASTLY)
1	142.251.4.154 142.251.4.154	() ()
1	2600:9000:21d... 2600:9000:21dd:c00:7:75d4:e40:93a1	() ()
3	2607:f8b0:400... 2607:f8b0:4006:80d::2001	() ()
291	71

26 34.95.11.30 (Montreal, Canada) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 30.11.95.34.bc.googleusercontent.com

gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.65.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.239.200.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-239-200-177.ewr53.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 104.16.68.69 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

hb.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-107.ewr53.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81d::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:c0b6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.npttech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:49e8 (United States)

ASN13335 (CLOUDFLARENET, US)

auth.lrcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-89.ewr53.r.cloudfront.net

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.46.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-46-5.ewr52.r.cloudfront.net

fem.prod.postmedia.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.149.157.221 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 221.157.149.34.bc.googleusercontent.com

smartcdn.gprod.postmedia.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.230.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-230-62.jfk51.r.cloudfront.net

smartcdn.prod.postmedia.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:820::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2209:5200:8:f216:eb80:93a1 (United States)

ASN16509 (AMAZON-02, US)

d395dw5zk780j2.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:81f::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.85.61.100 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-100.ewr53.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::645 (United States)

ASN54113 (FASTLY, US)

jssdkcdns.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.44.16.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-16-134.compute-1.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:4e42:400::645 (United States)

ASN54113 (FASTLY, US)

identity.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:9000::687e:74bb (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f03a:1c:face:b00c:0:3 (Minneapolis, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.36.157 (New York, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.2.40.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:80e::2016 (United States)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4006:80d::200e (United States)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:22::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.174.10.14 (United States) 1 redirects

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-14.fwd.linkedin.com

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.98.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.10.30 (Poland) 2 redirects

ASN203690 (RTB-HOUSE-ASH, PL)
PTR: ip-185-184-10-30.rtbhouse.net

us.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.44.19.43 (Ashburn, United States) 5 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-19-43.compute-1.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.218.90.66 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-90-66.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.233.34.144 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-34-144.compute-1.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:823::2001 (United States)

ASN15169 (GOOGLE, US)

c5067f650385d0f70f33b1b0646d80cc.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:816::2002 (United States) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f13a:83:face:b00c:0:25de (Minneapolis, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81d::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81e::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.221.203.12 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-221-203-12.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.50.66.244 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-50-66-244.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.179.153 (Secaucus, United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 63.251.86.49 (United States) 1 redirects

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.139.29 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.94.164.110 (Ashburn, United States) 5 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-164-110.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.80.34 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 18.213.185.73 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-185-73.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.60.146 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.76.100.229 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-100-229.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 151.101.66.49 (United States) 8 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.121.140.14 (Reston, United States) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.235.23.231 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-23-231.compute-1.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.150.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-150-85.ewr52.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.52.162.21 (New York, United States) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.166.244.71 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-166-244-71.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.223.40.198 (United States) 9 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
data.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:4e9:5a02:5944:263c:7447:bef1 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.211.178.172 (North Charleston, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.167.164.42 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800b:21:44af:4f54:8af4:5563 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 199.127.204.142 (United States) 4 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 8.43.72.98 (United States) 5 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel-us-east.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.36.115.109 (United States)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.36.115.114 (United States)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.36.113.17 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.61.103.241 (Brooklyn, United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: f1.67.3da9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:112:f002:bbbb::21 (United States) 1 redirects

ASN6336 (TURN-US-ASN, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:822::2006 (United States)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80a::2001 (United States)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4998:1c:800::1001 (New York, United States)

ASN14779 (YAHOO, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

47 2607:f8b0:4006:820::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80e::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2209:6400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 52.43.241.68 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-43-241-68.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80c::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::645 (United States)

ASN54113 (FASTLY, US)

jssdks.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.4.154 (None, )

ASN- ()

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21dd:c00:7:75d4:e40:93a1 (None, )

ASN- ()

assets.ribn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80d::2001 (None, )

ASN- ()

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 255	435 KB
34	postmedia.digital 1 redirects gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital fem.prod.postmedia.digital — Cisco Umbrella Rank: 121799 smartcdn.gprod.postmedia.digital — Cisco Umbrella Rank: 102338 smartcdn.prod.postmedia.digital — Cisco Umbrella Rank: 86700	570 KB
26	krxd.net 5 redirects cdn.krxd.net — Cisco Umbrella Rank: 1256 consumer.krxd.net — Cisco Umbrella Rank: 1549 usermatch.krxd.net — Cisco Umbrella Rank: 1214 beacon.krxd.net — Cisco Umbrella Rank: 408	186 KB
24	doubleclick.net 9 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 cm.g.doubleclick.net — Cisco Umbrella Rank: 197 static.doubleclick.net — Cisco Umbrella Rank: 356 bid.g.doubleclick.net	190 KB
22	adsafeprotected.com cdn.adsafeprotected.com — Cisco Umbrella Rank: 3473 pixel.adsafeprotected.com — Cisco Umbrella Rank: 556 static.adsafeprotected.com — Cisco Umbrella Rank: 533 dt.adsafeprotected.com — Cisco Umbrella Rank: 484	216 KB
17	districtm.io 2 redirects hb.districtm.io — Cisco Umbrella Rank: 91020 cdn.districtm.io — Cisco Umbrella Rank: 2067 dmx.districtm.io — Cisco Umbrella Rank: 1407	19 KB
16	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 281 s.amazon-adsystem.com — Cisco Umbrella Rank: 284	50 KB
13	rubiconproject.com 5 redirects eus.rubiconproject.com — Cisco Umbrella Rank: 541 token.rubiconproject.com — Cisco Umbrella Rank: 689 pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1135 pixel.rubiconproject.com — Cisco Umbrella Rank: 312	16 KB
12	youtube.com www.youtube.com — Cisco Umbrella Rank: 92	799 KB
11	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 473 image6.pubmatic.com — Cisco Umbrella Rank: 595 simage2.pubmatic.com — Cisco Umbrella Rank: 552 image4.pubmatic.com — Cisco Umbrella Rank: 848 image2.pubmatic.com — Cisco Umbrella Rank: 1032 simage4.pubmatic.com — Cisco Umbrella Rank: 1179	26 KB
11	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 109	127 KB
10	sharethrough.com 5 redirects match.sharethrough.com — Cisco Umbrella Rank: 637	2 KB
9	adsrvr.org 9 redirects match.adsrvr.org — Cisco Umbrella Rank: 329 data.adsrvr.org — Cisco Umbrella Rank: 6192	4 KB
9	googlesyndication.com c5067f650385d0f70f33b1b0646d80cc.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 tpc.googlesyndication.com	39 KB
8	everesttech.net 8 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 560	2 KB
7	lijit.com 1 redirects ap.lijit.com — Cisco Umbrella Rank: 690 ce.lijit.com — Cisco Umbrella Rank: 816	7 KB
6	openx.net 2 redirects u.openx.net — Cisco Umbrella Rank: 710 us-u.openx.net — Cisco Umbrella Rank: 359	1 KB
6	mparticle.com jssdkcdns.mparticle.com — Cisco Umbrella Rank: 5618 identity.mparticle.com — Cisco Umbrella Rank: 2364 jssdks.mparticle.com — Cisco Umbrella Rank: 5364	48 KB
6	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 138	3 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	80 KB
5	yahoo.com 3 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 283 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 470 ads.yahoo.com — Cisco Umbrella Rank: 913	3 KB
5	linkedin.com 5 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 546 www.linkedin.com — Cisco Umbrella Rank: 647 px4.ads.linkedin.com — Cisco Umbrella Rank: 5501	4 KB
5	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 80 www.google.com — Cisco Umbrella Rank: 13	16 KB
4	casalemedia.com 4 redirects ssum-sec.casalemedia.com — Cisco Umbrella Rank: 520 ssum.casalemedia.com — Cisco Umbrella Rank: 1337	3 KB
4	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 316	432 B
4	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 241	4 KB
3	1rx.io 3 redirects sync.1rx.io — Cisco Umbrella Rank: 528	2 KB
3	adform.net 2 redirects c1.adform.net — Cisco Umbrella Rank: 608	1 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 287	2 KB
3	ml314.com 1 redirects ml314.com — Cisco Umbrella Rank: 1557	13 KB
3	mathtag.com 3 redirects sync.mathtag.com — Cisco Umbrella Rank: 421	2 KB
3	3lift.com 3 redirects eb2.3lift.com — Cisco Umbrella Rank: 389	1 KB
3	bidr.io 3 redirects match.prod.bidr.io — Cisco Umbrella Rank: 524	1 KB
3	google.ca adservice.google.ca — Cisco Umbrella Rank: 12419 www.google.ca — Cisco Umbrella Rank: 7861	1 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	181 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	75 KB
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 797	848 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	426 B
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 702	1 KB
2	creativecdn.com 2 redirects us.creativecdn.com — Cisco Umbrella Rank: 3401	697 B
2	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 642	539 B
2	sail-personalize.com api.sail-personalize.com — Cisco Umbrella Rank: 2804	475 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	115 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 106	16 KB
2	cloudfront.net d395dw5zk780j2.cloudfront.net	13 KB
1	ribn.com assets.ribn.com	4 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 206	2 KB
1	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 770	518 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 745	659 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 4739	360 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 905	584 B
1	quantserve.com 1 redirects pixel.quantserve.com — Cisco Umbrella Rank: 424	511 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 973	614 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 442	653 B
1	bluekai.com 1 redirects stags.bluekai.com — Cisco Umbrella Rank: 510	716 B
1	t.co t.co — Cisco Umbrella Rank: 487	337 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 537	458 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 630	6 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1098	2 KB
1	sail-horizon.com ak.sail-horizon.com — Cisco Umbrella Rank: 2906	43 KB
1	lrcontent.com auth.lrcontent.com — Cisco Umbrella Rank: 47177	47 KB
1	npttech.com www.npttech.com — Cisco Umbrella Rank: 3811	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
291	63

	Domain	Requested by
47	s0.2mdn.net	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital s0.2mdn.net
26	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital	1 redirects gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
12	dt.adsafeprotected.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
12	beacon.krxd.net	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital cdn.krxd.net
12	www.youtube.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital www.youtube.com
12	s.amazon-adsystem.com	1 redirects c.amazon-adsystem.com s.amazon-adsystem.com match.sharethrough.com u.openx.net ap.lijit.com cdn.districtm.io ads.pubmatic.com eus.rubiconproject.com
11	cm.g.doubleclick.net	8 redirects u.openx.net eus.rubiconproject.com
11	i.ytimg.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital www.youtube.com
11	dmx.districtm.io	1 redirects hb.districtm.io cdn.districtm.io gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
10	match.sharethrough.com	5 redirects s.amazon-adsystem.com match.sharethrough.com
8	match.adsrvr.org	8 redirects
8	sync-tm.everesttech.net	8 redirects
8	securepubads.g.doubleclick.net	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital securepubads.g.doubleclick.net www.googletagservices.com
6	cdn.krxd.net	fem.prod.postmedia.digital cdn.krxd.net
6	sb.scorecardresearch.com	2 redirects fem.prod.postmedia.digital gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
5	pagead2.googlesyndication.com	www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
5	pixel.rubiconproject.com	eus.rubiconproject.com
5	token.rubiconproject.com	4 redirects eus.rubiconproject.com
5	ce.lijit.com	ap.lijit.com
5	usermatch.krxd.net	5 redirects
5	cdn.districtm.io	1 redirects hb.districtm.io cdn.districtm.io s.amazon-adsystem.com
5	pixel.adsafeprotected.com	cdn.adsafeprotected.com gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
4	static.adsafeprotected.com	pixel.adsafeprotected.com gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
4	idsync.rlcdn.com	2 redirects gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital ads.pubmatic.com
4	ib.adnxs.com	4 redirects
4	www.google.com	1 redirects gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital www.youtube.com tpc.googlesyndication.com
4	identity.mparticle.com	jssdkcdns.mparticle.com
4	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
4	smartcdn.gprod.postmedia.digital	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
4	c.amazon-adsystem.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital c.amazon-adsystem.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	image2.pubmatic.com	ads.pubmatic.com
3	simage2.pubmatic.com	ads.pubmatic.com
3	sync.1rx.io	3 redirects
3	c1.adform.net	2 redirects ads.pubmatic.com
3	x.bidswitch.net	3 redirects
3	us-u.openx.net	u.openx.net
3	ml314.com	1 redirects gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital ml314.com
3	sync.mathtag.com	3 redirects
3	eb2.3lift.com	3 redirects
3	u.openx.net	2 redirects s.amazon-adsystem.com
3	googleads.g.doubleclick.net	1 redirects www.googleadservices.com www.youtube.com
3	match.prod.bidr.io	3 redirects
3	px.ads.linkedin.com	3 redirects
3	consumer.krxd.net	cdn.krxd.net
3	www.googletagmanager.com	fem.prod.postmedia.digital www.googletagmanager.com
3	smartcdn.prod.postmedia.digital	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
2	www.googletagservices.com	securepubads.g.doubleclick.net
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	pippio.com	2 redirects
2	pr-bh.ybp.yahoo.com	1 redirects u.openx.net
2	ssum.casalemedia.com	2 redirects
2	ssum-sec.casalemedia.com	2 redirects
2	ap.lijit.com	1 redirects s.amazon-adsystem.com
2	eus.rubiconproject.com	s.amazon-adsystem.com eus.rubiconproject.com
2	ads.pubmatic.com	s.amazon-adsystem.com ads.pubmatic.com
2	www.google.ca	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
2	www.facebook.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
2	ups.analytics.yahoo.com	2 redirects
2	p.rfihub.com	2 redirects
2	us.creativecdn.com	2 redirects
2	p.adsymptotic.com	1 redirects gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
2	api.sail-personalize.com	ak.sail-horizon.com
2	connect.facebook.net	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital connect.facebook.net
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
2	d395dw5zk780j2.cloudfront.net	fem.prod.postmedia.digital d395dw5zk780j2.cloudfront.net
1	assets.ribn.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	bid.g.doubleclick.net	www.googleadservices.com
1	jssdks.mparticle.com	jssdkcdns.mparticle.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	ads.yahoo.com	eus.rubiconproject.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	pixel-us-east.rubiconproject.com	1 redirects
1	ad.turn.com	1 redirects
1	um.simpli.fi	1 redirects
1	image4.pubmatic.com	ads.pubmatic.com
1	tags.rd.linksynergy.com	1 redirects
1	image6.pubmatic.com	ads.pubmatic.com
1	sync.targeting.unrulymedia.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	data.adsrvr.org	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	aa.agkn.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	stags.bluekai.com	1 redirects
1	t.co	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	analytics.twitter.com	static.ads-twitter.com
1	c5067f650385d0f70f33b1b0646d80cc.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	px4.ads.linkedin.com	1 redirects
1	www.linkedin.com	1 redirects
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.ca	securepubads.g.doubleclick.net
1	static.ads-twitter.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	snap.licdn.com	www.googletagmanager.com
1	jssdkcdns.mparticle.com	fem.prod.postmedia.digital
1	fem.prod.postmedia.digital	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	ak.sail-horizon.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	auth.lrcontent.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	www.npttech.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	fonts.googleapis.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	cdn.adsafeprotected.com	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
1	hb.districtm.io	gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
291	102

This site contains links to these domains. Also see Links.

Domain
ofoffers.ca
www.remembering.ca
shopping.ontariofarmer.com
www.businesswire.com
www.newsfilecorp.com
www.globenewswire.com
7c1e077b.flowpaper.com
www.facebook.com
twitter.com
www.postmediasolutions.com
adregistry.postmedia.com
www.postmedia.com

Subject Issuer	Validity	Valid
gcp-cheet-4632-driving.gdev.postmedia.digital R3	`2022-02-03` - `2022-05-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
*.adsafeprotected.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
ak.sail-horizon.com Amazon	`2022-01-06` - `2023-02-02`	a year	crt.sh
fem.prod.postmedia.digital Amazon	`2021-11-08` - `2022-12-06`	a year	crt.sh
smartcdn.gprod.postmedia.digital GTS CA 1D4	`2021-12-16` - `2022-03-16`	3 months	crt.sh
*.prod.postmedia.digital Amazon	`2022-01-15` - `2023-02-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
jssdkcdns.mparticle.com R3	`2021-12-27` - `2022-03-27`	3 months	crt.sh
cdn.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-12-30` - `2022-12-29`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
identity.mparticle.com Go Daddy Secure Certificate Authority - G2	`2021-07-07` - `2022-08-08`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-13` - `2022-02-11`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
api.sail-personalize.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
consumer.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2022-07-12`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.google.ca GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-24` - `2022-03-23`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2021-03-24` - `2022-03-23`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-04-01` - `2022-04-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2021-03-11` - `2022-04-12`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.ml314.com Amazon	`2021-12-17` - `2023-01-14`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-01-18` - `2022-07-13`	6 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
jssdks.mparticle.com R3	`2021-12-27` - `2022-03-27`	3 months	crt.sh
*.ribn.com Amazon	`2021-09-20` - `2022-10-19`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh

This page contains 32 frames:

Primary Page: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Frame ID: D5BC81614032E88C8336DD7F0C8DA351
Requests: 119 HTTP requests in this frame

Frame: https://d395dw5zk780j2.cloudfront.net/v49.3/xd.html
Frame ID: 3BDD33EBDB936BDC9835637B0A6C223C
Requests: 2 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html
Frame ID: 33D87FEFBD4B0EA93C666F116950D35A
Requests: 9 HTTP requests in this frame

Frame: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Frame ID: 41DCF32CB7A5605CACBE859855613E87
Requests: 19 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&dcc=t
Frame ID: C8162E127BE19051A8BD91471E569552
Requests: 1 HTTP requests in this frame

Frame: https://c5067f650385d0f70f33b1b0646d80cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: DD1F1065F73B23981FC0ABE568E451C3
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1
Frame ID: 8B057A0737DBA4E007A7DB8D5D1D9E9F
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
Frame ID: 83CCF1FEA1A41841E550AFF51AFC714C
Requests: 19 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Frame ID: 7D0A3108D8667D6E2F8D81987018A712
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Frame ID: 751F4E2DB204D01557B73B7FDA8E7823
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: C0C2CB1E538F0B120B3DE512F107F41F
Requests: 12 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 261513C7A9B636777F1931B837770732
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=districtm
Frame ID: A8F429AC79613E8DE038307A1D54B556
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=appnexus.com
Frame ID: B6F1C6B35306BF5752A1B3B7EE91B31A
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Frame ID: C4602F2A6F8A5E5BDA25BC397ECB5D6C
Requests: 7 HTTP requests in this frame

Frame: https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D
Frame ID: B7343861B079F9744BA762EA13C79796
Requests: 3 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=585957761931012015200
Frame ID: A32F54DA10EF9B9076F9EA387F037C7E
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=23C78D8A-DA97-4FAD-8138-2A3B325854B5
Frame ID: 96B7060EC6EFFCB4FDDE455A3AA4BC79
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfwhZgADgP1xSwBH&gdpr=0&gdpr_consent=&_test=YfwhZgADgP1xSwBH
Frame ID: 9DF31FE2F943705D9F8EA68B4B524B8C
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=23C78D8A-DA97-4FAD-8138-2A3B325854B5&ex=pubmatic.com
Frame ID: 64F90B857B7E0AC0184BEF09D75691E4
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 12E5AFFF6DAB00435A4C7C6AB704D945
Requests: 1 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=928934&campId=300x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717528&pubOrder=2842599597&cb=161012505&custom=index&custom2=1&adsafe_par&impId=9f19f994-8520-11ec-b043-0e2c9bbbd875
Frame ID: FCE3C052610B2CA54F7B64FCA0AB2B8E
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss7yrALGa1TOnv9xsXRJqpTY9T6NVF_gyxwa0MiBU2W6uX8dnQBIGkwkheP-9foTc6TND3Fp5xX90bdrEhfJy8d0WlawHhNME3uWx1EvlwnG-2ZXAQIqLSaE9vzu-yD5hfuq1EbBQQ35srbuol29MDtDaqvg0QBxBRKQq5UREVvXjh4sR2HhrPMmWYECHsTnaE17W-9z0XhX_kkFXFhtztUU27r6p_BxNXAfKsLhQg3N7H6ZKcHCVdTdSl8qltCldQ-Zjt5El6FORrG3dt4aLaaeNCN39a3qi06-BRCinv0NJXLfmbsbX00-iOdPPCXjxfYkUb7-tC67dIBd7hHLKWdmjMpltcx_iTZSe7ANdNjR4VTbxta73AWuV7bwA&sai=AMfl-YRc7jNO2RHwTlf9Jl2c4g5A59ub4qGigDpwguMVk7QjL1x-mApT7CskPkKrm1SLwZEQMv2e8N3ZPSfedWq-wWm1P6v88J_tbvAhB_nFTVviSPs5w-3LHLPlwZhojUKtDIrqABQ5XQ4qbVdY7TgQReks&sig=Cg0ArKJSzAXq8CTH8idgEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: EB1BE93A009F03F9C2F1A8F04ACD2A6B
Requests: 7 HTTP requests in this frame

Frame: https://pixel.adsafeprotected.com/jload?anId=928934&campId=970x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717501&pubOrder=2842599597&cb=307793121&custom=index&custom2=2&adsafe_par&impId=9f19f995-8520-11ec-b043-0e2c9bbbd875
Frame ID: A49C579789AF1914027AA6EE9AE1EC9D
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst7DQd1vAXX-XfjDnw2TVwUTUFCXgtWjrvmUU9we2iSfTR537TzlSohDtGDjoJcSFqoNQOt1UNUy2tiInauIv5QQUBacWZXLIH-sNcPzLxBP9QZQcjN2QQey_E752u8ltCIkYpNXMpL6jLhDsUDrhM5XLoYtpjbf-uwTMq8IcLUd6Z9EkTzBlpjRM6T3CsUAU4MSwwFCyNhEwnIqJ0BgmKCZ9PXoZ0lSXIJBhBZ37yAYc2uRgb0pg_07dLnsCauMmkHRftklk9mxqPX_lkmPs8yk0yjwUYm0Up1WxMMUcBK7YRBIBD9R6dMNvSl9MSasakLlG_I6aZK6-5Av8VfaVWrMo3x5xfqXocefqy05B6OUAG4Ch9dSEO23AW7eQ&sai=AMfl-YTaqg3N1sMqdhzfSdKXM5nwz-2njKKWGKHyFPXak9XBpMb_FFSrPvUdzBzym7JPdVfAgWYc-4ZYDIbIMAYSDKCWu66Gtzhdc20ReUUGqyKDsg3bOv_25rLxPUrs20sM34gVE8pTzKbkGcYr-ULWXfXI&sig=Cg0ArKJSzOKHIlAt2NZpEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: B5A98BD13B2DC6CC4894EF78FB4A4791
Requests: 6 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
Frame ID: DB965AF7AF5B950E722FFC72C4532B24
Requests: 21 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
Frame ID: 12CDABCD7ACD348084F508B50AEFF987
Requests: 22 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: E4CCFAA29EF98EA1FF917CC7C1C2E92C
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: D38748CAAE7EFD80386047F672857F55
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: BA29B8119F2A1ED8AFC3F0B453DACF6A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 315ABAC7823DBED602E8AAB83315050A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B9B649788FF8F463D642F083EA75EE8C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home | Ontario FarmerOntario Farmer

Page URL History Show full URLs

http://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/ HTTP 308
https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

291
Requests

83 %
HTTPS

37 %
IPv6

63
Domains

102
Subdomains

71
IPs

5
Countries

3348 kB
Transfer

10391 kB
Size

102
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://ofoffers.ca/
Title: Subscribe

Search URL Search Domain Scan URL

URL: http://www.remembering.ca/about/
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://shopping.ontariofarmer.com/
Title: London

Search URL Search Domain Scan URL

URL: https://www.businesswire.com/
Title: Promoted By Business Wire

Search URL Search Domain Scan URL

URL: https://www.newsfilecorp.com/
Title: Promoted By Newsfile

Search URL Search Domain Scan URL

URL: https://www.globenewswire.com/
Title: Promoted By GlobeNewswire

Search URL Search Domain Scan URL

URL: https://7c1e077b.flowpaper.com/Shopper/
Title: Ontario Farmer Shopper November 9, 2021

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OntFarmerNews/

Search URL Search Domain Scan URL

URL: https://twitter.com/OntFarmerNews

Search URL Search Domain Scan URL

URL: https://www.postmediasolutions.com/contact-us/
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://adregistry.postmedia.com/
Title: Digital Ad Registry

Search URL Search Domain Scan URL

URL: https://www.postmedia.com/brands

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/ HTTP 308
https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 70

https://sb.scorecardresearch.com/b?c1=2&c2=10276888&ns__t=1643913569857&ns_c=UTF-8&c8=Home%20%7C%20Ontario%20Farmer&c7=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1643913569857&ns_c=UTF-8&c8=Home%20%7C%20Ontario%20Farmer&c7=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&c9=

Request Chain 88

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&dcc=t

Request Chain 93

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1747836%26time%3D1643913570148%26url%3Dhttps%253A%252F%252Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&cookiesTest=true&liSync=true&e_ipv6=AQIMPwVLyAydTAAAAX7A4mmlTD6D4rCY4Y02-AMB_IM0GWWqFs6l6fkzcXO8XWBfkSYECyRt HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6ec484a4-de35-48f1-9bdf-9ce3d94e1a73 HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6ec484a4-de35-48f1-9bdf-9ce3d94e1a73&_expected_cookie=c2033ce5991c705ea3f3291e722f7f64

Request Chain 95

https://us.creativecdn.com/cm-notify?pi=districtm HTTP 302
https://us.creativecdn.com/cm-notify?pi=districtm&tc=1 HTTP 302
https://dmx.districtm.io/s/10027/xUEIGQJkcDf2qE0ogw9C?pi=districtm&tc=1

Request Chain 96

https://match.sharethrough.com/1PQ8qgv7/v1/ HTTP 302
https://dmx.districtm.io/s/10059/535ebeb1-027e-4430-8e62-97a04a64c695

Request Chain 97

https://p.rfihub.com/cm?pub=36496&in=1 HTTP 302
https://dmx.districtm.io/s/10056/968062827439473446

Request Chain 98

https://ups.analytics.yahoo.com/ups/58377/occ?gdpr=&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58377/occ?gdpr=&gdpr_consent=&verify=true HTTP 302
https://dmx.districtm.io/s/10057/y-UlKUSNVE2uFN15s5SGvWYh3C27H4xITiNodc44I-~A

Request Chain 99

https://match.prod.bidr.io/cookie-sync/districtm HTTP 303
https://match.prod.bidr.io/cookie-sync/districtm?_bee_ppp=1 HTTP 303
https://dmx.districtm.io/s/10025/AACLsU7D-EMAAHY9n1tp7Q

Request Chain 112

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&auid=885379829.1643913570&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=YiH8YfGzF6-MoPMPlaqx4A8&sscte=1&crd=&eitems=ChEIgJfujwYQxs6LyfLeqZCkARIdACVFf635TM94nKRP_m7KAcK1q08uhpyc7ppziWA HTTP 302
https://www.google.com/pagead/1p-conversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&auid=885379829.1643913570&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=YiH8YfGzF6-MoPMPlaqx4A8&cid=CAQSKQCNIrLMd8X-udJDuH5y0Dkf2MihgQE9VqNl6cc6XOdTg8GayMUO75FP&eitems=ChEIgJfujwYQxs6LyfLeqZCkARIdACVFf62Ij9ZR1u2U7Dm7HHFvYGWH_Pv0g9lUBXg&random=1807456467&resp=GooglemKTybQhCsO HTTP 302
https://www.google.ca/pagead/1p-conversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&auid=885379829.1643913570&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=YiH8YfGzF6-MoPMPlaqx4A8&cid=CAQSKQCNIrLMd8X-udJDuH5y0Dkf2MihgQE9VqNl6cc6XOdTg8GayMUO75FP&eitems=ChEIgJfujwYQxs6LyfLeqZCkARIdACVFf62Ij9ZR1u2U7Dm7HHFvYGWH_Pv0g9lUBXg&random=1807456467&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 116

https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D

Request Chain 117

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=districtm HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Ddistrictm HTTP 302
https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=districtm

Request Chain 118

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com HTTP 302
https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=appnexus.com

Request Chain 119

https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com HTTP 302
https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1

Request Chain 120

https://cdn.districtm.io/ids/?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D HTTP 301
https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D

Request Chain 121

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=585957761931012015200

Request Chain 126

https://usermatch.krxd.net/um/v2?partner=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=T3BCSDluakE HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEGLIkawqix6wVhPPthVcAPc&google_cver=1

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=T3BCSDluakE HTTP 302
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEMvbzyqbXGfk_RrEFMBb8A4&google_cver=1

Request Chain 129

https://stags.bluekai.com/site/26357?id=OpBH9njA&redir=https://beacon.krxd.net/usermatch.gif?_kuid%3DOpBH9njA%26partner%3Dbluekai%26bk_uuid%3D%24_BK_UUID HTTP 302
https://beacon.krxd.net/usermatch.gif?_kuid=OpBH9njA&partner=bluekai&bk_uuid=$_BK_UUID

Request Chain 131

https://sync-tm.everesttech.net/upi/pid/NC4WTmcy?redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner_id%3Dcb276571-e0d9-4438-9fd4-80a1ff034b01%26puid%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/NC4WTmcy?redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner_id%3Dcb276571-e0d9-4438-9fd4-80a1ff034b01%26puid%3D%24%7BTM_USER_ID%7D&_test=YfwhZgADgOhpgABH HTTP 302
https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YfwhZgADgOhpgABH&_test=YfwhZgADgOhpgABH

Request Chain 132

https://usermatch.krxd.net/um/v2?partner=beeswax HTTP 302
https://match.prod.bidr.io/cookie-sync/krux?partner_user_id=OpBH9njA HTTP 303
https://beacon.krxd.net/usermatch.gif?partner=beeswax&partner_uid=AACLsU7D-EMAAHY9n1tp7Q

Request Chain 133

https://usermatch.krxd.net/um/v2?partner=mediamath HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=10031&mt_exuid=OpBH9njA&redirect=https://beacon.krxd.net/usermatch.gif?partner%3Dmediamath%26partner_id%3D%5BMM_UUID%5D HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=8f1e61fc-2162-4900-902b-e4ff76eedd0a

Request Chain 135

https://usermatch.krxd.net/um/v2?partner=neustar HTTP 302
https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=OpBH9njA

Request Chain 136

https://ssum-sec.casalemedia.com/usermatchredir?s=183716&cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__ HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__&s=183716&C=1 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YfwhYsZ.lA1IpbnkvjRaogAA%26516

Request Chain 137

https://sync.srv.stackadapt.com/sync?nid=salesforce HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=bz1Rw1AES0NhINsFrEoVupU4mbs

Request Chain 138

https://usermatch.krxd.net/um/v2?partner=triplelift&gdpr=0&cmp_cs=&us_privacy=undefined HTTP 302
https://eb2.3lift.com/xuid?mid=3587&xuid=OpBH9njA&dongle=13b2&rdir=https://beacon.krxd.net/usermatch.gif?partner%3Dtriplelift%26partner_uid%3D$UID&gdpr=0&cmp_cs=&us_privacy=undefined HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=triplelift&partner_uid=585957761931012015200

Request Chain 140

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=

Request Chain 141

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
https://u.openx.net/w/1.0/cm?id=7ead435e-a2cd-4cbf-8876-adb66822613f&ph=c6b01e12-aa62-4ae6-9e10-71346e597c31&r=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DF2Stothm3wg5g6opTuaPadz9%26source_user_id%3D HTTP 302
https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=9397f8bc-a2c5-0b33-1153-a55b87545649

Request Chain 142

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=

Request Chain 143

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=186046&cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__ HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__&s=186046&C=1 HTTP 302
https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=YfwhYlBla4vvqMN87eREJQAA%26513

Request Chain 145

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YfwhZgADgQ1y8ABH HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YfwhZgADgQ1y8ABH&_test=YfwhZgADgQ1y8ABH

Request Chain 147

https://match.adsrvr.org/track/cmf/openx?oxid=5df40d81-1081-36de-54f8-83118d9ff421&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072971&val=d534b263-5dde-4c14-ba5a-876c938f2180&ttd_puid=5df40d81-1081-36de-54f8-83118d9ff421

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Go88Fzgsf35uQUxKowOY&google_cver=1

Request Chain 152

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=fmx HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=8417904000596652597&ssp=fmx HTTP 302
https://ce.lijit.com/merge?pid=26&3pid=dccf4511-a5cd-4f33-9c8c-7b158fbd479f

Request Chain 153

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=10&3pid=968062827439473446

Request Chain 154

https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=27&3pid=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=

Request Chain 155

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=ZlYcm2JWTMp9BUidaVdXymlST899UEzJNl8UtJK0

Request Chain 156

https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/sovrn?zcc=1&cb=1643913570776 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=745740043 HTTP 302
https://sync.1rx.io/usersync/tradedesk/d534b263-5dde-4c14-ba5a-876c938f2180 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005 HTTP 302
https://ce.lijit.com/merge?pid=56&3pid=RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005

Request Chain 166

https://dmx.districtm.io/s/v1/users/10002 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=dmx.com&id=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaWQiOjEwMDAyLCJ1c3IiOiJxZ1llc2dZYk1qUmllVkpFZVRNemFGZ3lkR054ZFZvNVlqbExaMHRvZVRSSSJ9.mkOjUbN_Ckqs44UZZhLnzg7Q7k2KfhnURjXSFrrbfwMLSJiVqld_zVxjrNnPwiS4LRnenH_prOeqi0HN9igyuQ

Request Chain 167

https://ml314.com/csync.ashx?fp=OpBH9njA&person_id=3624884529290805302&eid=748&return=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dmadisonlogic%26partner_uid%3D3624884529290805302 HTTP 302
https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3624884529290805302

Request Chain 168

https://c1.adform.net/serving/cookie/match?party=14&cid=23C78D8A-DA97-4FAD-8138-2A3B325854B5 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=23C78D8A-DA97-4FAD-8138-2A3B325854B5

Request Chain 169

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YfwhZgADgP1xSwBH HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfwhZgADgP1xSwBH&gdpr=0&gdpr_consent=&_test=YfwhZgADgP1xSwBH

Request Chain 171

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I8eNitqXT62BOCo7MlhUtQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 172

https://idsync.rlcdn.com/420486.gif?partner_uid=23C78D8A-DA97-4FAD-8138-2A3B325854B5 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDIzQzc4RDhBLURBOTctNEZBRC04MTM4LTJBM0IzMjU4NTRCNRAAGg0I4sLwjwYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=5a255d31338096943d36c7b22d1f176414372133246268f648865d0563a3f3e0791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA1YTI1NWQzMTMzODA5Njk0M2QzNmM3YjIyZDFmMTc2NDE0MzcyMTMzMjQ2MjY4ZjY0ODg2NWQwNTYzYTNmM2UwNzkxNDI2YjU0MTdkY2UyMRAAGgwI4sLwjwYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA1YTI1NWQzMTMzODA5Njk0M2QzNmM3YjIyZDFmMTc2NDE0MzcyMTMzMjQ2MjY4ZjY0ODg2NWQwNTYzYTNmM2UwNzkxNDI2YjU0MTdkY2UyMRAAGgwI4sLwjwYSBAgCEABCAEoA&google_gid=CAESEGDc7ev3WjydFvw1nbaiEfw&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=d70c878c-5e9f-4717-9c38-efbf6d44241f

Request Chain 173

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f1e61fc-2162-4900-902b-e4ff76eedd0a

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MjNDNzhEOEEtREE5Ny00RkFELTgxMzgtMkEzQjMyNTg1NEI1&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFp4ClLuyDAF2-3_33jJ4mQ&google_cver=1

Request Chain 176

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3F515BC34A04FE9B59C9D99074FC859

Request Chain 177

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7300976281851386186&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 178

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d534b263-5dde-4c14-ba5a-876c938f2180

Request Chain 179

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=KZ7BP1AX-1N-HW1Z HTTP 302
https://s.amazon-adsystem.com/ecm3?id=KZ7BP1AX-1N-HW1Z&ex=d-rubiconproject.com&status=ok

Request Chain 188

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8f1e61fc-2162-4900-902b-e4ff76eedd0a&expires=28

Request Chain 189

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB5BgrgZe2tsL4LcUP-0u8U&google_cver=1

Request Chain 190

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/BbV8HsTBbBmS1usoAJhJBMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8349194455581093975

Request Chain 191

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=&expires=30

Request Chain 192

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1o3QlAxQVgtMU4tSFcxWg==

Request Chain 193

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZ7BP1AX-1N-HW1Z&sigv=1&esig=2~5c335e43d6c89d8ecd3a1b1678076fc44243f15a

Request Chain 194

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzBhODYzY2ZlYmMwM2VlNGQ0MzcwNTkzMGRjZjI1NzQzN2JiZjdhZg

Request Chain 195

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YfwhZwADf4ewOwBH HTTP 302
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfwhZwADf4ewOwBH&_test=YfwhZwADf4ewOwBH

Request Chain 286

https://sb.scorecardresearch.com/c2/10276888/cs.js HTTP 302
https://sb.scorecardresearch.com/internal-c2/default/cs.js

291 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Redirect Chain

http://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

630 KB
188 KB

797ms
770ms

Document
text/html

34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

67418c9d1b786534118b4fe691ac5ad8ebc7d9c0679c3e528ea29908b2609f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding user-agent
expires: Thu, 03 Feb 2022 18:43:24 GMT
cache-control: max-age=300
x-frame-options: SAMEORIGIN
x-pmd-backend: cheetah-nginx
content-encoding: gzip
strict-transport-security: max-age=15724800; includeSubDomains

Redirect headers

Date: Thu, 03 Feb 2022 18:39:28 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 107ms
52ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

60bc2c8f43a8beb37b3522f68592595265d39bfcfefffadb27491f262e168c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27214
x-xss-protection: 0
server: sffe
etag: "1120 / 875 of 1000 / last-modified: 1643889991"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 68ms
24ms Script
application/javascript 54.239.200.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.239.200.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-239-200-177.ewr53.r.cloudfront.net
Software: Server /
Resource Hash: c7360a9b46fde11845b3090ca0034fb409d92398a71f3ae15fac3a2fa29ae6cc

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: GzCVpXkwVbKPnWWiNgpDCABi9Jbs4BMI
content-encoding: gzip
etag: a89a0f9aa62d9c46ee287cd1f0b6423d
age: 71066
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1FPN66N7D4S3EYJTE8BS
date: Wed, 02 Feb 2022 22:55:06 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 17da55c14108bb8cae904f764f67c0e0.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: EWR53-P1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: Wx6BURCj4A-hhY7VxcgjMmSvNHiIxktfRCyaSokghbH43mzTtdfscQ==

GET
H2 200 all.postmedia.js Show response
hb.districtm.io/prod/100549/ 36 KB
13 KB 100ms
49ms Script
application/javascript 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.districtm.io/prod/100549/all.postmedia.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d5f7c1c0cbec2c27d4165db4cd06b7780f477fc9161008bde67c7a9d62b223aa

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 076b9b2d65e3c54d9f7c44a7bccddebe.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 7084
x-cache: Miss from cloudfront
cf-bgj: minify
content-encoding: br
last-modified: Thu, 10 Dec 2020 10:37:54 GMT
server: cloudflare
etag: W/"5f2e83162e71fb84bb30df8f49e91eee"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=43200
x-amz-cf-pop: BOS50-C3
cf-ray: 6d7dc83fac8fe6f8-EWR
x-amz-cf-id: Mkfq1S6avuHtMJRqml5IK9EcJfdOfBX97DcmT2P79U80hTRfuXz9NA==
expires: Fri, 04 Feb 2022 06:39:29 GMT

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
22 KB 65ms
23ms Script
application/javascript 52.85.61.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-107.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 28 Jan 2022 16:18:29 GMT
Via: 1.1 2c7d387775f2e52dd268d2f49202b5d2.cloudfront.net (CloudFront)
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 17:38:57 GMT
Server: AmazonS3
Age: 526861
ETag: "51636de3ce868a2172f9e6996c2934e0"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Cache-Control: max-age=604800
X-Amz-Cf-Pop: EWR53-P1
Accept-Ranges: bytes
Content-Length: 22521
X-Amz-Cf-Id: rUBNPpl7ZJ_KHUi7CffqoVXEyACLnF5cCM_mYZfHijfZp_H1T4k0jA==

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 86ms
35ms Stylesheet
text/css 2607:f8b0:4006:81d::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aa8c4f5924fd06cbaf5c65fac729f0c3207d1f70534b07fc0915948c41b29d6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 17:04:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 03 Feb 2022 18:39:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H2 200 advertising.js Show response
www.npttech.com/ 7 KB
3 KB 52ms
21ms Script
application/javascript 2606:4700:3032::ac43:c0b6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.npttech.com/advertising.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c0b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 360
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: JNMEQGQ9NJ9E6X1S
x-amz-id-2: fxImh/8M8kos4PfArLZQ66EMsMP9XUBIudAFPFkNaHH9tQrUf3+tzsmbOphXS4daZ7ig6eUbrKc=
last-modified: Wed, 19 Jun 2019 08:25:01 GMT
server: cloudflare
etag: W/"3d6f80c860866175f58a84bbbc9217c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=af1QgXYuQL8wPM6Uu9ajFfvv80xlHmiAkVLarRXteqAxal3haiopt3qltnTEqBHDHpQ6Njik9IpOyxHJBQsiGQXJx8bzxM3jKPRUyfxZyuQxTX24ZGpqz4cjcU8YHgThglK7h8RX8GAoPr5kkHA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=28800
x-amz-version-id: hXQWgdpwSBM26VgKOeTSlm.4VT89.h9w
cf-ray: 6d7dc8402c4f4bcb-YUL

GET
H2 200 LoginRadiusV2.js Show response
auth.lrcontent.com/v2/js/ 199 KB
47 KB 56ms
24ms Script
application/javascript 2606:4700:10::6816:49e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.lrcontent.com/v2/js/LoginRadiusV2.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c

Security Headers

Name	Value
Strict-Transport-Security	max-age= 63072000; includeSubdomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 c1c976b1b60b605adb44f62da9e0bb8a.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
age: 3175
cf-polished: origSize=1238069
x-cache: Miss from cloudfront
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 05:19:58 GMT
server: cloudflare
etag: W/"ae3463c4a59ae100b160ed4dd5dbf4b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age= 63072000; includeSubdomains; preload
content-type: application/javascript
cache-control: max-age=14400
x-amz-cf-pop: EWR52-C3
cf-ray: 6d7dc83f9932ca4b-YUL
x-amz-cf-id: UKx_SLTr25mJR9OxZ3Jl1iZpjZMyCaPjbVBPFMpyn7yVrNt_E6CAIg==
cf-bgj: minify

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 121 KB
43 KB 64ms
20ms Script
application/javascript 52.85.61.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-89.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:14 GMT
content-encoding: gzip
last-modified: Tue, 08 Jun 2021 04:22:34 GMT
server: AmazonS3
age: 16
etag: W/"b22b4f4738e8722be1636447be239da2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 52b969a4ab7956a248b07efba57c92a4.cloudfront.net (CloudFront)
cache-control: max-age=600; must-revalidate
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: A6WJ_pyeTL4lidaEYVeoXpueDkDAvijzKoLATF3Q4VoQ12zoLYhegA==

GET
H2 200 fem.js Show response
fem.prod.postmedia.digital/v49.3/ 278 KB
83 KB 74ms
30ms Script
application/javascript 13.33.46.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fem.prod.postmedia.digital/v49.3/fem.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.46.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-46-5.ewr52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dfdc1f05ccfc2cb2352ee1b2a6a0988d1525f7c67cb966dce430ae8c4231245d

Request headers

Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:38:26 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 64
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Fri, 07 Jan 2022 18:28:01 GMT
server: AmazonS3
etag: W/"708d585ae8d9402a0a8a0f2ba56ac386"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
via: 1.1 66114286e54efb82c700272100713f2e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: EWR52-C1
x-amz-cf-id: 2CtxlCfvHFrFL3l874yQmO2rgagS3h9xHdfyJpiOJGwtXiVTrW9NYA==

GET
H2 200 CD_Winter-Scene.jpg
smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2022/01/ 32 KB
32 KB 42ms
12ms Image
image/webp 34.149.157.221
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2022/01/CD_Winter-Scene.jpg?quality=90&strip=all&w=466&type=webp
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 221.157.149.34.bc.googleusercontent.com
Software: nginx/1.19.10 /
Resource Hash: 4910659dc839049030cd900a2fba16b8b73872cbdc04bf71c494b0c0512edef4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pmd-smartcdn-requester: nexus
date: Tue, 01 Feb 2022 15:14:54 GMT
via: 1.1 google
server: nginx/1.19.10
cache-control: max-age=2592000,public
age: 185075
etag: "381af7f1ed861f0d0c47f3e75268eb56ba0741dd"
vary: Accept
content-type: image/webp
x-cache-hit: hit
x-pmd-smart-cdn-proxy: thumbor-proxy-64c799cd7-9rpnw
alt-svc: clear
content-length: 32578

GET
H2 200 business-wire-logo.svg
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common/ 11 KB
4 KB 20ms
14ms Image
image/svg+xml 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common/business-wire-logo.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

7fb15552a88b764ca42963e71136255cecf99c6bccc6fdc68fbe0f930a516cb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:24 GMT
etag: W/"61fc1dd8-2b6a"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 Newsfile-High-Res.png
smartcdn.prod.postmedia.digital/nexus/wp-content/uploads/2021/04/ 13 KB
13 KB 70ms
18ms Image
image/webp 13.225.230.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.prod.postmedia.digital/nexus/wp-content/uploads/2021/04/Newsfile-High-Res.png
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.230.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-230-62.jfk51.r.cloudfront.net
Software: nginx/1.19.10 /
Resource Hash: 7720a0f40d088f144d749c07f075b8dfdc84afd25900a59045fe6c29d0fc5090

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pmd-smartcdn-requester: nexus
date: Tue, 04 May 2021 23:36:37 GMT
via: 1.1 9936e6170e9ea67a9517d77d7f053dba.cloudfront.net (CloudFront)
server: nginx/1.19.10
age: 23742172
etag: "58a1b532378c9a60bc8df47534dea7218beaf9a0"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31536000,public
x-amz-cf-pop: JFK51-C1
x-pmd-smart-cdn-proxy: da21880a3f69
content-length: 13064
x-amz-cf-id: H2i2VSc1TBwAncdvWN3C6bcPV3Ww5FVJURIs8LjypWwXCr8fFc8bCA==
expires: Wed, 04 May 2022 23:36:37 GMT

GET
H2 200 globe-newswire.svg
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common/ 14 KB
4 KB 18ms
12ms Image
image/svg+xml 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common/globe-newswire.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

ca157b8a9c98a19c0446a974ea642d13e3b3398f328d312fd474df9f63c45fe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:24 GMT
etag: W/"61fc1dd8-3750"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 icon-soc-fb.svg
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/share-icons/ 775 B
692 B 17ms
11ms Image
image/svg+xml 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/share-icons/icon-soc-fb.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

40e562e806ce113ae7879d0dd76db82797b5c274794751c260381f2c8b283641

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:24 GMT
etag: W/"61fc1dd8-307"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 icon-soc-tw.svg
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/share-icons/ 2 KB
1 KB 19ms
13ms Image
image/svg+xml 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/share-icons/icon-soc-tw.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

975a64dc9bbc5e1884ba8ca2e76d9b2791d16d5c9f3619bf30477cd21a8636d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:24 GMT
etag: W/"61fc1dd8-6a2"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 shared.8beb132a751b.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/ 24 KB
10 KB 20ms
14ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

8beb132a751bf7fdfd70084935bcd73065ba507d0210fe7b2365d19941a81bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:29 GMT
etag: W/"61fc1ddd-5e1d"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 main.0b93db8d9084.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/ 95 KB
31 KB 21ms
16ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/main.0b93db8d9084.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

0b93db8d9084f4d447ad44bc0517ae517c735507636add991dcfa41aac220127

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:29 GMT
etag: W/"61fc1ddd-17d3b"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
DATA 200
OK truncated
/ 128 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23d00276404c2322c5d3bb27f5e930b67f81bc964189b36b028ab1521a5929db

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 256 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fde76cacc186420d0405496f66f9cd00a7c14a38a9ffa4b626a09affe83cc2a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 67ms
20ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 07:38:42 GMT
x-content-type-options: nosniff
age: 471647
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sun, 29 Jan 2023 07:38:42 GMT

GET
H2 200 icon-generic-play.svg
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common-icon/ 1 KB
855 B 11ms
11ms Image
image/svg+xml 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common-icon/icon-generic-play.svg?2f559573cb93

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

2f28c008f0ce667d697ccc95a07377e8562c0c28dd910f864724a265f75671e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:24 GMT
etag: W/"61fc1dd8-443"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v24/ 15 KB
15 KB 83ms
42ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v24/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 19:30:01 GMT
x-content-type-options: nosniff
age: 83368
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15660
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:19:40 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 02 Feb 2023 19:30:01 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 59ms
26ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 08:30:30 GMT
x-content-type-options: nosniff
age: 36539
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 03 Feb 2023 08:30:30 GMT

GET
H2 200 xd.html Show response
d395dw5zk780j2.cloudfront.net/v49.3/ Frame 3BDD 167 B
518 B 57ms
18ms Document
text/html 2600:9000:2209:5200:8:f216:eb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d395dw5zk780j2.cloudfront.net/v49.3/xd.html
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v49.3/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:5200:8:f216:eb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0fbc907061b6169dcb1fb510d8e037414886f7c2d0782747392db7c423b89116

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

content-type: text/html
content-length: 167
date: Mon, 10 Jan 2022 07:00:26 GMT
last-modified: Fri, 07 Jan 2022 18:28:01 GMT
etag: "2b729af275b2d9cef65cdefa704be2dd"
cache-control: max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 e5bd532dbdee524acdf00690205f3b5a.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: pDI0o2HyqIgZE-xiDDwgIpP_y-k0HsJxQSDlBecRPbUrJQlSTHXCHA==
age: 2115544

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 472 KB
105 KB 93ms
41ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer

Requested by

Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v49.3/fem.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

758049ebc8def60e9f2321b3e9a478169df806ef8b3fac32d4612268756fa1ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 107851
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 18:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 60ms
21ms Script
application/javascript 52.85.61.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v49.3/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-100.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 09:23:54 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 33403
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: hHsiNyS3Km80t8a2RlVBG5i1MUqjpvs31BB63ob7zCzupdKO_jmZZQ==

GET
H2 200 mparticle.js Show response
jssdkcdns.mparticle.com/js/v2/us1-a9588c0ddc27594cabd152e47ffe27ee/ 184 KB
48 KB 38ms
12ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdkcdns.mparticle.com/js/v2/us1-a9588c0ddc27594cabd152e47ffe27ee/mparticle.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v49.3/fem.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 34c4351e0ce42542bb0657355bfd91b4cb376ffce3bfc7de9ab1be8652124e3e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 2175
x-origin-name: fastlyshield--shield_ssl_cache_iad_kiad7000143_IAD
x-cache: HIT, HIT
x-cache-hits: 1, 2
content-encoding: gzip
content-length: 48359
x-served-by: cache-iad-kiad7000143-IAD, cache-yul12828-YUL
server: Kestrel
x-timer: S1643913570.537127,VS0,VE0
vary: Accept, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Thu, 03 Feb 2022 19:03:13 GMT

GET
H2 200 uthtxmddg.js Show response
cdn.krxd.net/controltag/ 29 KB
7 KB 38ms
10ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/uthtxmddg.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v49.3/fem.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 76a237b880fbfc8ac655e91dcf5c9af3b44ccc506c69328409b4047d72519eea

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 varnish, 1.1 varnish
age: 875
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 6471
x-served-by: config-service-a005-ash-prod.krxd.net, cache-iad-kcgs7200137-IAD, cache-yul12831-YUL
x-response-time: 0
x-do-esi: esi
x-timer: S1643913570.539468,VS0,VE0
etag: "8d8408c6b02eb41f93710c678ece74490c4f6485"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 120

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
34 KB 53ms
37ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer

Requested by

Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v49.3/fem.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a567b1ffaf953d8ca0adfdb0fd41a41412b1d21ae5bc6bb97fc3c78ece50851a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34093
x-xss-protection: 0
expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H2 200 pubads_impl_2022013101.js Show response
securepubads.g.doubleclick.net/gpt/ 356 KB
120 KB 21ms
20ms Script
text/javascript 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

sffe /

Resource Hash

80e9b90d32a294251cbec3aa3402fbd9c560100a23484d7947fd61e1faf5740e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 31 Jan 2022 12:20:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 281921
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122566
x-xss-protection: 0
last-modified: Mon, 31 Jan 2022 09:40:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 31 Jan 2023 12:20:48 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 130 B
143 B 71ms
42ms XHR
application/json 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

352bf16f1da51fd78d09e074022f434e41ad55934cc57f880826c1b413cc3c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118
x-xss-protection: 0
expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
334 B 27ms
27ms XHR
text/plain 54.239.200.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3528&u=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.239.200.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-239-200-177.ewr53.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:38:25 GMT
via: 1.1 17da55c14108bb8cae904f764f67c0e0.cloudfront.net (CloudFront)
server: Server
age: 64
x-cache: Hit from cloudfront
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: eMFJDRK5yNNWIScmvTBkcbvsAVNsNR8L-navfv6iCJoD38qG_esV9A==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 333ms
296ms XHR
application/javascript 54.239.200.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.239.200.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-239-200-177.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
x-amz-cf-pop: EWR53-P1
x-cache: Miss from cloudfront
access-control-allow-origin: *
last-modified: Fri, 21 Jan 2022 02:54:57 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: eaU6ir6qmGswM2SGRmLi7PKhBcBrRdvn
via: 1.1 2c7d387775f2e52dd268d2f49202b5d2.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
content-type: application/javascript
x-amz-cf-id: 3AcayLCikeKkzoxTshFXRWqxLh62aexRAA1YzVjyMuvYGt97wE9rIQ==

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 2 KB
2 KB 108ms
41ms XHR
application/json 52.44.16.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=928934&slot=%7Bid:ad-1,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-2,ss:%5B6.6,1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-1,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-3,ss:%5B7.7,1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-2,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-4,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-3,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-5,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-4,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-6,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-5,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-7,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-6,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-8,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-7,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-9,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-native-8,ss:%5B5.5%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&slot=%7Bid:ad-10,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=212ef9cd-122e-690c-4a26-55e51697e555&url=https%253A%252F%252Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%252F
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.44.16.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-16-134.compute-1.amazonaws.com
Software: nginx /
Resource Hash: fbc5b6820ad3f7829dffe54880e9ec215ccf69b6294dd25afeef28bf71aaacbf

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
x-server-name: app08.va.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 884f8a63d4124a85c5dd0.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 7 KB
3 KB 16ms
10ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/884f8a63d4124a85c5dd0.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

8efc268132d526206d433febe50d279a657513bcf23a6b6a527f84811c6ba6c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-1cff"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 5bb5d2f828b2dbccd0af1.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 18 KB
6 KB 17ms
11ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/5bb5d2f828b2dbccd0af1.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

1497c2deda8954f8b1eb298e6d80fd5a025c55bf3c679ea7c99dfbac50b4103a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-47a1"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 639f60171e06f45a25258.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 12 KB
4 KB 16ms
10ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/639f60171e06f45a25258.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

081417696c4bc8c61ab42ec11a63db18893fa9372a66935c5492d931f4aebfc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-2ea9"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 319134f8edfeb15b070c18.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 12 KB
4 KB 15ms
11ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/319134f8edfeb15b070c18.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

a1f4086973dc8059c20b2a680c1e4cfae4069ff3a4a063a297bbcd9281115dab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-2e3e"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 2b8b86e084d1ab65e2064.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 8 KB
3 KB 14ms
10ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/2b8b86e084d1ab65e2064.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

9034335635758d7a2b0d8f6f94a42f45ca55f3a87ed38929c7ab89800036e708

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-1eaa"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 0b4e1db468856be7c4117.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 19 KB
6 KB 15ms
11ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/0b4e1db468856be7c4117.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

b6450083a5b47788232fbe8dbf4ef3f900984519e23585b78d082e9f41109a1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-4c4a"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 64663c570873eaf2010613.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 51 KB
14 KB 16ms
13ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/64663c570873eaf2010613.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

e8989050bbb0d2b2573fdd8dfd7313ad8b377438339e13b400b1daf6adf600e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-ca31"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 db17bce7ef9476ceda412.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 6 KB
3 KB 17ms
13ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/db17bce7ef9476ceda412.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

39a95bd7f8ff911c8a36dc1ae3b37f85d4684fd3897ab3df6dca5f8c3cd9b422

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-19d5"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 99570a8661cf974c335a3.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 16 KB
6 KB 14ms
11ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/99570a8661cf974c335a3.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

e2cf23246faa8dc51d53f8194af77082ccfa8dff6a73596ea98c0ded52fb3a39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-3fb0"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 38f433b6a6367d1711665.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 14 KB
5 KB 16ms
13ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/38f433b6a6367d1711665.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

b40fffdca8df7dcf6a825dc35de6f3ee8bca5119730c8938e77e805d8016cb78

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-38bc"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 0c3df80a51de2ab6e84c9.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 13 KB
4 KB 22ms
19ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/0c3df80a51de2ab6e84c9.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

f79e1f14cff6f380ebbbea645bb159978ead5447a33a0ced34534b2271eb4019

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-32f4"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 0c201cfbaeab033b467f14.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 9 KB
3 KB 20ms
18ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/0c201cfbaeab033b467f14.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

c5bfe7e837984f45a4b301978ceb06a03fea2e60a15b937d99fd5b30d6ae9946

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-24f2"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 e330ec2ee9969165019715.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 7 KB
3 KB 20ms
18ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/e330ec2ee9969165019715.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

7a8eeaf2b963d18188f07f3e78982938224c9e58b5fab050989e51cbf44a3d6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-1a84"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 3b3f819d1ffe0e05145e10.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 11 KB
4 KB 20ms
19ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/3b3f819d1ffe0e05145e10.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

9008ac843d4735e349bdde45c352caeb6d5c1517622730fa602d6b56cf5e4b3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-2ab4"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 7cf4d25d2e47a8e0a18e28.js Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/ 9 KB
3 KB 21ms
20ms Script
application/javascript 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/7cf4d25d2e47a8e0a18e28.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/CACHE/js/shared.8beb132a751b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

42d28b968b79182a5ce39cb1bfb0a1f62441f1fb1a5d233162712097967aa6cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:22:33 GMT
etag: W/"61fc1d69-25d9"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:29 GMT

GET
H2 200 CD_Bake-it-Foward-Truck-e1639757520670.jpg
smartcdn.prod.postmedia.digital/nexus/wp-content/uploads/2021/12/ 31 KB
32 KB 31ms
29ms Image
image/webp 13.225.230.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.prod.postmedia.digital/nexus/wp-content/uploads/2021/12/CD_Bake-it-Foward-Truck-e1639757520670.jpg?quality=90&strip=all&w=344&type=webp
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.230.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-230-62.jfk51.r.cloudfront.net
Software: nginx/1.19.10 /
Resource Hash: 5853621d02d975fba45c91907a09fec43c635c608a30f31ecd9b85342693b41d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pmd-smartcdn-requester: nexus
date: Mon, 31 Jan 2022 20:21:51 GMT
via: 1.1 9936e6170e9ea67a9517d77d7f053dba.cloudfront.net (CloudFront)
server: nginx/1.19.10
age: 253058
etag: "ad4eb5e4458105b8a5460e49803224b75633b8a0"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31536000,public
x-amz-cf-pop: JFK51-C1
x-pmd-smart-cdn-proxy: 1c57cb1b3748
content-length: 32210
x-amz-cf-id: bYi1O8F46JONEoQfXM0QHGkl4XAp5rLfD4_rT1YpfZnFDxQdPfzhHA==
expires: Tue, 31 Jan 2023 20:21:51 GMT

GET
H2 200 wild-boars-e1637260632118.jpg
smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2021/11/ 16 KB
16 KB 13ms
12ms Image
image/webp 34.149.157.221
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2021/11/wild-boars-e1637260632118.jpg?quality=90&strip=all&w=344&type=webp
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 221.157.149.34.bc.googleusercontent.com
Software: nginx/1.19.10 /
Resource Hash: c6d4675d324e5b40ed5fe0f15dfc55855a7d6389232ce7c981062d99b80d366c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pmd-smartcdn-requester: nexus
date: Tue, 01 Feb 2022 15:14:54 GMT
via: 1.1 google
server: nginx/1.19.10
cache-control: max-age=2592000,public
age: 185075
etag: "7a09af2688eda187779b301412175145979f59a9"
vary: Accept
content-type: image/webp
x-cache-hit: hit
x-pmd-smart-cdn-proxy: thumbor-proxy-64c799cd7-6v79r
alt-svc: clear
content-length: 16430

GET
H2 200 Peggy-Brekveld-President-e1637684271190.jpg
smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2021/11/ 35 KB
35 KB 19ms
17ms Image
image/webp 34.149.157.221
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2021/11/Peggy-Brekveld-President-e1637684271190.jpg?quality=90&strip=all&w=344&type=webp
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 221.157.149.34.bc.googleusercontent.com
Software: nginx/1.19.10 /
Resource Hash: 42cb48fcecb9f09d629e736d1ca8a7eb9c37c8e493b140d071fa92396897b333

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pmd-smartcdn-requester: nexus
date: Tue, 01 Feb 2022 15:14:54 GMT
via: 1.1 google
server: nginx/1.19.10
cache-control: max-age=2592000,public
age: 185075
etag: "9427ccddca2fc4413cf31e61819ef57d3a7733a0"
vary: Accept
content-type: image/webp
x-cache-hit: hit
x-pmd-smart-cdn-proxy: thumbor-proxy-64c799cd7-9smrp
alt-svc: clear
content-length: 35688

GET
H2 200 ca.0402-dn-migrants.dn_.jpg
smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2021/10/ 28 KB
28 KB 15ms
13ms Image
image/webp 34.149.157.221
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.gprod.postmedia.digital/nexus/wp-content/uploads/2021/10/ca.0402-dn-migrants.dn_.jpg?quality=90&strip=all&w=344&type=webp
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 221.157.149.34.bc.googleusercontent.com
Software: nginx/1.19.10 /
Resource Hash: 39874e19af66fa05a8e943e773c81187cb7437bb3cb0076df6defb9381d32911

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pmd-smartcdn-requester: nexus
date: Tue, 01 Feb 2022 15:14:55 GMT
via: 1.1 google
server: nginx/1.19.10
cache-control: max-age=2592000,public
age: 185074
etag: "0f76a31c5e5eab3492b396502a69587e7ce4fc0b"
vary: Accept
content-type: image/webp
x-cache-hit: hit
x-pmd-smart-cdn-proxy: thumbor-proxy-64c799cd7-6v79r
alt-svc: clear
content-length: 29074

GET
H2 200 wild-boars-e1637260632118.jpg
smartcdn.prod.postmedia.digital/nexus/wp-content/uploads/2021/11/ 16 KB
16 KB 43ms
43ms Image
image/webp 13.225.230.62
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.prod.postmedia.digital/nexus/wp-content/uploads/2021/11/wild-boars-e1637260632118.jpg?quality=90&strip=all&w=344&type=webp
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.230.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-230-62.jfk51.r.cloudfront.net
Software: nginx/1.19.10 /
Resource Hash: c6d4675d324e5b40ed5fe0f15dfc55855a7d6389232ce7c981062d99b80d366c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-pmd-smartcdn-requester: nexus
date: Mon, 31 Jan 2022 20:21:51 GMT
via: 1.1 9936e6170e9ea67a9517d77d7f053dba.cloudfront.net (CloudFront)
server: nginx/1.19.10
age: 253058
etag: "7a09af2688eda187779b301412175145979f59a9"
vary: Accept
x-cache: Hit from cloudfront
content-type: image/webp
cache-control: max-age=31536000,public
x-amz-cf-pop: JFK51-C1
x-pmd-smart-cdn-proxy: a1a8ce3d761d
content-length: 16430
x-amz-cf-id: WY2_zX0t4kmY4r6HebuuXIzv7TwnBfS4eBt-VluiKiy8atSXmMJ9rQ==
expires: Tue, 31 Jan 2023 20:21:51 GMT

GET
H2 200 index.html Show response
cdn.districtm.io/ids/ Frame 33D8 116 B
305 B 53ms
41ms Document
text/html 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html
Requested by: Host: hb.districtm.io
URL: https://hb.districtm.io/prod/100549/all.postmedia.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-type: text/html
cf-ray: 6d7dc8422856e6f8-EWR
age: 51214
last-modified: Thu, 20 May 2021 02:18:27 GMT
via: 1.1 98ff52bb9a3187350f3ea674f4110afa.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-cf-id: IB_-C7-Bysocz7mDjIQ7Whb1UVXZIT04aacTY859FHHp67vFD-E_4Q==
x-amz-cf-pop: EWR53-C2
x-cache: Hit from cloudfront
vary: Accept-Encoding
server: cloudflare
content-encoding: br

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
38 B 78ms
67ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: hb.districtm.io
URL: https://hb.districtm.io/prod/100549/all.postmedia.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6d7dc8422858e6f8-EWR
access-control-allow-headers: origin, content-type

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
230 B 74ms
63ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: hb.districtm.io
URL: https://hb.districtm.io/prod/100549/all.postmedia.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6d7dc842285ae6f8-EWR
access-control-allow-headers: origin, content-type

GET
H2 200 xd.js Show response
d395dw5zk780j2.cloudfront.net/v49.3/ Frame 3BDD 37 KB
12 KB 20ms
20ms Script
application/javascript 2600:9000:2209:5200:8:f216:eb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d395dw5zk780j2.cloudfront.net/v49.3/xd.js
Requested by: Host: d395dw5zk780j2.cloudfront.net
URL: https://d395dw5zk780j2.cloudfront.net/v49.3/xd.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:5200:8:f216:eb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ea24837103070968a4b29ff947900cc3595204a8164ab822e53e0731074989ed

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://d395dw5zk780j2.cloudfront.net/v49.3/xd.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 07:00:26 GMT
content-encoding: gzip
last-modified: Fri, 07 Jan 2022 18:28:01 GMT
server: AmazonS3
age: 2115544
etag: W/"d63a090c49f5bb7aa243819754d5445c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e5bd532dbdee524acdf00690205f3b5a.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: EWR53-P1
x-amz-cf-id: UfQdZTGuRuW-wd6vTObjLh-h3prNFFv9igVNk83mjiATy8DQ3fLJ4w==

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ 259 KB
83 KB 10ms
10ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/uthtxmddg.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
age: 16006879
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 8629288
content-length: 84509
x-served-by: cache-yul12831-YUL
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1643913570.665087,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

OPTIONS
H2 204 identify
identity.mparticle.com/v1/ Frame 0
0 37ms
10ms Preflight 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-mp-key
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: Kestrel
access-control-allow-headers: content-type,x-mp-key
access-control-allow-methods: POST
access-control-allow-origin: *
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
accept-ranges: bytes
date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 varnish
age: 1175
x-served-by: cache-yul12826-YUL
x-cache: HIT
x-cache-hits: 962
x-timer: S1643913570.704192,VS0,VE0
strict-transport-security: max-age=900

POST
H2 200 identify Show response
identity.mparticle.com/v1/ 175 B
278 B 39ms
39ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Requested by

Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-a9588c0ddc27594cabd152e47ffe27ee/mparticle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

b445a1ed94ec142111c5c789164b0500ee0a2c180bbb371e2bc92c026532eb58

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

x-mp-key: us1-a9588c0ddc27594cabd152e47ffe27ee
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1643913570.715418,VS0,VE28
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by: cache-yul12826-YUL
vary: Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=900
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 194 B
687 B 326ms
325ms XHR
text/javascript 54.239.200.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3528&u=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&pid=RXUhDjIZuyGgR&cb=0&ws=1600x1200&v=7.72.0&t=2000&slots=%5B%7B%22sd%22%3A%22ad-1%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-2%22%2C%22s%22%3A%5B%226x6%22%2C%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-1%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-3%22%2C%22s%22%3A%5B%227x7%22%2C%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-2%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-4%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-3%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-5%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-4%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-6%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-5%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-7%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-6%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-8%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-7%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-9%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-8%22%2C%22s%22%3A%5B%225x5%22%5D%7D%2C%7B%22sd%22%3A%22ad-10%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.239.200.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-239-200-177.ewr53.r.cloudfront.net

Software

Server /

Resource Hash

61a9435112cb68acc5f8da27798416ac4082a71a8ee5d392fb39c30185e4bc73

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 17da55c14108bb8cae904f764f67c0e0.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: EWR53-P1
x-amz-rid: 5HQ2PQ8F5D681M1C1FRB
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 194
x-amz-cf-id: o_WMENi2d9eUa4025Jpv9dBWDZ--H9RNzW3dnoc8t-kTLRPy2UsV3Q==

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 132 KB
42 KB 63ms
35ms Script
application/javascript 2607:f8b0:4006:81f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P3Q4QHW&l=gtm_data_layer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c97a6c5363ec1db5ca67dc9e19eecca3f81dbc0480a1db8b068a10426be24493

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42730
x-xss-protection: 0
expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H2 200 idsync.d5cb6b96.js Show response
cdn.districtm.io/ids/ Frame 33D8 3 KB
2 KB 41ms
41ms Script
application/javascript 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js
Requested by: Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aebd50af0cd8da2f314a52e2088788775d1a441bd674ef9379578e7bc1b5ad50

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/ids/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 697118bcd171d3b8a0299bf4ce5a8604.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 73697
cf-polished: origSize=3302
x-cache: Hit from cloudfront
cf-bgj: minify
content-encoding: br
last-modified: Thu, 20 May 2021 02:18:27 GMT
server: cloudflare
etag: W/"74ede07ef946dc2316f86b2661cf2dd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
x-amz-cf-pop: JFK51-C1
cf-ray: 6d7dc8435a28e6f8-EWR
x-amz-cf-id: lwQ1lEw9tGsIlt1UY6HrsjBk2yAp9q3IbjALvHkHmH0V-8_svMWTYw==
expires: Sat, 05 Feb 2022 18:39:29 GMT

GET
H2 200 / Show response
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/api-root/media/videos/playlists/PLUgqTrlOvAcqbOWvfhmLwV1Yt80fKjtww/player/json/ 8 KB
2 KB 15ms
15ms Fetch
application/json 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/api-root/media/videos/playlists/PLUgqTrlOvAcqbOWvfhmLwV1Yt80fKjtww/player/json/

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/5bb5d2f828b2dbccd0af1.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

af292e1466b0f8d0784fbda9e2be89d26c77262d4eaa7a929ea23390ccd75a0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
vary: Accept-Encoding, Accept, Cookie, Origin
x-frame-options: SAMEORIGIN
x-pmd-backend: cheetah-nginx
allow: GET, HEAD, OPTIONS
content-type: application/json
cache-control: max-age=900
strict-transport-security: max-age=15724800; includeSubDomains
expires: Thu, 03 Feb 2022 18:53:26 GMT

GET
H2 200 proxy.3d2100fd7107262ecb55ce6847f01fa5.html Show response
cdn.krxd.net/partnerjs/xdi/ Frame 41DC 805 B
827 B 11ms
10ms Document
text/html 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

last-modified: Tue, 21 Feb 2017 17:50:54 GMT
etag: "3d2100fd7107262ecb55ce6847f01fa5"
cache-control: public, max-age=315360000
expires: Fri, 19 Feb 2027 17:50:50 GMT
content-type: text/html
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
content-encoding: gzip
accept-ranges: bytes
date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 varnish
age: 20764090
x-served-by: cache-yul12831-YUL
x-cache: HIT
x-cache-hits: 2979096
x-timer: S1643913570.839250,VS0,VE0
vary: Accept-Encoding
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 525

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 403ms
355ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

788d8f059102a07fd4202528e8debfab55072c0123aa1bae786dcc97b0f12aa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14855
x-xss-protection: 0
server: cafe
etag: 18191735146963884293
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 03 Feb 2022 18:39:30 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 84ms
22ms Script
application/x-javascript 2600:1400:9000::687e:74bb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::687e:74bb New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 03 Feb 2022 18:39:29 GMT
Content-Encoding: gzip
Last-Modified: Wed, 29 Sep 2021 19:17:49 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=70137
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2036

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 108ms
36ms Script
application/x-javascript 2a03:2880:f03a:1c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f03a:1c:face:b00c:0:3 Minneapolis, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: BCa3/nAJZMoXPtFgMTPzdsfxFnN0YkOP0Pyfk2krBxsZFmxK2WbtMM2yLcOEZAzbDMi2mrnZZA93HkLjl4bdzQ==
x-fb-trip-id: 1425083115
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 03 Feb 2022 18:39:29 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 84ms
18ms Script
application/javascript 199.232.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.36.157 New York, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
last-modified: Thu, 16 Sep 2021 23:12:14 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kiad7000175-IAD, cache-lga21974-LGA

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=10276888&ns__t=1643913569857&ns_c=UTF-8&c8=Home%20%7C%20Ontario%20Farmer&c7=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&c9=
https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1643913569857&ns_c=UTF-8&c8=Home%20%7C%20Ontario%20Farmer&c7=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&c9=

0
223 B

29ms
28ms

Image
text/plain

52.85.61.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1643913569857&ns_c=UTF-8&c8=Home%20%7C%20Ontario%20Farmer&c7=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&c9=
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 52.85.61.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-100.ewr53.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: bCvKq5xAgIwiSFaeilaxtPYEL-9hs1TkJ63dnKogqzS-X2EFNM3C4w==
x-cache: Miss from cloudfront

Redirect headers

date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1643913569857&ns_c=UTF-8&c8=Home%20%7C%20Ontario%20Farmer&c7=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&c9=
content-length: 214
x-amz-cf-id: J6-B0oirFne3FxcEnUty7vYPQDhxz3FOxyXAktxF2szdS_WvHdLZ3Q==

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 78ms
24ms Preflight
text/plain 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-type: text/plain
content-length: 18
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
allow: HEAD,GET,OPTIONS

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 256 B
475 B 29ms
28ms Fetch
application/json 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by: Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: dcbea8a07a327fa7d86348a59bd3221e4defa0e0825c5bb05c9c93067f7a0f62

Request headers

x-lib-version: v1.0.1
Accept-Language: en-CA,en;q=0.9
authorization: Bearer b9d3df2fccd108b5eff3c44f573b2cd6
content-type: application/json
accept: application/json
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
x-referring-url: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 174
allowedmethods: GET,OPTIONS
expires: -1

GET
H2 200 42fb57ac-2013-45a6-8dad-332d53e17c1b Show response
consumer.krxd.net/consent/get/ 239 B
432 B 64ms
18ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 8ddf9e8fa96d1bbbeaf292ca94fc082dde61e4a6be90c87f8b2609fd88edbd4d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 varnish
age: 1077
x-served-by: consumer-a014-ash-prod.krxd.net, cache-yul12822-YUL
vary: Accept-Encoding
x-cache: MISS, HIT
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1643913570.026395,VS0,VE0
content-length: 193
x-cache-hits: 0, 1

OPTIONS
H2 204 identify
identity.mparticle.com/v1/ Frame 0
0 11ms
10ms Preflight 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-mp-key
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: Kestrel
access-control-allow-headers: content-type,x-mp-key
access-control-allow-methods: POST
access-control-allow-origin: *
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
accept-ranges: bytes
date: Thu, 03 Feb 2022 18:39:29 GMT
via: 1.1 varnish
age: 1175
x-served-by: cache-yul12826-YUL
x-cache: HIT
x-cache-hits: 965
x-timer: S1643913570.982465,VS0,VE0
strict-transport-security: max-age=900

POST
H2 200 identify Show response
identity.mparticle.com/v1/ 175 B
253 B 53ms
52ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Requested by

Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-a9588c0ddc27594cabd152e47ffe27ee/mparticle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

6590b84c9dbfba3a76bf7e4a69031f151271bad37a2c32bc24b766de799b22df

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

x-mp-key: us1-a9588c0ddc27594cabd152e47ffe27ee
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1643913570.993159,VS0,VE41
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by: cache-yul12826-YUL
vary: Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=900
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 buyers Show response
dmx.districtm.io/s/v1/ Frame 33D8 405 B
689 B 61ms
60ms XHR
application/json 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/v1/buyers

Requested by

Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1add651533632e1df172984928eaa70fffe35b711e79ad8088727c97736b788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: DELETE, GET, OPTIONS, POST
content-type: application/json
access-control-allow-origin: https://cdn.districtm.io
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6d7dc844ecf5e6f8-EWR
access-control-allow-headers: Origin, Content-Type

GET
H2 200 mqdefault.webp
i.ytimg.com/vi_webp/GSTTZ7mtwKc/ 12 KB
12 KB 73ms
21ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/GSTTZ7mtwKc/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2f4ff612aae54db25ceb56885665ad9c8bfac2cad5f30c1b582febc1fe10789

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:26:11 GMT
x-content-type-options: nosniff
age: 799
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12166
x-xss-protection: 0
server: sffe
etag: "1643136245"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:26:11 GMT

GET
H2 200 mqdefault.webp
i.ytimg.com/vi_webp/lkhYkiqApyI/ 9 KB
9 KB 76ms
25ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/lkhYkiqApyI/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f40c33990c532ef379fe609b48dfca08d5fbcb6139e312a8e829466d7d09f34e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:33:48 GMT
x-content-type-options: nosniff
age: 342
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9018
x-xss-protection: 0
server: sffe
etag: "1642437482"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:33:48 GMT

GET
H2 200 mqdefault.webp
i.ytimg.com/vi_webp/LefQlPR5tiU/ 8 KB
8 KB 87ms
36ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/LefQlPR5tiU/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97ebbb14c84d4682c8097790b33367c3a0614d1775bc8eb76b194e8c94262b3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:25:43 GMT
x-content-type-options: nosniff
age: 827
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8064
x-xss-protection: 0
server: sffe
etag: "1641504165"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:25:43 GMT

GET
H2 200 mqdefault.webp
i.ytimg.com/vi_webp/iYlGGPcBNLM/ 11 KB
11 KB 92ms
41ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/iYlGGPcBNLM/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ca367a40b39037858a2dbfc221129b3f620a7a35731880c725369a9671863d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:23:19 GMT
x-content-type-options: nosniff
age: 971
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10790
x-xss-protection: 0
server: sffe
etag: "1641831118"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:23:19 GMT

GET
H2 200 mqdefault.webp
i.ytimg.com/vi_webp/e3Q4fByDnWY/ 8 KB
8 KB 96ms
46ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/e3Q4fByDnWY/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82b89ed3521ceae654e81e6b5d453c0c73abf4fce788f7f55dc92cc1b0b39551

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:33:56 GMT
x-content-type-options: nosniff
age: 334
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7728
x-xss-protection: 0
server: sffe
etag: "1641403360"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:33:56 GMT

GET
H2 200 mqdefault.webp
i.ytimg.com/vi_webp/FELEXBxSqOc/ 10 KB
10 KB 99ms
49ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/FELEXBxSqOc/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a43daa7f7b51b472b7b657134f86414bfbde762ce8828a9a66f57a0c22db4152

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:30:21 GMT
x-content-type-options: nosniff
age: 549
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10186
x-xss-protection: 0
server: sffe
etag: "1640094503"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:30:21 GMT

GET
H3 200 mqdefault.webp
i.ytimg.com/vi_webp/HiIgtQALCkI/ 11 KB
11 KB 51ms
22ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/HiIgtQALCkI/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

740a9e7b3db299d6c5d2013418c00c437d768f4097e5d74f6c58db38cc431e28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:33:49 GMT
x-content-type-options: nosniff
age: 341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11584
x-xss-protection: 0
server: sffe
etag: "1640297242"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:33:49 GMT

GET
H3 200 mqdefault.webp
i.ytimg.com/vi_webp/U04Sbe64a2Y/ 9 KB
9 KB 68ms
38ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/U04Sbe64a2Y/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc3cc0865aad29753640bd3cfee8f49521946b2c5867aea60616ea09b15f599e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:11:14 GMT
x-content-type-options: nosniff
age: 1696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9690
x-xss-protection: 0
server: sffe
etag: "1640091167"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:11:14 GMT

GET
H3 200 mqdefault.webp
i.ytimg.com/vi_webp/QkT6LepK8mg/ 11 KB
11 KB 72ms
43ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/QkT6LepK8mg/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c7065338651c8d13e687d70c3ef6554dffb26d6e534eaad58e090481d30e5d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:27:23 GMT
x-content-type-options: nosniff
age: 727
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11586
x-xss-protection: 0
server: sffe
etag: "1639694362"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:27:23 GMT

GET
H3 200 mqdefault.webp
i.ytimg.com/vi_webp/6kfv6OjkAPo/ 10 KB
10 KB 57ms
28ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/6kfv6OjkAPo/mqdefault.webp

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

348180de8ed0528db1aee2b84174dcbe296baf2df1048a6f8d405181f4c3861d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:28:20 GMT
x-content-type-options: nosniff
age: 670
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10702
x-xss-protection: 0
server: sffe
etag: "1643415215"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:28:20 GMT

GET
H2 200 icon-yt-play.svg
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common-icon/ 441 B
597 B 12ms
11ms Image
image/svg+xml 34.95.11.30
GOOGLE-PRIVATE-CLOUD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/images/common-icon/icon-yt-play.svg?2f559573cb93

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

34.95.11.30 Montreal, Canada, ASN396982 (GOOGLE-PRIVATE-CLOUD, US),

Reverse DNS

30.11.95.34.bc.googleusercontent.com

Software

Resource Hash

fd583bd394cf970e462e11c2855609a468859ce761c8c3b6bc93dc90e93923cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: public
date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
last-modified: Thu, 03 Feb 2022 18:24:24 GMT
etag: W/"61fc1dd8-1b9"
x-pmd-backend: cheetah-nginx
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31104000, public
strict-transport-security: max-age=15724800; includeSubDomains
expires: Sun, 29 Jan 2023 18:39:30 GMT

GET
H/1.1

200
OK

iu3 Show response
s.amazon-adsystem.com/ Frame C816
Redirect Chain

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&dcc=t

275 B
1 KB

52ms
52ms

Document
text/html

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&dcc=t

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

5bfee1a430ede5828fcb00547e58f4121e6758b35517b4ee1b5387067a2e65e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

Server: Server
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 275
Connection: keep-alive
x-amz-rid: 48C091W80JJ4WR33CA6D
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: Server
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Length: 0
Connection: keep-alive
x-amz-rid: NMTT28H9KD0JDEJ6508Y
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&dcc=t
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2 200 integrator.js Show response
adservice.google.ca/adsid/ 107 B
792 B 136ms
37ms Script
application/javascript 2607:f8b0:4006:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ca/adsid/integrator.js?domain=gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 139ms
41ms Script
application/javascript 2607:f8b0:4006:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
2 KB 134ms
45ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/9.5.0/websites/js/64663c570873eaf2010613.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7baa57ed1f3c6946b39dd8339b79b28f37b605603eb990d615b2804d16f091e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"ATmXEA_XZXH6CdbrmjUzyTbVgxu22C8KYH7NsxKbRt94","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_XZXH6CdbrmjUzyTbVgxu22C8KYH7NsxKbRt94"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_XZXH6CdbrmjUzyTbVgxu22C8KYH7NsxKbRt94"
expires: Thu, 03 Feb 2022 18:39:30 GMT

GET
H2 200 uthtxmddg.js Show response
cdn.krxd.net/controltag/ Frame 41DC 29 KB
7 KB 12ms
11ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/uthtxmddg.js
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 76a237b880fbfc8ac655e91dcf5c9af3b44ccc506c69328409b4047d72519eea

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 varnish, 1.1 varnish
age: 876
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 6471
x-served-by: config-service-a005-ash-prod.krxd.net, cache-iad-kcgs7200137-IAD, cache-yul12831-YUL
x-response-time: 0
x-do-esi: esi
x-timer: S1643913570.153304,VS0,VE0
etag: "8d8408c6b02eb41f93710c678ece74490c4f6485"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 121

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1747836%26time%3D1643913570148%26url%3Dhttps%253A%252F%252Fgcp-cheet-4632-ontario...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&cookiesTest=true&liSync=true
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1747836&time=1643913570148&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&cookiesTest=true&liSync=true&e_ipv6=AQIMPwVLy...
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6ec484a4-de35-48f1-9bdf-9ce3d94e1a73
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6ec484a4-de35-48f1-9bdf-9ce3d94e1a73&_expected_cookie=c2033ce5991c705ea3f3291e...

43 B
142 B

52ms
51ms

Image
image/gif

104.18.98.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6ec484a4-de35-48f1-9bdf-9ce3d94e1a73&_expected_cookie=c2033ce5991c705ea3f3291e722f7f64
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 104.18.98.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6d7dc84bfe2ff991-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=6ec484a4-de35-48f1-9bdf-9ce3d94e1a73&_expected_cookie=c2033ce5991c705ea3f3291e722f7f64
date: Thu, 03 Feb 2022 18:39:31 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 6d7dc84b1d0df991-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H3 200 1685973801652415 Show response
connect.facebook.net/signals/config/ 308 KB
88 KB 78ms
39ms Script
application/x-javascript 2a03:2880:f03a:1c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1685973801652415?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f03a:1c:face:b00c:0:3 Minneapolis, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

728963de62d8aa3c97c44cecd4c4cc716a5104e698562b3ee4a596087724c060

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 90000
x-xss-protection: 0
pragma: public
x-fb-debug: ZlvoODIHHkir88bXXtwNfFhXHbo0++T9Ese6wJ0Vl/GimAVxiXQI21U9stUDXpYDQWLpjCdhYQ8pwDj/rLY84w==
x-frame-options: DENY
date: Thu, 03 Feb 2022 18:39:30 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

xUEIGQJkcDf2qE0ogw9C Show response
dmx.districtm.io/s/10027/ Frame 33D8
Redirect Chain

https://us.creativecdn.com/cm-notify?pi=districtm
https://us.creativecdn.com/cm-notify?pi=districtm&tc=1
https://dmx.districtm.io/s/10027/xUEIGQJkcDf2qE0ogw9C?pi=districtm&tc=1

76 B
132 B

64ms
63ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10027/xUEIGQJkcDf2qE0ogw9C?pi=districtm&tc=1

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33c7fad22eb2a4a9f47410052ddb22d4406cb030b00853e46fe8a1852e3b5e2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Thu, 03 Feb 2022 18:39:30 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6d7dc8466f26e6f8-EWR

Redirect headers

location: https://dmx.districtm.io/s/10027/xUEIGQJkcDf2qE0ogw9C?pi=districtm&tc=1
pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT, Thu, 03 Feb 2022 18:39:30 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

535ebeb1-027e-4430-8e62-97a04a64c695 Show response
dmx.districtm.io/s/10059/ Frame 33D8
Redirect Chain

https://match.sharethrough.com/1PQ8qgv7/v1/
https://dmx.districtm.io/s/10059/535ebeb1-027e-4430-8e62-97a04a64c695

92 B
140 B

69ms
68ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10059/535ebeb1-027e-4430-8e62-97a04a64c695

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

473a882fe873abbe0425cd52ded4b389a3153e121cc5b39c1dc14e9596a5edad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Thu, 03 Feb 2022 18:39:30 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6d7dc8466f23e6f8-EWR

Redirect headers

location: https://dmx.districtm.io/s/10059/535ebeb1-027e-4430-8e62-97a04a64c695
date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 0

GET
H2

200

968062827439473446 Show response
dmx.districtm.io/s/10056/ Frame 33D8
Redirect Chain

https://p.rfihub.com/cm?pub=36496&in=1
https://dmx.districtm.io/s/10056/968062827439473446

74 B
164 B

77ms
74ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10056/968062827439473446

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c7929483b2a6f636559247768b455c4556fda7e90825ff99da20540673e0228

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Thu, 03 Feb 2022 18:39:30 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6d7dc8465f12e6f8-EWR

Redirect headers

Location: https://dmx.districtm.io/s/10056/968062827439473446
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

y-UlKUSNVE2uFN15s5SGvWYh3C27H4xITiNodc44I-~A Show response
dmx.districtm.io/s/10057/ Frame 33D8
Redirect Chain

https://ups.analytics.yahoo.com/ups/58377/occ?gdpr=&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58377/occ?gdpr=&gdpr_consent=&verify=true
https://dmx.districtm.io/s/10057/y-UlKUSNVE2uFN15s5SGvWYh3C27H4xITiNodc44I-~A

100 B
154 B

67ms
66ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10057/y-UlKUSNVE2uFN15s5SGvWYh3C27H4xITiNodc44I-~A

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

740d6650b6c1542e1cbf0824a10fa78571dc070185c080d6aaeab048900fb4cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Thu, 03 Feb 2022 18:39:30 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6d7dc8466f29e6f8-EWR

Redirect headers

location: https://dmx.districtm.io/s/10057/y-UlKUSNVE2uFN15s5SGvWYh3C27H4xITiNodc44I-~A
date: Thu, 03 Feb 2022 18:39:30 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

AACLsU7D-EMAAHY9n1tp7Q Show response
dmx.districtm.io/s/10025/ Frame 33D8
Redirect Chain

https://match.prod.bidr.io/cookie-sync/districtm
https://match.prod.bidr.io/cookie-sync/districtm?_bee_ppp=1
https://dmx.districtm.io/s/10025/AACLsU7D-EMAAHY9n1tp7Q

78 B
138 B

64ms
64ms

Script
application/javascript

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/10025/AACLsU7D-EMAAHY9n1tp7Q

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aff5a2888286377101d3810961faad47bb503044e86361bb29c9d23b6b835912

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
date: Thu, 03 Feb 2022 18:39:30 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cf-ray: 6d7dc846f806e6f8-EWR

Redirect headers

location: https://dmx.districtm.io/s/10025/AACLsU7D-EMAAHY9n1tp7Q
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 547 KB
38 KB 839ms
838ms XHR
text/plain 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=43440081178926&correlator=4185858168268442&output=ldjh&impl=fifs&vrg=2022013101&ptt=17&sc=1&sfv=1-0-38&ecs=20220203&iu_parts=3081%2CSMCO_ENCO_MAGOnFarmer_EN_WEB%2Cindex&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C6x6%7C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C7x7%7C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250&ppid=00000000ppidp6036343839195220452&prev_scp=loc%3D1%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f994-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%7Cloc%3D2%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f995-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%7Cloc%3D1%26amznbid%3D2%26amznp%3D2%26id%3D9f19f996-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D3%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f997-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%7Cloc%3D2%26amznbid%3D2%26amznp%3D2%26id%3D9f19f998-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D4%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f999-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%7Cloc%3D3%26amznbid%3D2%26amznp%3D2%26id%3D9f19f99a-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D5%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f99b-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%2C80%26pub%3D40%7Cloc%3D4%26amznbid%3D2%26amznp%3D2%26id%3D9f19f99c-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D6%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f99d-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%7Cloc%3D5%26amznbid%3D2%26amznp%3D2%26id%3D9f19f99e-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D7%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f99f-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%7Cloc%3D6%26amznbid%3D2%26amznp%3D2%26id%3D9f19f9a0-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D8%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f9a1-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%7Cloc%3D7%26amznbid%3D2%26amznp%3D2%26id%3D9f19f9a2-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D9%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f9a3-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40%7Cloc%3D8%26amznbid%3D2%26amznp%3D2%26id%3D9f19f9a4-8520-11ec-b043-0e2c9bbbd875%7Cloc%3D10%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D9f19f9a5-8520-11ec-b043-0e2c9bbbd875%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26pub%3D40&eri=1&cust_params=no_pol%3Dtrue%26page%3Dindex%26pr%3Donf%26sensitive%3Dn%26negative%3Dn%26ck%3Dindex%26imp%3Dindex%26kuid%3D%26amznbid%3D0%26amznp%3D0%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3D&cookie_enabled=1&bc=31&abxe=1&dt=1643913570188&lmt=1643913570&dlt=1643913569146&idt=545&frm=20&biw=1600&bih=1200&oid=2&adxs=200%2C797%2C765%2C797%2C765%2C200%2C765%2C200%2C765%2C200%2C765%2C200%2C765%2C200%2C765%2C200%2C765%2C200&adys=233%2C1307%2C1848%2C2588%2C3414%2C3214%2C3755%2C3555%2C4096%2C3896%2C4437%2C4237%2C4778%2C4578%2C5119%2C4919%2C5460%2C5260&adks=625928897%2C1960150758%2C1840685615%2C346298458%2C1840685612%2C625928910%2C1840685613%2C625928909%2C1840685586%2C625928908%2C1840685587%2C625928907%2C1840685584%2C625928906%2C1840685585%2C625928905%2C1840685590%2C2524969409&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb%7Cc%7Cd%7Ce%7Cf%7Cg%7Ch%7Ci&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&vis=1&scr_x=0&scr_y=0&psz=1600x250%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250&msz=1600x250%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250%7C628x5%7C1600x250&ga_vid=59142966.1643913570&ga_sid=1643913570&ga_hid=501486960&ga_fc=false&fws=4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C628%2C1600%2C628%2C1600%2C628%2C1600%2C628%2C1600%2C628%2C1600%2C628%2C1600%2C628%2C1600%2C628%2C1600&btvi=0%7C1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7C10%7C11%7C12%7C13%7C14%7C15%7C16%7C17&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

0f9e987aa32b5f14ee8d1ad30f740d53f71be9750a3d9e071c15b27e60276cc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39237
x-xss-protection: 0
google-lineitem-id: 5680797321,5680797321,5900230719,5681750329,5900230719,5899069883,5900230719,5690567695,5900230719,5690567695,-2,5897428233,-2,5903785181,-2,5903785181,-2,5887549810
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138347717528,138347717501,138379756357,138348154321,138379291044,138378978374,138379268081,138349693219,138379761163,138349689685,-2,138378998954,-2,138379847895,-2,138379847901,-2,138378363854
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
c5067f650385d0f70f33b1b0646d80cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DD1F 6 KB
4 KB 122ms
53ms Document
text/html 2607:f8b0:4006:823::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c5067f650385d0f70f33b1b0646d80cc.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 03 Feb 2022 18:39:30 GMT
expires: Fri, 03 Feb 2023 18:39:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
458 B 164ms
37ms Script
application/javascript 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o01de&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=327c92d4-cead-407e-a68d-fef6f8334b4e&tw_document_href=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 6
date: Thu, 03 Feb 2022 18:39:29 GMT
content-encoding: gzip
server: tsa_b
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: eff2d0302655f4e2d37d3487f00c05bd2544edd167e34b5eb8bf35085abae157
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
337 B 169ms
42ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o01de&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=327c92d4-cead-407e-a68d-fef6f8334b4e&tw_document_href=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-response-time: 6
date: Thu, 03 Feb 2022 18:39:29 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: b08270dccace22bdd43fbc67066b589155db49a3b3b12fd5ddbddacac5236d8c
content-length: 43

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ Frame 41DC 259 KB
83 KB 17ms
13ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/uthtxmddg.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
age: 16006880
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 8629292
content-length: 84509
x-served-by: cache-yul12831-YUL
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1643913570.261936,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H/1.1 200
OK pr Show response
s.amazon-adsystem.com/v3/ Frame 8B05 2 KB
3 KB 39ms
28ms Document
text/html 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&dcc=t

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

bed79e22634d48c6e53d084c7dc1ac8e7ed34377df61478f7020d89248124ea1

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&dcc=t

Response headers

Server: Server
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 2044
Connection: keep-alive
x-amz-rid: DDVA9HJ6KHEMPMKS8FED
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/990309138/ 2 KB
2 KB 117ms
36ms Script
text/javascript 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/990309138/?random=1643913570284&cv=9&fst=1643913570284&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

460e88a4766bbe07c7bbfb9a70cbc39d4fc1324d7c78ff192568e6b415c1cab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1042
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/580448699/ 2 KB
1 KB 107ms
36ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/580448699/?random=1643913570289&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&auid=885379829.1643913570&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

d9975ba9667076e9f446fed66c121e652c7203dc449b5ad3ca5efb6578195c8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1231
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 www-widgetapi.js Show response
www.youtube.com/s/player/cdb8d439/www-widgetapi.vflset/ 146 KB
47 KB 62ms
32ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cdb8d439/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cca8cb38d69c0af42eb4fee218ac47b89e8977f3c862163f6814184be06c8dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 16:00:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95924
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48338
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 01:17:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Feb 2023 16:00:46 GMT

GET
H2 200 42fb57ac-2013-45a6-8dad-332d53e17c1b Show response
consumer.krxd.net/consent/get/ Frame 41DC 224 B
305 B 30ms
30ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e10c7c2a79f0ea6b115d5102e944ac00f310e6e46d60ddd868855fdf7cd959a7

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a006-ash-prod.krxd.net, cache-yul12822-YUL
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1643913570.380550,VS0,VE20
content-length: 187
x-cache-hits: 0, 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 115ms
35ms Image
image/gif 2a03:2880:f13a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1685973801652415&ev=PageView&dl=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&rl=&if=false&ts=1643913570427&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22514537319740368%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%22503487844400487%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%221042784969583558%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%22858678751523779%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[4]=%7B%22extractorID%22%3A%221127243281129742%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[5]=%7B%22extractorID%22%3A%22497819211464386%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1643913570425.840437524&it=1643913570163&coo=false&rqm=GET

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f13a:83:face:b00c:0:25de Minneapolis, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 03 Feb 2022 18:39:30 GMT

GET
H3 200 6kfv6OjkAPo Show response
www.youtube.com/embed/ Frame 83CC 74 KB
29 KB 159ms
158ms Document
text/html 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/www-widgetapi.vflset/www-widgetapi.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cd5569d623057358d654a947acd904f2533bc60992bd6a9b72da8387a1b56c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 03 Feb 2022 18:39:30 GMT
strict-transport-security: max-age=31536000
report-to: {"group":"ATmXEA_XZXH6CdbrmjUzyTbVgxu22C8KYH7NsxKbRt94","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_ATmXEA_XZXH6CdbrmjUzyTbVgxu22C8KYH7NsxKbRt94"}]}
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="ATmXEA_XZXH6CdbrmjUzyTbVgxu22C8KYH7NsxKbRt94"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: br
server: ESF
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

/
www.google.ca/pagead/1p-conversion/580448699/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u...
https://www.google.com/pagead/1p-conversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_a...
https://www.google.ca/pagead/1p-conversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw...

42 B
64 B

72ms
44ms

Image
image/gif

2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-conversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&auid=885379829.1643913570&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=YiH8YfGzF6-MoPMPlaqx4A8&cid=CAQSKQCNIrLMd8X-udJDuH5y0Dkf2MihgQE9VqNl6cc6XOdTg8GayMUO75FP&eitems=ChEIgJfujwYQxs6LyfLeqZCkARIdACVFf62Ij9ZR1u2U7Dm7HHFvYGWH_Pv0g9lUBXg&random=1807456467&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Server

2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.ca/pagead/1p-conversion/580448699/?random=773430895&cv=9&fst=1643913570289&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&auid=885379829.1643913570&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=YiH8YfGzF6-MoPMPlaqx4A8&cid=CAQSKQCNIrLMd8X-udJDuH5y0Dkf2MihgQE9VqNl6cc6XOdTg8GayMUO75FP&eitems=ChEIgJfujwYQxs6LyfLeqZCkARIdACVFf62Ij9ZR1u2U7Dm7HHFvYGWH_Pv0g9lUBXg&random=1807456467&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
match.sharethrough.com/jwumXNuB/v1/ Frame 7D0A 427 B
528 B 25ms
24ms Document
text/html 52.44.19.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.44.19.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-19-43.compute-1.amazonaws.com
Software: /
Resource Hash: 4f4bdf7aa613f511c93f9b188225a3524b04072394730c9c5e577bebdba2981e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 427

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 751F 15 KB
6 KB 104ms
33ms Document
text/html 23.221.203.12
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.221.203.12 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-203-12.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

server: Apache/2.2.15 (CentOS)
etag: "1300708-3de4-5d6ef246ef4cf"
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5549
content-type: text/html; charset=UTF-8
cache-control: max-age=112488
expires: Sat, 05 Feb 2022 01:54:18 GMT
date: Thu, 03 Feb 2022 18:39:30 GMT
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C0C2 281 B
554 B 101ms
32ms Document
text/html 23.50.66.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.66.244 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-50-66-244.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 03 Feb 2022 18:39:30 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3

200

cm Show response
u.openx.net/w/1.0/ Frame 2615
Redirect Chain

https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX...

722 B
476 B

42ms
28ms

Document
text/html

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: ace66f2f5329389d486ce5840303022ad069e1334c9ed0337ca5ae818e54abec

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

vary: Accept, Accept-Encoding
server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
date: Thu, 03 Feb 2022 18:39:30 GMT
content-type: text/html
content-length: 457
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Redirect headers

server: OXGW/17.1.0
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame A8F4
Redirect Chain

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=districtm
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Ddistrictm
https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=districtm

43 B
556 B

56ms
29ms

Document
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=districtm

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Server
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 04ARZ1H6EM4CF03FEF4M
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: nginx/1.17.9
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=districtm
AN-X-Request-Uuid: 4c4173c9-ff1c-4459-8496-f5148caa6f1b
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame B6F1
Redirect Chain

https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID%26ex%3Dappnexus.com
https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=appnexus.com

43 B
556 B

29ms
29ms

Document
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=appnexus.com

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Server
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: V06TS46NGRZGX1SM52YR
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

Server: nginx/1.17.9
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://s.amazon-adsystem.com/ecm3?id=2397535159472849228&ex=appnexus.com
AN-X-Request-Uuid: 874770de-623e-4015-87bd-972e99f8d4f8
X-Proxy-Origin: 149.56.153.187; 149.56.153.187; 570.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com

GET
H/1.1

200
OK

amazon Show response
ap.lijit.com/beacon/ Frame C460
Redirect Chain

https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1

1 KB
1 KB

23ms
23ms

Document
text/html

63.251.86.49
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.86.49 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 76e60aca1dbbfbd15f47eddbf9724cffb0b6984b503c7bfdd5b8b3505ba6f579

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: nginx
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap1dca1

Redirect headers

Server: nginx
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap1dca1

GET
H2

200

index.html Show response
cdn.districtm.io/ids/ Frame B734
Redirect Chain

https://cdn.districtm.io/ids/?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D
https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D

116 B
313 B

64ms
63ms

Document
text/html

104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D
Requested by: Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-type: text/html
cf-ray: 6d7dc847b8dce6f8-EWR
age: 51215
last-modified: Thu, 20 May 2021 02:18:27 GMT
via: 1.1 0a84c1b70b100e694edd23e638bf7fa8.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-cf-id: u29f9gB6_ZRe1RdnndIQmDuCf7jZdFx9kEGOPSbf09LPp4vxntcb1w==
x-amz-cf-pop: EWR53-C2
x-cache: Hit from cloudfront
vary: Accept-Encoding
server: cloudflare
content-encoding: br

Redirect headers

date: Thu, 03 Feb 2022 18:39:30 GMT
location: https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D
cf-ray: 6d7dc8478892e6f8-EWR
cache-control: max-age=3600
expires: Thu, 03 Feb 2022 19:39:30 GMT
vary: Accept-Encoding
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare

GET
H/1.1

200
OK

ecm3 Show response
s.amazon-adsystem.com/ Frame A32F
Redirect Chain

https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=585957761931012015200

43 B
556 B

55ms
30ms

Document
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=585957761931012015200

Requested by

Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_dm_an-db5_sovrn_dmx_3lift&fv=1.0&a=cm&cm3ppd=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Server: Server
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: 4AZ3NXYK0SHPGCTF0YPX
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

Redirect headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 0
location: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=585957761931012015200
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
www.google.com/pagead/1p-user-list/990309138/ 42 B
548 B 93ms
37ms Image
image/gif 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/990309138/?random=1643913570284&cv=9&fst=1643911200000&num=1&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&async=1&fmt=3&is_vtc=1&random=3069879832&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/990309138/ 42 B
548 B 95ms
38ms Image
image/gif 2607:f8b0:4006:81e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/990309138/?random=1643913570284&cv=9&fst=1643911200000&num=1&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg220&sendb=1&frm=0&url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&tiba=Home%20%7C%20Ontario%20Farmer&async=1&fmt=3&is_vtc=1&random=3069879832&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 users Show response
dmx.districtm.io/s/v1/ Frame 33D8 0
567 B 55ms
55ms XHR
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/v1/users

Requested by

Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://cdn.districtm.io/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: DELETE, GET, OPTIONS, POST
access-control-allow-origin: https://cdn.districtm.io
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6d7dc84829b4e6f8-EWR
access-control-allow-headers: Origin, Content-Type

OPTIONS
H2 204 users
dmx.districtm.io/s/v1/ Frame 0
0 108ms
59ms Preflight 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/s/v1/users

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://cdn.districtm.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cf-ray: 6d7dc847ce82f039-EWR
access-control-allow-origin: https://cdn.districtm.io
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type
access-control-allow-methods: DELETE, GET, OPTIONS, POST
access-control-max-age: 14400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=google
https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=T3BCSDluakE
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEGLIkawqix6wVhPPthVcAPc&google_cver=1

0
337 B

23ms
23ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEGLIkawqix6wVhPPthVcAPc&google_cver=1
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=23 t=1643913570
x-served-by: beacon-n035-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEGLIkawqix6wVhPPthVcAPc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=T3BCSDluakE
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEMvbzyqbXGfk_RrEFMBb8A4&google_cver=1

0
338 B

72ms
23ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEMvbzyqbXGfk_RrEFMBb8A4&google_cver=1
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=20 t=1643913570
x-served-by: beacon-n013-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://beacon.krxd.net/usermatch.gif?google_gid=CAESEMvbzyqbXGfk_RrEFMBb8A4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 379708.gif
idsync.rlcdn.com/ Frame 41DC 42 B
340 B 66ms
42ms Image
image/gif 35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/379708.gif?partner_uid=OpBH9njA
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://stags.bluekai.com/site/26357?id=OpBH9njA&redir=https://beacon.krxd.net/usermatch.gif?_kuid%3DOpBH9njA%26partner%3Dbluekai%26bk_uuid%3D%24_BK_UUID
https://beacon.krxd.net/usermatch.gif?_kuid=OpBH9njA&partner=bluekai&bk_uuid=$_BK_UUID

0
337 B

23ms
22ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?_kuid=OpBH9njA&partner=bluekai&bk_uuid=$_BK_UUID
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=32 t=1643913571
x-served-by: beacon-n020-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location: https://beacon.krxd.net/usermatch.gif?_kuid=OpBH9njA&partner=bluekai&bk_uuid=$_BK_UUID
Date: Thu, 03 Feb 2022 18:39:30 GMT
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 p
sb.scorecardresearch.com/ Frame 41DC 64 B
441 B 27ms
27ms Image
image/gif 52.85.61.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p?c1=9&c2=8188709&cs_xi=OpBH9njA&rn=1643913570
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-100.ewr53.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: Q-Yr3eje2APjy9i99cStc_uIbWXvjsGwVNvWJtvaBOkyDrwsHfCZlg==

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/NC4WTmcy?redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner_id%3Dcb276571-e0d9-4438-9fd4-80a1ff034b01%26puid%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/NC4WTmcy?redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner_id%3Dcb276571-e0d9-4438-9fd4-80a1ff034b01%26puid%3D%24%7BTM_USER_ID%7D&_test=YfwhZg...
https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YfwhZgADgOhpgABH&_test=YfwhZgADgOhpgABH

0
337 B

23ms
22ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YfwhZgADgOhpgABH&_test=YfwhZgADgOhpgABH
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:34 GMT
cache-control: private, no-cache, no-store
x-request-time: D=37 t=1643913574
x-served-by: beacon-n005-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:34 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1643913574.454356,VS0,VE0
x-served-by: cache-yul12831-YUL
x-cache: HIT
location: https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YfwhZgADgOhpgABH&_test=YfwhZgADgOhpgABH
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=beeswax
https://match.prod.bidr.io/cookie-sync/krux?partner_user_id=OpBH9njA
https://beacon.krxd.net/usermatch.gif?partner=beeswax&partner_uid=AACLsU7D-EMAAHY9n1tp7Q

0
337 B

23ms
23ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=beeswax&partner_uid=AACLsU7D-EMAAHY9n1tp7Q
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=21 t=1643913570
x-served-by: beacon-n001-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=beeswax&partner_uid=AACLsU7D-EMAAHY9n1tp7Q
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=mediamath
https://sync.mathtag.com/sync/img?mt_exid=10031&mt_exuid=OpBH9njA&redirect=https://beacon.krxd.net/usermatch.gif?partner%3Dmediamath%26partner_id%3D%5BMM_UUID%5D
https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=8f1e61fc-2162-4900-902b-e4ff76eedd0a

0
337 B

24ms
24ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=8f1e61fc-2162-4900-902b-e4ff76eedd0a
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=84 t=1643913570
x-served-by: beacon-n031-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: MT3 4133 baa842e master iad-pixel-x20 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=8f1e61fc-2162-4900-902b-e4ff76eedd0a
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H/1.1 200
OK tag.aspx Show response
ml314.com/ Frame 41DC 27 KB
12 KB 136ms
45ms Script
application/javascript 34.235.23.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?312022
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.23.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-23-231.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 300b9ba11e041384aafe746b81adbac891f04890e6d71728d572df9073610076

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=86400
transfer-encoding: chunked
Connection: keep-alive

GET
H2

200

g.js
aa.agkn.com/adscores/ Frame 41DC
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=neustar
https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=OpBH9njA

43 B
653 B

137ms
98ms

Image
image/gif

143.204.150.85
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=OpBH9njA
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 143.204.150.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-150-85.ewr52.r.cloudfront.net
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 5dd7b838ea405f86fdd3f313ecc68490.cloudfront.net (CloudFront)
server: AAWebServer
x-amz-cf-pop: EWR52-C2
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
x-amz-cf-id: p91aFDusTh9AMioEo2p20PTWOcCUMch9lq5Shfij2nYc9vjY5i_UYA==
expires: 0

Redirect headers

location: https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=OpBH9njA
date: Thu, 03 Feb 2022 18:39:30 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a009-ash-prod.krxd.net

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=183716&cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__&s=183716&C=1
https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YfwhYsZ.lA1IpbnkvjRaogAA%26516

0
337 B

23ms
23ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YfwhYsZ.lA1IpbnkvjRaogAA%26516
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=30 t=1643913570
x-served-by: beacon-n027-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YfwhYsZ.lA1IpbnkvjRaogAA%26516
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 283
Expires: Thu, 03 Feb 2022 18:39:30 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=salesforce
https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=bz1Rw1AES0NhINsFrEoVupU4mbs

0
337 B

23ms
23ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=bz1Rw1AES0NhINsFrEoVupU4mbs
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1643913570
x-served-by: beacon-n032-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location: https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=bz1Rw1AES0NhINsFrEoVupU4mbs
Date: Thu, 03 Feb 2022 18:39:30 GMT
Connection: keep-alive
Content-Length: 123
Content-Type: text/html; charset=utf-8

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=triplelift&gdpr=0&cmp_cs=&us_privacy=undefined
https://eb2.3lift.com/xuid?mid=3587&xuid=OpBH9njA&dongle=13b2&rdir=https://beacon.krxd.net/usermatch.gif?partner%3Dtriplelift%26partner_uid%3D$UID&gdpr=0&cmp_cs=&us_privacy=undefined
https://beacon.krxd.net/usermatch.gif?partner=triplelift&partner_uid=585957761931012015200

0
337 B

23ms
23ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=triplelift&partner_uid=585957761931012015200
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=24 t=1643913570
x-served-by: beacon-n006-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?partner=triplelift&partner_uid=585957761931012015200
date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 7D0A 43 B
556 B 33ms
31ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=535ebeb1-027e-4430-8e62-97a04a64c695

Requested by

Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: KDC70GJWG6MDVEYPQVYS
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 7D0A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=

68 B
262 B

25ms
25ms

Image
image/png

52.44.19.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 52.44.19.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-19-43.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 323

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 7D0A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
https://u.openx.net/w/1.0/cm?id=7ead435e-a2cd-4cbf-8876-adb66822613f&ph=c6b01e12-aa62-4ae6-9e10-71346e597c31&r=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DF2Stothm3wg5g6opTuaPadz...
https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=9397f8bc-a2c5-0b33-1153-a55b87545649

68 B
262 B

24ms
24ms

Image
image/png

52.44.19.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=9397f8bc-a2c5-0b33-1153-a55b87545649
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 52.44.19.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-19-43.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 68
content-type: image/png

Redirect headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
server: OXGW/17.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=9397f8bc-a2c5-0b33-1153-a55b87545649
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 7D0A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=sharethrough&ttd_tpi=1
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=

68 B
262 B

24ms
24ms

Image
image/png

52.44.19.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 52.44.19.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-19-43.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 323

GET
H2

200

v1
match.sharethrough.com/sync/ Frame 7D0A
Redirect Chain

https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
https://ssum.casalemedia.com/usermatchredir?s=186046&cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__&s=186046&C=1
https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=YfwhYlBla4vvqMN87eREJQAA%26513

68 B
262 B

24ms
24ms

Image
image/png

52.44.19.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=YfwhYlBla4vvqMN87eREJQAA%26513
Requested by: Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol: H2
Server: 52.44.19.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-19-43.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://match.sharethrough.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 68
content-type: image/png

Redirect headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=YfwhYlBla4vvqMN87eREJQAA%26513
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 307
Expires: Thu, 03 Feb 2022 18:39:30 GMT

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame 2615 43 B
556 B 30ms
30ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=052271fc-0c2b-8d24-94f6-0186e5ac3fc1

Requested by

Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: MCV8D5BBAFRTMG97ABPE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 2615
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YfwhZgADgQ1y8ABH
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YfwhZgADgQ1y8ABH&_test=YfwhZgADgQ1y8ABH

43 B
61 B

28ms
28ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YfwhZgADgQ1y8ABH&_test=YfwhZgADgQ1y8ABH
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:34 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:34 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1643913575.586241,VS0,VE0
x-served-by: cache-yul12831-YUL
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=YfwhZgADgQ1y8ABH&_test=YfwhZgADgQ1y8ABH
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 c9336bc5-802d-a497-652f-95e472c83968
pr-bh.ybp.yahoo.com/sync/openx/ Frame 2615 43 B
986 B 82ms
28ms Image
image/gif 2600:1f18:4e9:5a02:5944:263c:7447:bef1
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/openx/c9336bc5-802d-a497-652f-95e472c83968?gdpr=0

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4e9:5a02:5944:263c:7447:bef1 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 2615
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=5df40d81-1081-36de-54f8-83118d9ff421&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537072971&val=d534b263-5dde-4c14-ba5a-876c938f2180&ttd_puid=5df40d81-1081-36de-54f8-83118d9ff421

43 B
324 B

30ms
30ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072971&val=d534b263-5dde-4c14-ba5a-876c938f2180&ttd_puid=5df40d81-1081-36de-54f8-83118d9ff421
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://us-u.openx.net/w/1.0/sd?id=537072971&val=d534b263-5dde-4c14-ba5a-876c938f2180&ttd_puid=5df40d81-1081-36de-54f8-83118d9ff421
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 293

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 2615 170 B
188 B 62ms
35ms Image
image/png 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=NzE5YmRlNGItZDlmNi02ODdhLTQxMTgtZDlhODQ3N2QzYTQx

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 2615
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Go88Fzgsf35uQUxKowOY&google_cver=1

43 B
61 B

29ms
28ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Go88Fzgsf35uQUxKowOY&google_cver=1
Requested by: Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://u.openx.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 google
server: OXGW/17.1.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEO5Go88Fzgsf35uQUxKowOY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C0C2 32 KB
10 KB 32ms
32ms Script
text/html 23.50.66.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.50.66.244 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-50-66-244.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 342934f269e2f27d57cdd65c0d15647e3c35d9efee906d357cf793de944c5f9e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Dec 2021 23:04:16 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=86255
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9701
Expires: Fri, 04 Feb 2022 18:37:05 GMT

GET
H/1.1 200
OK ecm3
s.amazon-adsystem.com/ Frame C460 43 B
556 B 34ms
31ms Image
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=44ba39cfc1b88df61a801ccd&ex=sovrn.com&gdpr=0&gdpr_consent=

Requested by

Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: QMDKB2M5EXGY6MNXZEE0
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame C460
Redirect Chain

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=fmx
https://x.bidswitch.net/sync?dsp_id=70&user_id=8417904000596652597&ssp=fmx
https://ce.lijit.com/merge?pid=26&3pid=dccf4511-a5cd-4f33-9c8c-7b158fbd479f

43 B
2 KB

24ms
23ms

Image
image/gif

63.251.86.49
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=26&3pid=dccf4511-a5cd-4f33-9c8c-7b158fbd479f
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 63.251.86.49 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:31 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1dca1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: //ce.lijit.com/merge?pid=26&3pid=dccf4511-a5cd-4f33-9c8c-7b158fbd479f
Date: Thu, 03 Feb 2022 18:39:30 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame C460
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=1827&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=10&3pid=968062827439473446

43 B
856 B

77ms
25ms

Image
image/gif

63.251.86.49
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=10&3pid=968062827439473446
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 63.251.86.49 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1dca1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Location: https://ce.lijit.com/merge?pid=10&3pid=968062827439473446
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame C460
Redirect Chain

https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=27&3pid=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=

43 B
874 B

82ms
24ms

Image
image/gif

63.251.86.49
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=27&3pid=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 63.251.86.49 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1dca1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ce.lijit.com/merge?pid=27&3pid=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 223

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame C460
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=ZlYcm2JWTMp9BUidaVdXymlST899UEzJNl8UtJK0

43 B
878 B

38ms
23ms

Image
image/gif

63.251.86.49
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=ZlYcm2JWTMp9BUidaVdXymlST899UEzJNl8UtJK0
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 63.251.86.49 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1dca1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=ZlYcm2JWTMp9BUidaVdXymlST899UEzJNl8UtJK0
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame C460
Redirect Chain

https://sync.1rx.io/usersync2/sovrn?gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync2/sovrn?zcc=1&cb=1643913570776
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=745740043
https://sync.1rx.io/usersync/tradedesk/d534b263-5dde-4c14-ba5a-876c938f2180
https://sync.targeting.unrulymedia.com/csync/RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005?redir=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D56%263pid%3DRX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005
https://ce.lijit.com/merge?pid=56&3pid=RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005

43 B
2 KB

24ms
24ms

Image
image/gif

63.251.86.49
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=56&3pid=RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Server: 63.251.86.49 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ap.lijit.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:31 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap1dca1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date: Thu, 03 Feb 2022 18:39:31 GMT
Server: Tengine
ETag: RXa6cfd3507dc54165a7195d7c884a451e005
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://ce.lijit.com/merge?pid=56&3pid=RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005
Connection: keep-alive
Content-Type: text/html

GET
H2 200 idsync.d5cb6b96.js Show response
cdn.districtm.io/ids/ Frame B734 3 KB
2 KB 39ms
37ms Script
application/javascript 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.districtm.io/ids/idsync.d5cb6b96.js
Requested by: Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aebd50af0cd8da2f314a52e2088788775d1a441bd674ef9379578e7bc1b5ad50

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
via: 1.1 697118bcd171d3b8a0299bf4ce5a8604.cloudfront.net (CloudFront)
cf-cache-status: HIT
age: 73698
cf-polished: origSize=3302
x-cache: Hit from cloudfront
cf-bgj: minify
content-encoding: br
last-modified: Thu, 20 May 2021 02:18:27 GMT
server: cloudflare
etag: W/"74ede07ef946dc2316f86b2661cf2dd3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=172800
x-amz-cf-pop: JFK51-C1
cf-ray: 6d7dc8489a35e6f8-EWR
x-amz-cf-id: lwQ1lEw9tGsIlt1UY6HrsjBk2yAp9q3IbjALvHkHmH0V-8_svMWTYw==
expires: Sat, 05 Feb 2022 18:39:30 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 751F 2 KB
2 KB 73ms
24ms Script
text/html 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=24222476&p=156011&s=165626&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 30728e5014c972fd0088fd844154b0aa6459f7d647eacca295f1e9815fa1833d

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 1569
content-type: text/html; charset=UTF-8

GET
H3 200 www-player-webp.css
www.youtube.com/s/player/cdb8d439/ Frame 83CC 341 KB
47 KB 21ms
20ms Stylesheet
text/css 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cdb8d439/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ffb1aa4c12a99329b7f5a3196d421fd8efdfdb9435f80a61fe11f6a3024bd4c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 16:00:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95914
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47721
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 01:17:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Feb 2023 16:00:56 GMT

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ Frame 41DC 270 B
1 KB 27ms
26ms Script
application/javascript 34.235.23.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=748&ct=js&pi=&fp=&clid=&if=1&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fcdn.krxd.net%2Fpartnerjs%2Fxdi%2Fproxy.3d2100fd7107262ecb55ce6847f01fa5.html%23!kxcid%3Duthtxmddg%26kxt%3Dhttps%253A%252F%252Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%26kxcl%3Dcdn%26kxp%3D&pv=1643913570674_3jkr36uzz&bl=en-us&cb=1364975&return=https%3A%2F%2Fml314.com%2Fcsync.ashx%3Ffp%3DOpBH9njA%26person_id%3D%5BPersonID%5D%26eid%3D748%26return%3Dhttps%253A%252F%252Fbeacon.krxd.net%252Fusermatch.gif%253Fpartner%253Dmadisonlogic%2526partner_uid%253D%5BPersonID%5D&ht=&d=&dc=&si=1643913570674_3jkr36uzz&cid=&s=1600x1200&rp=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?312022
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.235.23.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-235-23-231.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1c2472bf7ed7e83825289620248f5b88650b428174bff537d406b2f6193d29ce

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 334
Expires: 0

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 83CC 15 KB
15 KB 47ms
20ms Font
font/woff2 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 11:41:34 GMT
x-content-type-options: nosniff
age: 197876
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Feb 2023 11:41:34 GMT

GET
H3 200 www-embed-player.js Show response
www.youtube.com/s/player/cdb8d439/www-embed-player.vflset/ Frame 83CC 273 KB
84 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cdb8d439/www-embed-player.vflset/www-embed-player.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b21513c597a3fd59b0b8a3b8908f1f44aad53257a4cf5a133f823eb342b4e4ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 16:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95938
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85904
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 01:17:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Feb 2023 16:00:32 GMT

GET
H3 200 base.js Show response
www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/ Frame 83CC 2 MB
534 KB 27ms
26ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/base.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26b263e4a0664acb1a410735c4e951a72a086cd4b9e4e9b0b03ab00922873dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 16:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95938
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 546336
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 01:17:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Feb 2023 16:00:32 GMT

GET
H3 200 fetch-polyfill.js Show response
www.youtube.com/s/player/cdb8d439/fetch-polyfill.vflset/ Frame 83CC 8 KB
3 KB 33ms
32ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cdb8d439/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 16:00:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95938
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 01:17:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Feb 2023 16:00:32 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame C0C2 284 B
932 B 100ms
25ms Image
image/jpg 8.43.72.98
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: ace9692b4e77bdf741ff63add80edaca
Content-Type: image/jpg

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame B734
Redirect Chain

https://dmx.districtm.io/s/v1/users/10002
https://s.amazon-adsystem.com/ecm3?ex=dmx.com&id=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaWQiOjEwMDAyLCJ1c3IiOiJxZ1llc2dZYk1qUmllVkpFZVRNemFGZ3lkR054ZFZvNVlqbExaMHRvZVRSSSJ9.mkOjUbN_Ckqs44UZZhLnzg...

43 B
556 B

31ms
30ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=dmx.com&id=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaWQiOjEwMDAyLCJ1c3IiOiJxZ1llc2dZYk1qUmllVkpFZVRNemFGZ3lkR054ZFZvNVlqbExaMHRvZVRSSSJ9.mkOjUbN_Ckqs44UZZhLnzg7Q7k2KfhnURjXSFrrbfwMLSJiVqld_zVxjrNnPwiS4LRnenH_prOeqi0HN9igyuQ

Requested by

Host: cdn.districtm.io
URL: https://cdn.districtm.io/ids/index.html?sellerid=10002&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Ddmx.com%26id%3D%7BUID%7D

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.districtm.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:30 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 1WA0FRDW9T5203RJB2F7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cf-cache-status: DYNAMIC
server: cloudflare
location: https://s.amazon-adsystem.com/ecm3?ex=dmx.com&id=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaWQiOjEwMDAyLCJ1c3IiOiJxZ1llc2dZYk1qUmllVkpFZVRNemFGZ3lkR054ZFZvNVlqbExaMHRvZVRSSSJ9.mkOjUbN_Ckqs44UZZhLnzg7Q7k2KfhnURjXSFrrbfwMLSJiVqld_zVxjrNnPwiS4LRnenH_prOeqi0HN9igyuQ
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: DELETE, GET, OPTIONS, POST
access-control-allow-origin: https://cdn.districtm.io
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6d7dc848eaa5e6f8-EWR
access-control-allow-headers: Origin, Content-Type
content-length: 0

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 41DC
Redirect Chain

https://ml314.com/csync.ashx?fp=OpBH9njA&person_id=3624884529290805302&eid=748&return=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dmadisonlogic%26partner_uid%3D3624884529290805302
https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3624884529290805302

0
337 B

28ms
23ms

Image
text/plain

18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3624884529290805302
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: private, no-cache, no-store
x-request-time: D=34 t=1643913570
x-served-by: beacon-n037-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: text/html; charset=utf-8
Location: https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3624884529290805302
Cache-Control: private
Connection: keep-alive
Content-Length: 211
Expires: Fri, 04 Feb 2022 13:39:30 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 96B7
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=23C78D8A-DA97-4FAD-8138-2A3B325854B5
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=23C78D8A-DA97-4FAD-8138-2A3B325854B5

35 B
468 B

18ms
18ms

Document
image/gif

185.167.164.42
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=23C78D8A-DA97-4FAD-8138-2A3B325854B5

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.167.164.42 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 03 Feb 2022 18:39:30 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Thu, 03 Feb 2022 18:39:30 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=23C78D8A-DA97-4FAD-8138-2A3B325854B5
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9DF3
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfwhZgADgP1xSwBH&gdpr=0&gdpr_consent=&_test=YfwhZgADgP1xSwBH

1 B
394 B

20ms
20ms

Document
text/html

104.36.115.109
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfwhZgADgP1xSwBH&gdpr=0&gdpr_consent=&_test=YfwhZgADgP1xSwBH
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Thu, 03 Feb 2022 18:39:34 GMT
content-type: text/html; charset=utf-8
content-length: 1
x-lat: njrpug011:0:849
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Varnish
retry-after: 0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YfwhZgADgP1xSwBH&gdpr=0&gdpr_consent=&_test=YfwhZgADgP1xSwBH
accept-ranges: bytes
date: Thu, 03 Feb 2022 18:39:34 GMT
via: 1.1 varnish
x-served-by: cache-yul12831-YUL
x-cache: HIT
x-cache-hits: 0
x-timer: S1643913575.569913,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H/1.1 200
OK ecm3 Show response
s.amazon-adsystem.com/ Frame 64F9 43 B
556 B 41ms
34ms Document
image/gif 209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/ecm3?id=23C78D8A-DA97-4FAD-8138-2A3B325854B5&ex=pubmatic.com

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

Server: Server
Date: Thu, 03 Feb 2022 18:39:30 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
x-amz-rid: HJJR7PPH34G25YB4Z834
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Permissions-Policy: interest-cohort=()

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 751F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=I8eNitqXT62BOCo7MlhUtQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

15 KB
15 KB

33ms
32ms

Image
text/html

23.221.203.12
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Server: 23.221.203.12 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-221-203-12.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3de4-5d6ef246ef4cf"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=112488
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5549
expires: Sat, 05 Feb 2022 01:54:18 GMT

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

458249.gif
idsync.rlcdn.com/ Frame 751F
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=23C78D8A-DA97-4FAD-8138-2A3B325854B5
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJDIzQzc4RDhBLURBOTctNEZBRC04MTM4LTJBM0IzMjU4NTRCNRAAGg0I4sLwjwYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=5a255d31338096943d36c7b22d1f176414372133246268f648865d0563a3f3e0791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA1YTI1NWQzMTMzODA5Njk0M2QzNmM3YjIyZDFmMTc2NDE0MzcyMTMzMjQ2MjY4ZjY0ODg2NWQwNTYzYTNmM2UwNzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA1YTI1NWQzMTMzODA5Njk0M2QzNmM3YjIyZDFmMTc2NDE0MzcyMTMzMjQ2MjY4ZjY0ODg2NWQwNTYzYTNmM2UwNzkxNDI2YjU0MTdkY2UyMRAAGgwI4sLwjwYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=d70c878c-5e9f-4717-9c38-efbf6d44241f

42 B
60 B

42ms
41ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=d70c878c-5e9f-4717-9c38-efbf6d44241f
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:31 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=d70c878c-5e9f-4717-9c38-efbf6d44241f
date: Thu, 03 Feb 2022 18:39:31 GMT
via: 1.1 google
x-samesite: secure
alt-svc: clear
content-length: 111
content-type: text/html; charset=utf-8

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 751F
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f1e61fc-2162-4900-902b-e4ff76eedd0a

0
260 B

60ms
19ms

Image
text/plain

104.36.115.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f1e61fc-2162-4900-902b-e4ff76eedd0a
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Server: 104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Thu, 03 Feb 2022 18:39:30 GMT
Server: MT3 4133 baa842e master iad-pixel-x10 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=8f1e61fc-2162-4900-902b-e4ff76eedd0a
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 03 Feb 2022 18:39:29 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 751F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MjNDNzhEOEEtREE5Ny00RkFELTgxMzgtMkEzQjMyNTg1NEI1&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
341 B

244ms
80ms

Image
image/gif

104.36.113.17
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Server: 104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:29 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug003:0:279
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 751F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFp4ClLuyDAF2-3_33jJ4mQ&google_cver=1

42 B
438 B

245ms
81ms

Image
image/gif

104.36.113.17
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFp4ClLuyDAF2-3_33jJ4mQ&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Server: 104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 15:16:36 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug016:0:755
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFp4ClLuyDAF2-3_33jJ4mQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 751F
Redirect Chain

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3F515BC34A04FE9B59C9D99074FC859

42 B
381 B

94ms
93ms

Image
image/gif

104.36.113.17
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3F515BC34A04FE9B59C9D99074FC859
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Server: 104.36.113.17 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: no-store, no-cache, private
x-lat: sfopug015:0:263
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date: Thu, 03 Feb 2022 18:39:30 GMT
x-content-type-options: nosniff
server: openresty
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3F515BC34A04FE9B59C9D99074FC859
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 02 Feb 2022 18:39:30 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 751F
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7300976281851386186&gdpr=0&gdpr_consent=&us_privacy=

1 B
264 B

19ms
19ms

Image
text/html

104.36.115.109
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7300976281851386186&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Server: 104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: no-store, no-cache, private
x-lat: njrpug007:0:566
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7300976281851386186&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 751F
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d534b263-5dde-4c14-ba5a-876c938f2180

42 B
604 B

60ms
19ms

Image
image/gif

104.36.115.109
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d534b263-5dde-4c14-ba5a-876c938f2180
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Server: 104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
cache-control: no-store, no-cache, private
x-lat: njrpug020:0:507
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:30 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=d534b263-5dde-4c14-ba5a-876c938f2180
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame C0C2
Redirect Chain

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=KZ7BP1AX-1N-HW1Z
https://s.amazon-adsystem.com/ecm3?id=KZ7BP1AX-1N-HW1Z&ex=d-rubiconproject.com&status=ok

43 B
556 B

37ms
37ms

Image
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=KZ7BP1AX-1N-HW1Z&ex=d-rubiconproject.com&status=ok

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 03 Feb 2022 18:39:31 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: NASY1DENFM35BWCPPE90
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://s.amazon-adsystem.com/ecm3?id=KZ7BP1AX-1N-HW1Z&ex=d-rubiconproject.com&status=ok
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: ace9692b4e77bdf741ff63add80edaca
Expires: 0

GET
H3 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 83CC 113 B
159 B 35ms
35ms XHR
application/json 2607:f8b0:4006:816::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:816::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

23c319aa222079e7f42123fbaf8ccbca3e6b9c185c7320406e606701dd54b4e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 83CC 29 B
588 B 67ms
19ms Script
text/javascript 2607:f8b0:4006:822::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:28:14 GMT
x-content-type-options: nosniff
age: 676
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 03 Feb 2022 18:43:14 GMT

GET
H3 200 remote.js Show response
www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/ Frame 83CC 97 KB
30 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eeb4dcddfa0f47eacde3fb23b0b57ed7bc131bfcb36e11c11d3e6ca4c217801d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 16:00:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95911
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30675
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 01:17:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Feb 2023 16:00:59 GMT

GET
H3 200 XGZ-AulDRdOU6E4AUKf8hC7vA7Gv5uiwb3Wvy3LbsUc.js Show response
www.google.com/js/th/ Frame 83CC 35 KB
13 KB 51ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/XGZ-AulDRdOU6E4AUKf8hC7vA7Gv5uiwb3Wvy3LbsUc.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c667e02e94345d394e84e0050a7fc842eef03b1afe6e8b06f75afcb72dbb147

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 31 Jan 2022 04:50:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 308911
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13704
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 15:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 31 Jan 2023 04:50:59 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/ Frame 83CC 26 KB
7 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

babd8f0ccc810b71cdbb5bec594ae60fc84f3f7993613d9fb90393bb634db2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 16:00:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 95936
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7557
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 01:17:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 02 Feb 2023 16:00:34 GMT

GET
DATA 200
OK truncated
/ Frame 83CC 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLS_LxZARH_Vp750gZxeQBeyiDUz04bcD1_casZj=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 83CC 2 KB
2 KB 76ms
20ms Image
image/jpeg 2607:f8b0:4006:80a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLS_LxZARH_Vp750gZxeQBeyiDUz04bcD1_casZj=s68-c-k-c0x00ffffff-no-rj

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

9b487e6390458c38b99abb6215507b8bd25f795dbaf1e24d233ddd5c51d295a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 16:13:20 GMT
x-content-type-options: nosniff
age: 8771
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2114
x-xss-protection: 0
server: fife
etag: "va"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 22 Jan 2022 03:51:25 GMT

GET
H3 200 sddefault.webp
i.ytimg.com/vi_webp/6kfv6OjkAPo/ Frame 83CC 27 KB
27 KB 25ms
25ms Image
image/webp 2607:f8b0:4006:80e::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/6kfv6OjkAPo/sddefault.webp

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2016 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8638ec50e9819468bde0e186fd824072ea0944ef09ffe6f3060996adcd0027d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:29:59 GMT
x-content-type-options: nosniff
age: 571
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27146
x-xss-protection: 0
server: sffe
etag: "1643415215"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 03 Feb 2022 20:29:59 GMT

GET
H/1.1

422
Unprocessable Entity

tap.php
pixel.rubiconproject.com/ Frame C0C2
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8f1e61fc-2162-4900-902b-e4ff76eedd0a&expires=28

0
0

94ms
24ms

Image
text/plain

8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8f1e61fc-2162-4900-902b-e4ff76eedd0a&expires=28
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

Date: Thu, 03 Feb 2022 18:39:31 GMT
Server: MT3 4133 baa842e master iad-pixel-x14 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8f1e61fc-2162-4900-902b-e4ff76eedd0a&expires=28
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 03 Feb 2022 18:39:30 GMT

GET
H/1.1

422
Unprocessable Entity

tap.php
pixel.rubiconproject.com/ Frame C0C2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB5BgrgZe2tsL4LcUP-0u8U&google_cver=1

0
0

95ms
24ms

Image
text/plain

8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB5BgrgZe2tsL4LcUP-0u8U&google_cver=1
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB5BgrgZe2tsL4LcUP-0u8U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame C0C2
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/BbV8HsTBbBmS1usoAJhJBMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8349194455581093975

42 B
689 B

95ms
31ms

Image
image/gif

8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8349194455581093975
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 5c765cf7d1bd0738e8bf9e7ecb99ef6d
Content-Type: image/gif

Redirect headers

date: Thu, 03 Feb 2022 18:39:31 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=8349194455581093975
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame C0C2
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=&expires=30

42 B
689 B

97ms
25ms

Image
image/gif

8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 5c765cf7d1bd0738e8bf9e7ecb99ef6d
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=d534b263-5dde-4c14-ba5a-876c938f2180&gdpr=0&gdpr_consent=&expires=30
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 289

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0C2
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1o3QlAxQVgtMU4tSFcxWg==

170 B
188 B

37ms
37ms

Image
image/png

142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1o3QlAxQVgtMU4tSFcxWg==

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1o3QlAxQVgtMU4tSFcxWg==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: ace9692b4e77bdf741ff63add80edaca
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame C0C2
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZ7BP1AX-1N-HW1Z&sigv=1&esig=2~5c335e43d6c89d8ecd3a1b1678076fc44243f15a

0
194 B

75ms
24ms

Image
text/plain

2001:4998:1c:800::1001
YAHOO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZ7BP1AX-1N-HW1Z&sigv=1&esig=2~5c335e43d6c89d8ecd3a1b1678076fc44243f15a

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

Server

2001:4998:1c:800::1001 New York, United States, ASN14779 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZ7BP1AX-1N-HW1Z&sigv=1&esig=2~5c335e43d6c89d8ecd3a1b1678076fc44243f15a
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: ace9692b4e77bdf741ff63add80edaca
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C0C2
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzBhODYzY2ZlYmMwM2VlNGQ0MzcwNTkzMGRjZjI1NzQzN2JiZjdhZg

170 B
188 B

41ms
40ms

Image
image/png

142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzBhODYzY2ZlYmMwM2VlNGQ0MzcwNTkzMGRjZjI1NzQzN2JiZjdhZg

Requested by

Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east

Protocol

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MzBhODYzY2ZlYmMwM2VlNGQ0MzcwNTkzMGRjZjI1NzQzN2JiZjdhZg
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 87d839cc3e00ba41df3f5dd9eab06282
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame C0C2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=YfwhZwADf4ewOwBH
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfwhZwADf4ewOwBH&_test=YfwhZwADf4ewOwBH

42 B
689 B

25ms
24ms

Image
image/gif

8.43.72.97
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfwhZwADf4ewOwBH&_test=YfwhZwADf4ewOwBH
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol: HTTP/1.1
Server: 8.43.72.97 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 5c765cf7d1bd0738e8bf9e7ecb99ef6d
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:35 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1643913576.795290,VS0,VE0
x-served-by: cache-yul12831-YUL
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=YfwhZwADf4ewOwBH&_test=YfwhZwADf4ewOwBH
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 12E5 0
18 B 75ms
36ms Document
text/plain 2a03:2880:f13a:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f13a:83:face:b00c:0:25de Minneapolis, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

content-type: text/plain
access-control-allow-origin: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0
date: Thu, 03 Feb 2022 18:39:31 GMT

POST
H3 200 embedded_player Show response
www.youtube.com/youtubei/v1/ Frame 83CC 49 KB
17 KB 59ms
58ms Fetch
application/json 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/embedded_player?key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8142b2237bdff3c25b7330280c3e49d854a6ebabdb5b5cb15e3ef6987016a4da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
X-Youtube-Client-Name: 56
X-Youtube-Client-Version: 1.20220201.01.00
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Goog-Visitor-Id: CgtYVHFURl9hVHNXSSjiwvCPBg%3D%3D
Content-Type: application/json

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16934
x-xss-protection: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 83CC 4 KB
3 KB 83ms
37ms Script
text/javascript 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Feb 2022 18:39:31 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 83CC 0
9 B 24ms
20ms Image
text/plain 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?zzj4pQ
Requested by: Host: www.youtube.com
URL: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame FCE3 47 KB
13 KB 73ms
26ms Script
application/javascript 52.44.16.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=928934&campId=300x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717528&pubOrder=2842599597&cb=161012505&custom=index&custom2=1&adsafe_par&impId=9f19f994-8520-11ec-b043-0e2c9bbbd875
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.44.16.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-16-134.compute-1.amazonaws.com
Software: /
Resource Hash: 44ee31a43035a097d99b0ea6399a42b3432b50f0e789bc77cc47caa49df43d7b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
content-encoding: gzip
x-f1: 1
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EB1B 0
0 82ms
81ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss7yrALGa1TOnv9xsXRJqpTY9T6NVF_gyxwa0MiBU2W6uX8dnQBIGkwkheP-9foTc6TND3Fp5xX90bdrEhfJy8d0WlawHhNME3uWx1EvlwnG-2ZXAQIqLSaE9vzu-yD5hfuq1EbBQQ35srbuol29MDtDaqvg0QBxBRKQq5UREVvXjh4sR2HhrPMmWYECHsTnaE17W-9z0XhX_kkFXFhtztUU27r6p_BxNXAfKsLhQg3N7H6ZKcHCVdTdSl8qltCldQ-Zjt5El6FORrG3dt4aLaaeNCN39a3qi06-BRCinv0NJXLfmbsbX00-iOdPPCXjxfYkUb7-tC67dIBd7hHLKWdmjMpltcx_iTZSe7ANdNjR4VTbxta73AWuV7bwA&sai=AMfl-YRc7jNO2RHwTlf9Jl2c4g5A59ub4qGigDpwguMVk7QjL1x-mApT7CskPkKrm1SLwZEQMv2e8N3ZPSfedWq-wWm1P6v88J_tbvAhB_nFTVviSPs5w-3LHLPlwZhojUKtDIrqABQ5XQ4qbVdY7TgQReks&sig=Cg0ArKJSzAXq8CTH8idgEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 61795636_70ba47ebc53494d5b7c9d9336dc1a584_creative_def.js Show response
s0.2mdn.net/ads/richmedia/studio/creative/61764007/ Frame EB1B 7 KB
2 KB 69ms
20ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/creative/61764007/61795636_70ba47ebc53494d5b7c9d9336dc1a584_creative_def.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5509db569f40fcf92ae04e040e67bf4e1452df01479d28a6a257459ff6153090

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1555
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:58:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H2 200 html_inpage_rendering_lib_200_260.js Show response
s0.2mdn.net/879366/ Frame EB1B 183 KB
63 KB 70ms
21ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_260.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61aa815692e9edf603f12550ad0976ccde355df6e118e42f018a691738997d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 09:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64774
x-xss-protection: 0
last-modified: Wed, 31 Jul 2019 21:01:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 09:37:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EB1B 123 KB
38 KB 134ms
86ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3a6fb9e39c82eed501889521b19cc4fc13d1104f83128928775b520c86f8abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38146
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643806174374025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Feb 2022 18:39:31 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/97/ Frame 83CC 53 KB
15 KB 47ms
19ms Script
text/javascript 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/97/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a1a9324c503cc885e5bf568d8c5de12c34c0adc3a4990d547a4514179108badd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 17:17:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4938
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15488
x-xss-protection: 0
last-modified: Mon, 01 Nov 2021 15:04:28 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="cloudview-release"
expires: Fri, 04 Feb 2022 17:17:13 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame A49C 47 KB
13 KB 27ms
26ms Script
application/javascript 52.44.16.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=928934&campId=970x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717501&pubOrder=2842599597&cb=307793121&custom=index&custom2=2&adsafe_par&impId=9f19f995-8520-11ec-b043-0e2c9bbbd875
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.44.16.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-16-134.compute-1.amazonaws.com
Software: /
Resource Hash: 51b040406d51fc17fbdc3226dc0cf7d791a37c980e42ded92369c9ba5ccd8bf1

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
content-encoding: gzip
x-f1: 1
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B5A9 0
0 81ms
80ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst7DQd1vAXX-XfjDnw2TVwUTUFCXgtWjrvmUU9we2iSfTR537TzlSohDtGDjoJcSFqoNQOt1UNUy2tiInauIv5QQUBacWZXLIH-sNcPzLxBP9QZQcjN2QQey_E752u8ltCIkYpNXMpL6jLhDsUDrhM5XLoYtpjbf-uwTMq8IcLUd6Z9EkTzBlpjRM6T3CsUAU4MSwwFCyNhEwnIqJ0BgmKCZ9PXoZ0lSXIJBhBZ37yAYc2uRgb0pg_07dLnsCauMmkHRftklk9mxqPX_lkmPs8yk0yjwUYm0Up1WxMMUcBK7YRBIBD9R6dMNvSl9MSasakLlG_I6aZK6-5Av8VfaVWrMo3x5xfqXocefqy05B6OUAG4Ch9dSEO23AW7eQ&sai=AMfl-YTaqg3N1sMqdhzfSdKXM5nwz-2njKKWGKHyFPXak9XBpMb_FFSrPvUdzBzym7JPdVfAgWYc-4ZYDIbIMAYSDKCWu66Gtzhdc20ReUUGqyKDsg3bOv_25rLxPUrs20sM34gVE8pTzKbkGcYr-ULWXfXI&sig=Cg0ArKJSzOKHIlAt2NZpEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 61795630_2cdb40cc303aee8552e899173fd12727_creative_def.js Show response
s0.2mdn.net/ads/richmedia/studio/creative/61778070/ Frame B5A9 7 KB
2 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/creative/61778070/61795630_2cdb40cc303aee8552e899173fd12727_creative_def.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9738f13adcd8289b20f18e91fcdaf4c90623de14a712b74f0d6ee0a14de4e5c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1056
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1572
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:55 GMT

GET
H2 200 html_inpage_rendering_lib_200_260.js Show response
s0.2mdn.net/879366/ Frame B5A9 183 KB
63 KB 46ms
44ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_260.js

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61aa815692e9edf603f12550ad0976ccde355df6e118e42f018a691738997d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 09:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32512
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 64774
x-xss-protection: 0
last-modified: Wed, 31 Jul 2019 21:01:39 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 09:37:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B5A9 123 KB
37 KB 108ms
106ms Script
text/javascript 2607:f8b0:4006:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3a6fb9e39c82eed501889521b19cc4fc13d1104f83128928775b520c86f8abc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38146
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643806174374025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Feb 2022 18:39:31 GMT

GET
H2 200 main.gr.19.8.284.js Show response
static.adsafeprotected.com/ Frame FCE3 189 KB
60 KB 59ms
20ms Script
application/javascript 2600:9000:2209:6400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.284.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=928934&campId=300x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717528&pubOrder=2842599597&cb=161012505&custom=index&custom2=1&adsafe_par&impId=9f19f994-8520-11ec-b043-0e2c9bbbd875
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:6400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eff9611cedbd4005f4e14141b36370a67bffe1e50b1082cb32a84ee835c27a21

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 17:07:11 GMT
content-encoding: gzip
age: 696740
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 26 Jan 2022 16:52:12 GMT
server: AmazonS3
etag: W/"fb9b2792c3db887dfff0ad3cd668ef5a"
vary: Accept-Encoding
x-amz-version-id: dmAY6a2.PaweZS3llbmldpNvP5GdhzI6
via: 1.1 e5bd532dbdee524acdf00690205f3b5a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: EWR53-P1
content-type: application/javascript
x-amz-cf-id: rSJSV7tg0c1LCvXEMzOgr7xbtqKF5AbEIp-khGtBE5LidppzbZTm1g==

GET
H2 200 main.gr.19.8.284.js Show response
static.adsafeprotected.com/ Frame A49C 189 KB
60 KB 78ms
41ms Script
application/javascript 2600:9000:2209:6400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.284.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=928934&campId=970x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717501&pubOrder=2842599597&cb=307793121&custom=index&custom2=2&adsafe_par&impId=9f19f995-8520-11ec-b043-0e2c9bbbd875
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:6400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: eff9611cedbd4005f4e14141b36370a67bffe1e50b1082cb32a84ee835c27a21

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 17:07:11 GMT
content-encoding: gzip
age: 696740
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 26 Jan 2022 16:52:12 GMT
server: AmazonS3
etag: W/"fb9b2792c3db887dfff0ad3cd668ef5a"
vary: Accept-Encoding
x-amz-version-id: dmAY6a2.PaweZS3llbmldpNvP5GdhzI6
via: 1.1 e5bd532dbdee524acdf00690205f3b5a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: EWR53-P1
content-type: application/javascript
x-amz-cf-id: bRRWRBREIJhak71BlF6E9LxlsGR2Dj_-JBMlHrFKeWo7BOATcbORcg==

GET
H3 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 50 KB
5 KB 65ms
37ms Document
text/html 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_260.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a29b8bab5f1f800a0d2b9c2c0d04c5b4d6fdaaed46a77b5585debcf250791910

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 5408
date: Thu, 03 Feb 2022 18:39:31 GMT
expires: Fri, 04 Feb 2022 18:39:31 GMT
cache-control: public, max-age=86400
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 34 KB
4 KB 52ms
34ms Document
text/html 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_260.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

543c46a50d60a9c177d4b3e204a236e9a096a0c13661ebef579443a5d2b8a032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 4334
date: Thu, 03 Feb 2022 18:39:31 GMT
expires: Fri, 04 Feb 2022 18:39:31 GMT
cache-control: public, max-age=86400
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EB1B 0
0 85ms
84ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFU2TTqF1YebzOgKwW64EDnTKLlZtPSkhmRBsZFZtDy3ZJyzD1Fv0xj3S_1JQV412nO1tpgVCIhZeLjCkohFXymf1Z75HU9vMlYfPmttM7ZSbrD3eXHSUeliPDYegoMyfTJpY0owy3tmhHlmj8PC8XkE7GOqGpA58TkjpQPKzHW1Ylnfg7845jotF7aYj7wuNh0XGQE_QggqaXCsNphYhrD39uwc_xbj-CYZXx0qdcJcUaQcU_ZJPI7O4Qy6xzN5s2-940ZZ0nMX8RLotrLrND1DfsFDrnYeS5WCwo7KQ9iZpd8uY9HAtGp0QdTw5QwMw8x64dsDC7xYXE5mO4DlbX1cck5OK3IisYkOcNSJwvm9E7Y7RxXe_FFYvmxtVv&sai=AMfl-YQCRtWsVQX4dtJ_-OXQlYK6MM-P8mM54kjNeRJS7VHp-yhPmNknGDeig1VtkES8hnEWYiAVdj5BcCxLugFj6aypEGB2v2iFPPYU3ZLn7APLdxBLd7gAtgYSE66wWPhXuGEYK5FlD0urlqZTJcmKFvBm&sig=Cg0ArKJSzD-snQl2GE_cEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 03 Feb 2022 18:39:31 GMT

GET
DATA 200
OK truncated
/ Frame EB1B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7fe56ebfebd6a0305378558f2cfe9265f3f2324efa9036451f6c729ad349c5f

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame B5A9 0
0 82ms
82ms Fetch
image/gif 142.250.65.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstNx9dGqhEdrjpCsO_NOCDKMa1RzUr6O5IEpL2k5njPDfdCRRPTVSznV0nDep7fhXXSzHLkYP-_e8mA_E-HPbqmug_W9rE2JoIsEKAmeZlVog1Q_5OVv9Unek7rgukzy1dufl6ZJhePwjHZv3_kgDx8rARLhDg6p92pcOAw6l39jiDHiFTIGM1ed-fR7xr3Ecrv7p4ZFqAE2tzEhWuW_Qeo5nZnj3nGtCbcwwpaxF_cZd-nHi8tGqRo5ymk-HE8G2zYzVK6cBMsDaeaIp226bTSPZOr42aRSp6uZrHvwWe5gzEPSuQCN9f8Ryz24GMtDP4HPI_u5RFnvzc1n9gUrUcyp7IwbFSTLFqQMwN9DzxPiajvxfg8wnyz024sTZK5&sai=AMfl-YSQqPdttX4pxAZ0MVZa0tp9KDDYjmOzUBZvRfhbgR7Ov_hqfYBnweYYSCiAmSaCqVDiYceOitaoDfthTCJH8vRkoltbHAsUnXpyHgW4sI7PujGFhrmNjhDSN9LuM-PShUnuTQ4UdzF1E3x-AP_D9rLw&sig=Cg0ArKJSzDQFUegRjxBfEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Thu, 03 Feb 2022 18:39:31 GMT

GET
DATA 200
OK truncated
/ Frame B5A9 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7e1aca3fabf1b9a4f0ac9d60cafde446f0b560a3d44ebf31664883f4e21e175a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 gwdpage_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 55 B
80 B 20ms
20ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 731 B
262 B 21ms
21ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 24 B
49 B 21ms
21ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 281 B
186 B 24ms
22ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 157 B
143 B 23ms
22ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 400 B
303 B 24ms
23ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3168403eabe87c4fa8bf097e63d6409e3e6d15a14825215c27e9e4f1f943c95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 275
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 21 KB
6 KB 28ms
26ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c51a4086e332a8b351790a53582dbba5bd78b7a1f021b829d93da3ad59ca575f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6266
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 3 KB
1 KB 27ms
26ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

257c9947bb8a45c4a0519f4ddc8769ecc7f889e268a046b0f05c17dfc7912eee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 8 KB
3 KB 25ms
23ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74a8b34ddd37ba93b4c8198cebbc858c098de1effdddd63eebf9009d55cc53c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3125
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame 12CD 110 KB
38 KB 32ms
30ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 14:36:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14578
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 14:36:33 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 13 KB
4 KB 37ms
35ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a22c497288d6b312171de3df8ed00831f34a76a52384c1ba9d504e11c98a5f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4408
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 5 KB
2 KB 39ms
38ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c3223c27067f54618683e5fdfe83536907b179e81ed9a39873aa8b8140c05f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2001
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 4 KB
2 KB 37ms
35ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

740d0e2ab785d5697336ecd812e6c6fb5547e741ab78204d93023d08bd274ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1814
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwd-events-support.1.0.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 5 KB
1 KB 38ms
36ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/gwd-events-support.1.0.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97f021d21f4c6ecb256ef53df152984ad47d4fa5d9b013223454abaccb92814a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1287
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 gwdpage_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 55 B
80 B 25ms
24ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 731 B
262 B 29ms
27ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 24 B
49 B 28ms
26ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 281 B
186 B 27ms
25ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 157 B
143 B 27ms
25ms Stylesheet
text/css 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 5 KB
2 KB 49ms
47ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c3223c27067f54618683e5fdfe83536907b179e81ed9a39873aa8b8140c05f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2001
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwd-events-support.1.0.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 5 KB
1 KB 47ms
45ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwd-events-support.1.0.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97f021d21f4c6ecb256ef53df152984ad47d4fa5d9b013223454abaccb92814a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1287
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 4 KB
2 KB 50ms
48ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

740d0e2ab785d5697336ecd812e6c6fb5547e741ab78204d93023d08bd274ecd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1814
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 400 B
303 B 57ms
55ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3168403eabe87c4fa8bf097e63d6409e3e6d15a14825215c27e9e4f1f943c95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 275
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 21 KB
6 KB 51ms
49ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c51a4086e332a8b351790a53582dbba5bd78b7a1f021b829d93da3ad59ca575f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6266
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 3 KB
1 KB 47ms
46ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

257c9947bb8a45c4a0519f4ddc8769ecc7f889e268a046b0f05c17dfc7912eee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 8 KB
3 KB 46ms
44ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74a8b34ddd37ba93b4c8198cebbc858c098de1effdddd63eebf9009d55cc53c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3125
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame DB96 110 KB
38 KB 37ms
36ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 14:36:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14578
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 14:36:33 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 13 KB
4 KB 55ms
54ms Script
text/javascript 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a22c497288d6b312171de3df8ed00831f34a76a52384c1ba9d504e11c98a5f21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61468
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4408
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:03 GMT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame E4CC 80 KB
21 KB 19ms
19ms Script
application/javascript 2600:9000:2209:6400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:6400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 27 Nov 2021 03:16:10 GMT
content-encoding: gzip
age: 5930602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 e5bd532dbdee524acdf00690205f3b5a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: EWR53-P1
content-type: application/javascript
x-amz-cf-id: WvxizW4wobXyGGpBou6kDRQQhEm9pB8T5bMy_hF8MFTuLT3HVNX1kQ==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 33ms
33ms Image
image/gif 52.44.16.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=928934&campId=300x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717528&pubOrder=2842599597&cb=161012505&custom=index&custom2=1&adsafe_par&impId=9f19f994-8520-11ec-b043-0e2c9bbbd875&adsafe_url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:942bcfc6-e00e-27f2-3016-bf819856966e,c:3bvbJX,sl:inView,em:true,fr:true,thd:1,mn:jsserver-primary-7bc459846d-zvxkw,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:143,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C181%7C182,idMap:17*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:164,oid:a010dccb-8520-11ec-a325-76a778d33254,v:19.8.284,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.44.16.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-16-134.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: app30.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame D387 80 KB
21 KB 20ms
19ms Script
application/javascript 2600:9000:2209:6400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:6400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 27 Nov 2021 03:16:10 GMT
content-encoding: gzip
age: 5930602
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 e5bd532dbdee524acdf00690205f3b5a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: EWR53-P1
content-type: application/javascript
x-amz-cf-id: fT_GDP9e-Bt7Sje6SIaH2cUEeXWu2XC9H5u-3cHlyeHK1VIyH6oTMA==

GET
H2 200 mon
pixel.adsafeprotected.com/ 43 B
216 B 29ms
28ms Image
image/gif 52.44.16.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=928934&campId=970x250&pubId=4811995650&chanId=21809871911&placementId=5680797321&pubCreative=138347717501&pubOrder=2842599597&cb=307793121&custom=index&custom2=2&adsafe_par&impId=9f19f995-8520-11ec-b043-0e2c9bbbd875&adsafe_url=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital%2F&adsafe_type=abdfq&adsafe_jsinfo=,id:8a35122e-db54-0e54-6166-c08befe7c6bd,c:3bvbLc,sl:outOfView,em:true,fr:true,thd:1,mn:jsserver-experiment-primary-7d6b9dd8f4-xsbc8,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:315.1182.970.250,am:i,cc:315.1182.970.250,piv:7,obst:0,th:0,reas:l,br:u,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:197,fm:sWp7Otv+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C171%7C172%7C173%7C18*.928934%7C181%7C182,idMap:18*,pl:,rmeas:1,rend:1,renddet:DIV.qs.sn,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:237,oid:a0115264-8520-11ec-beeb-a2cdc1b41f39,v:19.8.284,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.44.16.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-44-16-134.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: app03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
216 B 236ms
77ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=8a35122e-db54-0e54-6166-c08befe7c6bd&tv=%7Bc:3bvbLd,pingTime:-8,time:238,type:l,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:238,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:237,wc:0.0.1600.1200,ac:315.1182.970.250,am:i,cc:315.1182.970.250,piv:7,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B40~1%5D,as:%5B40~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sWp7Otv+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C171%7C172%7C173%7C18*.928934%7C181%7C182,idMap:18*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 221ms
81ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvbLD,pingTime:0,time:267,type:pf,im:%7BpBlk:199%7D,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:250,t:163%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:267,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:163,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B122~100%5D,as:%5B122~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C181%7C182,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 190ms
79ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvbM9,pingTime:-2,time:299,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:137,beZ:139,mfA:280,cmA:282,inA:282,inZ:286,prA:286,prZ:294,si:301,poA:302,bl:337,poZ:337,cmZ:337,mfZ:337,loA:406,loZ:408,ltA:436,ltZ:436%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:body%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:250,t:163%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:299,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:163,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B153~100%5D,as:%5B153~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C18.928934%7C181%7C182,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn,slid:%5Bgoogle_ads_iframe_/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index_0,google_ads_iframe_/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index_0__container__,ad-1,ad__inner-1,main-content%5D,sinceFw:134,readyFired:true%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 184ms
80ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=8a35122e-db54-0e54-6166-c08befe7c6bd&tv=%7Bc:3bvbMg,pingTime:-2,time:303,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:90,beZ:91,mfA:287,cmA:288,inA:288,inZ:289,prA:289,prZ:293,si:327,poA:329,poZ:338,cmZ:338,mfZ:338,loA:367,loZ:368,ltA:393,ltZ:393%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:970.250,dom:body%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:7,vs:o,r:l,w:970,h:250,t:237%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:303,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:237,wc:0.0.1600.1200,ac:315.1182.970.250,am:i,cc:315.1182.970.250,piv:7,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B105~1%5D,as:%5B105~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17.928934%7C171%7C172%7C173%7C18*.928934%7C181%7C182,idMap:18*,rmeas:1,rend:1,renddet:DIV.qs.sn,slid:%5Bgoogle_ads_iframe_/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index_1,google_ads_iframe_/3081/SMCO_ENCO_MAGOnFarmer_EN_WEB/index_1__container__,ad-2,ad__inner-2,main-content%5D,sinceFw:64,readyFired:true%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 btn_replay-01.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 805 B
547 B 21ms
20ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/btn_replay-01.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d627bfed9c45cb007955e86a56be2e34a8918993c3b79c3d6ee2352730188d0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 519
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 mainimage-work-billboard.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 112 KB
112 KB 23ms
22ms Image
image/jpeg 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/mainimage-work-billboard.jpg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0540f52a4827b5be2b2c6625d6c84e4bc8048d9a4ad44bc810282870b404a9ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 114634
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 work-heading.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 4 KB
2 KB 25ms
23ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/work-heading.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2153b9a94411b62360fb95abaaff9a1d96a02287ff07e819c649ae1efa06cc01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1979
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 economy-subheading.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 12 KB
3 KB 26ms
24ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/economy-subheading.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd51702795d8496e8ce980a116a7b8e11a79ab0a7aaf20b4556be965415e36f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3057
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 work-copy-billboard.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 26 KB
5 KB 26ms
24ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/work-copy-billboard.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5286b4ae41046359ddfc4ed21d9371d4a74289e4cd9ba2491fec19f914bb0dff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5232
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 fp_work.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 3 KB
1 KB 28ms
26ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/fp_work.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

364b573c8a6a65afef0815247a4caab0fc85190796141e0dd3166f9d5e7ced62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 FinancialPost_MAST_RGB.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/ Frame 12CD 5 KB
2 KB 27ms
25ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/FinancialPost_MAST_RGB.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d72b41e9ee1228706defd9248456e5a270518d80cf7ac077211b55127c47ae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61778070/20210427125731040/index.html?e=69&leftOffset=0&topOffset=0&c=F6w7aR4MWh&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1055
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1808
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 18:21:56 GMT

GET
H3 200 btn_replay-black.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 805 B
547 B 31ms
29ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/btn_replay-black.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d627bfed9c45cb007955e86a56be2e34a8918993c3b79c3d6ee2352730188d0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 519
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:04 GMT

GET
H3 200 mainimage-work-bigbox.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 39 KB
39 KB 31ms
29ms Image
image/jpeg 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/mainimage-work-bigbox.jpg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f8cb9f43f4f58bce85c8132e429a21d46e590f1f18d1baa51c95be0202e3632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:04 GMT
x-content-type-options: nosniff
age: 61467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39608
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:04 GMT

GET
H3 200 work-heading.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 17 KB
5 KB 33ms
32ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/work-heading.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1bc452030c333c2f2b7b7c6c59b0ed4711b76daf04597a629391c13f79a66b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4652
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:04 GMT

GET
H3 200 work-copy-300.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 26 KB
5 KB 32ms
30ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/work-copy-300.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c79b934a9c7a6bc11a607c6d514b088f7da1145f4a8cfaf237bbdd149c0a13d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5253
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:04 GMT

GET
H3 200 fp_work.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 3 KB
1 KB 33ms
30ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/fp_work.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

364b573c8a6a65afef0815247a4caab0fc85190796141e0dd3166f9d5e7ced62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:04 GMT

GET
H3 200 FinancialPost_MAST_RGB.svg
s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/ Frame DB96 5 KB
2 KB 33ms
31ms Image
image/svg+xml 2607:f8b0:4006:820::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/FinancialPost_MAST_RGB.svg

Requested by

Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d72b41e9ee1228706defd9248456e5a270518d80cf7ac077211b55127c47ae83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61764007/20210427125729670/index.html?e=69&leftOffset=0&topOffset=0&c=AzAzdgF3a5&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 01:35:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61467
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1808
x-xss-protection: 0
last-modified: Tue, 27 Apr 2021 19:57:29 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 04 Feb 2022 01:35:04 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 89ms
78ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvbNJ,time:397,type:e,im:%7BpLoad:312,pWait:13%7D,env:%7Bar:self.0%7D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:397,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:163,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B251~100%5D,as:%5B251~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C18.928934%7C181%7C182,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 134ms
134ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=8a35122e-db54-0e54-6166-c08befe7c6bd&tv=%7Bc:3bvbOb,time:422,type:e,env:%7Bar:self.0%7D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:422,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:237,wc:0.0.1600.1200,ac:315.1182.970.250,am:i,cc:315.1182.970.250,piv:7,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B225~1%5D,as:%5B225~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:0,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17.928934%7C171%7C172%7C173%7C18*.928934%7C181%7C182,idMap:18*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 77ms
77ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvbQU,pingTime:-10,time:594,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ny4wLjQ2OTIuNzEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1643913571923%7C%7C9160e97a0f74ef3f0abb609bc8f28a22%7C%7C8866308252d63f9bf74b74e606896148%7C%7Cd086e2fc0d3d71a7670bb52b4e2387ee%7C%7C7b6256a24a0f058211d66eb6170f6f0b%7C%7C7008bd6fed47486b730cb3224592fecb%7C%7C4dc98bf6165682f38043b2e82c5fbd8f%7C%7C898b235e7a15b65fc618076e0f36a7f0%7C%7C1629390669%7D
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:31 GMT
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EB1B 42 B
497 B 130ms
82ms Fetch
image/gif 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvBrqQ8DQsFAnByq9d6xr7KIW5i37-872nG0WsKVs_RY-1RE1EdONz89XBzu8QTWktsBj1Jcp2HR0fq5nXAe0lOojkBw4orq9Vh6GtY2Cd_GXaMBBfo&sig=Cg0ArKJSzJgNwJNeXmFZEAE&id=lidar2&mcvt=1000&p=108,650,358,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220202&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=625928897&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643913571188&rpt=221&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 76ms
76ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=8a35122e-db54-0e54-6166-c08befe7c6bd&tv=%7Bc:3bvc1C,pingTime:-10,time:1255,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85Ny4wLjQ2OTIuNzEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1643913571923%7C%7C9160e97a0f74ef3f0abb609bc8f28a22%7C%7C8866308252d63f9bf74b74e606896148%7C%7Cd086e2fc0d3d71a7670bb52b4e2387ee%7C%7C7b6256a24a0f058211d66eb6170f6f0b%7C%7C7008bd6fed47486b730cb3224592fecb%7C%7C4dc98bf6165682f38043b2e82c5fbd8f%7C%7C898b235e7a15b65fc618076e0f36a7f0%7C%7C1629390669,sca:%7Bspg:942bcfc6-e00e-27f2-3016-bf819856966e%7D%7D
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:32 GMT
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 77ms
77ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvc1N,pingTime:1,time:1269,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:250,t:163%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1269,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:163,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1123~100%5D,as:%5B1123~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:81,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C18.928934%7C181%7C182,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:32 GMT
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 77ms
77ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvc1N,pingTime:1,time:1269,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:250,t:163%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1269,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:163,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1123~100%5D,as:%5B1123~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:81,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C18.928934%7C181%7C182,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:publ1,cmr:t%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:32 GMT
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 76ms
76ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvc1N,pingTime:1,time:1269,type:c,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:250,t:163%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1269,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:163,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1124~100%5D,as:%5B1124~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:81,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C18.928934%7C181%7C182,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn,metricId:grpm1,cmr:t%7D&br=u
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:32 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 751F 0
260 B 74ms
25ms Script
text/plain 8.28.7.84
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156011&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:32 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 optout_check Show response
beacon.krxd.net/ 82 B
241 B 24ms
23ms Script
text/javascript 18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.postmedia.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: 4a2626d3d017ee97d1a7027e3d28781aaddb186b9c528f7c47458d4ae54b0d75

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:32 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=42 t=1643913572
x-served-by: beacon-n007-ash-prod.krxd.net
content-type: text/javascript

GET
H2 200 get Show response
cdn.krxd.net/userdata/ 364 B
511 B 31ms
30ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/userdata/get?pub=42fb57ac-2013-45a6-8dad-332d53e17c1b&technographics=1&callback=Krux.ns.postmedia.kxjsonp_userdata
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 509e4a5df0a650cb0afa2e1ea2dd9dddc4cb568e241b12c262ee1b6b9e8832cd

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
date: Thu, 03 Feb 2022 18:39:32 GMT
content-encoding: gzip
age: 0
x-served-by: userdata-a010-ash-prod.krxd.net, cache-yul12831-YUL
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript
via: 1.1 varnish
cache-control: private, max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1643913573.868859,VS0,VE20
content-length: 283
x-cache-hits: 0, 0

GET
H2 200 42fb57ac-2013-45a6-8dad-332d53e17c1b Show response
consumer.krxd.net/consent/get/ 224 B
310 B 30ms
30ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_1
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: c744ae835cf93919e5f0b89bf9937fe8af5d5fb5e4846ca19e42f758a6133986

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:32 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a020-ash-prod.krxd.net, cache-yul12822-YUL
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1643913573.886124,VS0,VE19
content-length: 187
x-cache-hits: 0, 0

GET
H2 204 pixel.gif
beacon.krxd.net/ 0
337 B 23ms
23ms Image
text/plain 18.213.185.73
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/pixel.gif?source=smarttag&fired=report&confid=uthtxmddg&_kpid=42fb57ac-2013-45a6-8dad-332d53e17c1b&_kcp_s=communities&_kcp_d=postmedia.digital&_knifr=8&_kua_kx_tz=0&geo_country=ca&geo_region=qc&geo_dma=124462&_kua_kx_lang=en-us&_kua_kx_tech_browser_language=en-us&_kua_mpid=6036343839195220452&_kua_ad_light_user=false&_kua_kx_tech_browser=Chrome%209&_kua_kx_tech_manufacturer=Microsoft%20Corporation&_kua_kx_tech_device=Computer&_kua_kx_tech_os=Windows%2010&_kua_kx_geo_country=ca&_kua_kx_geo_region=qc&_kua_kx_geo_dma=124462&_kpa_domain=postmedia.digital&_kpa_page_type=index&_kpa_communities_page_type=index&_kpa_main_category=index&_kpa_env=test&_kpa_view_type=HTML&_kpa_paywall_whitelist=false&t_navigation_type=0&t_dns=0&t_tcp=26&t_http_request=-1&t_http_response=44&t_content_ready=1086&t_window_load=0&t_redirect=0&interchange_ran=false&userdata_was_requested=true&userdata_did_respond=true&store_user_after=w3y9lp9ua&userdata_user=OpBH9njA%2Cw3y9lp9ua&sview=1&kplt0=41818&kplt1=42920&kplt2=42921&kplt3=42922&kplt4=44981&kplt5=45977&kplt6=46302&jsonp_requests=https%3A%2F%2Fconsumer.krxd.net%2Fconsent%2Fget%2F42fb57ac-2013-45a6-8dad-332d53e17c1b%2C268%2Chttps%3A%2F%2Fbeacon.krxd.net%2Foptout_check%2C26%2Chttps%3A%2F%2Fcdn.krxd.net%2Fuserdata%2Fget%2C33%2Chttps%3A%2F%2Fconsumer.krxd.net%2Fconsent%2Fget%2F42fb57ac-2013-45a6-8dad-332d53e17c1b%2CNaN
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.185.73 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-213-185-73.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:32 GMT
cache-control: private, no-cache, no-store
x-request-time: D=128 t=1643913572
x-served-by: beacon-n038-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 83CC 28 B
50 B 43ms
41ms XHR
application/json 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cdb8d439/player_ias.vflset/en_US/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 0
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/6kfv6OjkAPo?autoplay=0&cc_load_policy=1&color=white&controls=1&enablejsapi=1&origin=https%3A%2F%2Fgcp-cheet-4632-ontariofarmer.gdev.postmedia.digital&playsinline=1&rel=0&playlist=6kfv6OjkAPo%2CGSTTZ7mtwKc%2ClkhYkiqApyI%2CLefQlPR5tiU%2CiYlGGPcBNLM%2Ce3Q4fByDnWY%2CFELEXBxSqOc%2CHiIgtQALCkI%2CU04Sbe64a2Y%2CQkT6LepK8mg&embed_config=%7B%22adsConfig%22%3A%7B%22adTagParameters%22%3A%7B%22iu%22%3A%22%2F3081%2FSMCO_ENCO_MAGOnFarmer_EN_WEB%2Findex%22%2C%22cust_params%22%3A%22player%253Dyt%2526no_pol%253Dtrue%2526page%253Dindex%2526pr%253Donf%2526sensitive%253Dn%2526negative%253Dn%2526ck%253Dindex%2526imp%253Dindex%2526kuid%253D%2526adt%253DveryLow%2526alc%253DveryLow%2526dlm%253DveryLow%2526drg%253DveryLow%2526hat%253DveryLow%2526off%253DveryLow%2526vio%253DveryLow%2526ias-kw%253D%2526fr%253Dfalse%2526cheetah%253Dy%22%2C%22ppid%22%3A%2200000000ppidp6036343839195220452%22%7D%2C%22nonPersonalizedAd%22%3Atrue%7D%7D&widgetid=1
X-YouTube-Client-Version: 1.20220201.01.00
X-YouTube-Time-Zone: Etc/Unknown
X-Goog-Visitor-Id: CgtYVHFURl9hVHNXSSjiwvCPBg%3D%3D
X-YouTube-Ad-Signals: dt=1643913570835&flash=0&frm=2&u_tz&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C501%2C282&vis=1&wgl=true&ca_type=image&bid=ANyPxKorgyZ9Cj6mEasi25-WQPUP3G9XCuT3uM-1kbtjl0gy-84BBgndB_-4HDnx53opavRTYAakZIF8dO__tSKMg8S1qxEOFg

Response headers

date: Thu, 03 Feb 2022 18:39:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0

POST
H2 202 events Show response
jssdks.mparticle.com/v3/JS/us1-a9588c0ddc27594cabd152e47ffe27ee/ 41 B
286 B 54ms
29ms Fetch
application/json 2a04:4e42::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdks.mparticle.com/v3/JS/us1-a9588c0ddc27594cabd152e47ffe27ee/events
Requested by: Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-a9588c0ddc27594cabd152e47ffe27ee/mparticle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 3528263a1e7e21042453a4c3f4bbe06094d9aa73eb97874692c62177d94c9416

Request headers

Accept: text/plain;charset=UTF-8
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 03 Feb 2022 18:39:34 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1643913575.830230,VS0,VE16
x-origin-name: 7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by: cache-yul12826-YUL
vary: Accept-Encoding
x-cache: MISS
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 71ms
43ms XHR
application/json 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022013101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dea0d5132ee95121b30ed133899167bf59399162c6fdedcb215f046d40b2543

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 03 Feb 2022 18:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9793
x-xss-protection: 0

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame BA29 0
546 B 143ms
70ms Document
text/html 142.251.4.154

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.4.154 -, , ASN (),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 03 Feb 2022 18:39:35 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 03 Feb 2022 18:39:35 GMT
cache-control: private

GET
H2 200 ribn-postmedia.min.js Show response
assets.ribn.com/v2/production/ 13 KB
4 KB 57ms
17ms Script
application/javascript 2600:9000:21dd:c00:7:75d4:e40:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ribn.com/v2/production/ribn-postmedia.min.js
Requested by: Host: gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
URL: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21dd:c00:7:75d4:e40:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c81cab8c63d469329c0e0724770c6c8622f0d5d1fb8b6f919b6d7dddfadba190

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 20:25:39 GMT
content-encoding: gzip
last-modified: Wed, 01 Sep 2021 18:06:03 GMT
server: AmazonS3
age: 80037
etag: W/"baaa6497dd2dea88d8fdb6d6cca08cf2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2ef71b29bcfbfc8755cad5f92a3c329a.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
x-amz-cf-id: Qvp-fMcoZjqZ0c9EkKOd9uzFzslxVl2WsBfdDbVgcZFTiNkjGFjm6A==

GET
H2

200

cs.js Show response
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain

https://sb.scorecardresearch.com/c2/10276888/cs.js
https://sb.scorecardresearch.com/internal-c2/default/cs.js

0
349 B

21ms
20ms

Script
application/javascript

52.85.61.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol: H2
Server: 52.85.61.100 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-100.ewr53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:21:33 GMT
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
etag: "d41d8cd98f00b204e9800998ecf8427e"
last-modified: Mon, 01 Mar 2021 20:42:20 GMT
server: AmazonS3
age: 1083
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: EWR53-P1
accept-ranges: bytes
content-length: 0
x-amz-cf-id: OLZ0Rl3rSfLEvOlQHNsr4aK8Gnh_UzLYyIlrEmksuzWw0ka2qLlO_g==

Redirect headers

date: Thu, 03 Feb 2022 18:39:35 GMT
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-P1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: /internal-c2/default/cs.js
content-length: 48
x-amz-cf-id: BPEZNBgbfAU8cIB9PnhfvUEGdClrettSYRWAzmyMlZSUM8TAqyU8ZQ==

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 85ms
38ms Script
text/javascript 2607:f8b0:4006:80d::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022013101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 03 Feb 2022 18:39:35 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 315A 13 KB
5 KB 48ms
19ms Document
text/html 2607:f8b0:4006:80d::2001

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2001 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Feb 2022 04:31:21 GMT
expires: Fri, 03 Feb 2023 04:31:21 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 50895
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame B9B6 783 B
536 B 42ms
41ms Document
text/html 2607:f8b0:4006:81d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e64bc5d8275b9bb01415266454435954ab6323383c8ce3e799db97c916ee9e6e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-3qiynoW9L9IKkVm6CovGHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 03 Feb 2022 18:39:36 GMT
date: Thu, 03 Feb 2022 18:39:36 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-3qiynoW9L9IKkVm6CovGHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame B9B6 0
0 110ms
82ms Image
text/html 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022013101&jk=43440081178926&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 DhLxIvxe_zqkAVEA_yTUctP7nok4SIlUAmQRNhxnrsk.js Show response
pagead2.googlesyndication.com/bg/ Frame 315A 35 KB
13 KB 42ms
20ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/DhLxIvxe_zqkAVEA_yTUctP7nok4SIlUAmQRNhxnrsk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e12f122fc5eff3aa4015100ff24d472d3fb9e8938488954026411361c67aec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 02 Feb 2022 03:33:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 140742
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13595
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 02 Feb 2023 03:33:54 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 315A 0
9 B 19ms
19ms Image
text/plain 2607:f8b0:4006:80d::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?lIbsbw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2001 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 03 Feb 2022 18:39:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 85ms
84ms Image
image/gif 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022013101&jk=43440081178926&bg=!EBOlE1fNAAYZkRhwGZE7ACkAdvg8WvAq6vjDGMuhnPqv2RjvOQuf0_51qedevCg1_N3JvuBwp7vrJAIAAAB5UgAAAAJoAQeZAtsHbqqaX2WvLwQ1vWLHtsMs2AJKqJEhexA3HZa57bDtNHrAqGLPyIIyOAyxLo6UaWVDa6jSWEVprrdlD-zhBawRgTyoHwSgc6DDUsFm-MgbeEVR9S70rw8k_Cx75kKrGbSTo0NdynDn6Z94glGgNwcea_KLet-iBLCrzK6wo04Rzf3dy-oHBIj76zaJKsUaGbOgb9WdjA0jrbbQMwnXxQEQkZPZ44fGDGVILbnxn2BQVJiP49wE2k6Giow8L6iRYcB4pNtF7v7xtEk4Y_cJfKHnxdI7pP926F5x6Rha8yHI4KHqOKmUcTIzgue9J6xVPsV0LkuiXFbXyb0Kyu5j7S5FYuzD1hUfFeFJA0p2f4KHrPbmTtJU214oSWsENSTcjp2v42X_-ciJ8t2iuma3SFhIjv8ZE0pLeHflHPa1TNc4E0MWoD8XZYSBlJKzYPvwMBr1ipNcw6tngbJuvdnGoy52e166N4stKnXXmZFOY4FYlUQbUdxuDJ6jJrgjKuXZbivj47pyvDP7CnCrAa1NjoM7cp6BSq1A4mOqgP_23AOg6TuUn84yY5diaejdBBG1mKOqzW2ZJZ85p_Lle6VI__n2WVHXwBDz7TBl8aZy6oRcpJKG6-_FsJEEYxg8tlAbZXKRQwmZrQipP3v-gHbtPLjrfdRhNe2ygBqcu5k-IquTS0b7y-0bzshvgrCwdlrfdDmCJ5iZX9ZE_kWKNkiTnlzA_ehwcv0Ei9gdAVeL-QqkwF36QteQo5_qyUcShb_-0IMpN3zlQ0Dqw98Ua45aEfQeL_MPfXKZSvDmP2URTyfcxuzhKBPNiMO8oKmoPufcCP6Nhk1VThWH0Nj-9ryXF5l18-puNtXmSOABIcdq8Oh1U-73dKIreT7xnMstQo6hN0OXy1fWkcb8bp0t70qNuOBblaSaxXjYC2qbpcsTZdH3g3MCHFNhqJpRr49Cd1d9qPDFuhludbHpi1T47A

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ 43 B
215 B 77ms
76ms Image
image/gif 52.43.241.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=928934&asId=942bcfc6-e00e-27f2-3016-bf819856966e&tv=%7Bc:3bvd4j,pingTime:5,time:5269,type:p,clog:%5B%7Bpiv:100,vs:i,r:,w:300,h:250,t:163%7D%5D,es:0,sc:1,ha:1,fif:1,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:5269,o:0,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:i,t:163,wc:0.0.1600.1200,ac:650.108.300.250,am:i,cc:650.108.300.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5123~100%5D,as:%5B5123~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:true,e:,tt:jload,dtt:85,fm:sWp7Ots+11%7C12%7C13%7C1411%7C14121%7C14122%7C14123%7C1413%7C1414%7C1415%7C1416%7C1417%7C1418%7C1419%7C15%7C16%7C17*.928934%7C171%7C172%7C18.928934%7C181%7C182,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=u
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.43.241.68 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-43-241-68.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 03 Feb 2022 18:39:36 GMT
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

Verdicts & Comments Add Verdict or Comment

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

102 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/	1970-01-20 00:48:38	Name: x-id Value: {"data":{"id":"97ip4wrw33ac051ykzdznw8vdfkx1n2oeg3pb2xgx","updated":1643913569469},"exp":604800000,"ts":1643913569503,"mac":-930767246}
d395dw5zk780j2.cloudfront.net/	1970-01-20 00:48:38	Name: x-id Value: {"data":{"id":"97ip4wrw33ac051ykzdznw8vdfkx1n2oeg3pb2xgx","updated":1643913569469},"exp":604800000,"ts":1643913569809,"mac":-930677687}
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/	1970-01-20 00:38:33	Name: __adblocker Value: false
.postmedia.digital/	1970-01-20 02:48:09	Name: _gcl_au Value: 1.1.885379829.1643913570
.scorecardresearch.com/	1970-01-20 17:55:21	Name: UID Value: 1FD7f4d1579da8f5f0e7ab61643913569
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/	1970-01-20 00:38:35	Name: sailthru_pageviews Value: 1
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/	1970-01-20 00:48:38	Name: political-ad-opt-out Value: {"data":false,"exp":604800000,"ts":1643913569949,"mac":-51600198}
.postmedia.digital/	1970-01-20 09:24:09	Name: mprtcl-v4_767FC2FC Value: {'gs':{'ie':1\|'dt':'us1-a9588c0ddc27594cabd152e47ffe27ee'\|'av':'1.0.0'\|'cgid':'68f9cbce-63b0-4b2b-8471-50c22143decc'\|'das':'e86e8906-61f1-4b7b-83d1-6c48b2ff3a33'\|'csm':'WyI2MDM2MzQzODM5MTk1MjIwNDUyIl0='\|'sid':'FE12755F-3316-4AE8-B7F3-6F4A44E44CDA'\|'les':1643913569980\|'ssd':1643913569672}\|'l':1\|'6036343839195220452':{'fst':1643913569788\|'ui':'eyIwIjoiOTdpcDR3cnczM2FjMDUxeWt6ZHpudzh2ZGZreDFuMm9lZzNwYjJ4Z3gifQ=='}\|'cu':'6036343839195220452'}
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital/	1970-01-20 09:24:09	Name: sailthru_visitor Value: 27fb6fdf-1b66-4d72-8471-85d8e587239a
.amazon-adsystem.com/	1970-01-20 06:24:09	Name: ad-id Value: A1UTIRMarkufl5plnvToBKE
.amazon-adsystem.com/	1970-01-21 21:50:04	Name: ad-privacy Value: 0
.creativecdn.com/	1970-01-20 09:24:09	Name: u Value: xUEIGQJkcDf2qE0ogw9C
.creativecdn.com/	1970-01-20 09:24:09	Name: ts Value: 1643913570
.yahoo.com/	1970-01-20 09:24:31	Name: A3 Value: d=AQABBGIh_GECEKt35nxwck0-loEneX6l4ewFEgEBAQFy_WEGYgAAAAAA_eMAAA&S=AQAAAg26fRqQAvAqDxBXH1VW2Ws
.rfihub.com/	1970-01-20 10:00:09	Name: rud Value: H4sIAAAAAAAAAOMSsjSzMDAzsjAyNzG2NDE3NjExE-Iz1C3ODzXyNYvIiUopKJTiNTQDShoam5obGJmaAADDjqKjMwAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSsjSzMDAzsjAyNzG2NDE3NjExE-Iz1C3ODzXyNYvIiUopKAQAYV4PQSQAAAA
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: lLolHLnTAKM
.youtube.com/	1970-01-20 04:57:45	Name: VISITOR_INFO1_LIVE Value: XTqTF_aTsWI
.sharethrough.com/	1970-01-20 09:24:09	Name: stx_user_id Value: 535ebeb1-027e-4430-8e62-97a04a64c695
.analytics.yahoo.com/	1970-01-20 09:25:35	Name: IDSYNC Value: 191l~2316
.bidr.io/	1970-01-20 10:07:03	Name: bito Value: AACLsU7D-EMAAHY9n1tp7Q
.bidr.io/	1970-01-20 10:07:03	Name: bitoIsSecure Value: ok
.linkedin.com/	1970-01-20 02:48:09	Name: li_sugr Value: 6ec484a4-de35-48f1-9bdf-9ce3d94e1a73
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 18:10:27	Name: bcookie Value: "v=2&c4fe3ac1-4861-473a-8714-eec3f367271b"
.linkedin.com/	1970-01-20 00:39:59	Name: lidc Value: "b=OGST01:s=O:r=O:a=O:p=O:g=2621:u=1:x=1:i=1643913570:t=1643999970:v=2:sig=AQEHSdhLqctUEGH34JpqJE3VHSBxkQAa"
.krxd.net/	1970-01-20 04:57:45	Name: _kuid_ Value: OpBH9njA
.twitter.com/	1970-01-20 18:09:45	Name: personalization_id Value: "v1_EZctzkFfUIArYsmbw7wrsw=="
.t.co/	1970-01-20 18:09:45	Name: muc_ads Value: 89440413-9086-4fa3-8c2d-6cf361ef6961
.postmedia.digital/	1970-01-20 02:48:09	Name: _fbp Value: fb.1.1643913570425.840437524
.linkedin.com/	1970-01-20 01:21:45	Name: UserMatchHistory Value: AQLBfPEPEbcMLAAAAX7A4mieVihs_vX9cRvx2FlFEt0bUr3Pgceq3cROrf8CGqBIPHBFMlf9bFugiA
.linkedin.com/	1970-01-20 01:21:45	Name: AnalyticsSyncHistory Value: AQILI_Ge0ZzLFwAAAX7A4mie-BLzAECPj6ODpwke1i4rqybyOUNv3zyZr_biWEx32Qr2rBGd8N3ul4A-eWMNQg
.openx.net/	1970-01-20 09:24:09	Name: i Value: 8e5832d8-b906-0929-0e2e-4bf9e9b8c7dc\|1643913570
.adnxs.com/	1970-01-20 02:48:09	Name: uuid2 Value: 2397535159472849228
.facebook.com/	1970-01-20 02:48:09	Name: fr Value: 0btcG7CVpibEbDwhV..Bh_CFi...1.0.Bh_CFi.
.3lift.com/	1970-01-20 02:48:09	Name: tluid Value: 585957761931012015200
.lijit.com/	1970-01-20 09:24:09	Name: ljt_reader Value: 44ba39cfc1b88df61a801ccd
.openx.net/	1970-01-20 01:00:09	Name: pd Value: v2\|1643913570\|vMgakWgyiK
.doubleclick.net/	1970-01-20 18:09:45	Name: IDE Value: AHWqTUlE0sAd6nu4G1feY4VFu5QgFlpp0Sp7bevLtzQE4tid9RstaqolSeg5SVy7iO0
.lijit.com/	1970-01-20 09:24:09	Name: ljtrtbexp Value: eJyrVjI1U7IyNDMxNTQyNjQ30FEygvCNLU3NzEF8QwM0eXMwHyhgYQzimxgjy9cCAJX9EDQ%3D
.casalemedia.com/	1970-01-20 02:48:09	Name: CMPS Value: 469
.adsrvr.org/	1970-01-20 09:24:09	Name: TDID Value: d534b263-5dde-4c14-ba5a-876c938f2180
.mathtag.com/	1970-01-20 10:04:28	Name: uuid Value: 8f1e61fc-2162-4900-902b-e4ff76eedd0a
.districtm.io/	1970-01-20 01:04:28	Name: _dm_uid Value: eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJzaWQiOjEwMDAwLCJ1c3IiOiJxZ2E0QWJJR0d6STBZbmxTUkhrek0yaFlNblJqY1hWYU9XSTVTMmRMYUhrMFNMb0dHd2lwVGhJV1FVRkRUSE5WTjBRdFJVMUJRVWhaT1c0eGRIQTNVYm9HQXdpcVRyb0dHUWlyVGhJVWVGVkZTVWRSU210alJHWXljVVV3YjJkM09VTzZCZ01Jcms2NkJnTUlzRTY2QmhjSXlFNFNFamsyT0RBMk1qZ3lOelF6T1RRM016UTBOcm9HTVFqSlRoSXNlUzFWYkV0VlUwNVdSVEoxUms0eE5YTTFVMGQyVjFsb00wTXlOMGcwZUVsVWFVNXZaR00wTkVrdGZrRT0iLCJpYXQiOjE2NDM5MTM1NzB9.8Woh5YhWL-lJrYo13XZPZ9quoPMvTPGuJUPHCW1wVN79LGglI_4Nzc5TP9MT6gsOH6UHfHyg7ocS6PS1NhAJIA
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 18:10:27	Name: bscookie Value: "v=1&20220203183930cc3b00a8-4ed3-4d8a-8555-a0084f22469aAQF_NUWp8QQdXXmM5_Y56L-y0-hpFMyz"
.casalemedia.com/	1970-01-20 00:39:59	Name: CMST Value: YfwhYmH8IWIA
sync.srv.stackadapt.com/	1970-01-20 09:24:09	Name: sa-user-id Value: s%3A0-6f3d51c3-5004-4b43-6120-db05ac4a15ba.oha0P1FKcd2OQz58edIV%2F5BTR2hDRVWg0VxQrV2%2B65g
.srv.stackadapt.com/	1970-01-20 09:24:09	Name: sa-user-id-v2 Value: s%3A0-6f3d51c3-5004-4b43-6120-db05ac4a15ba%24ip%24149.56.153.187.Rb0ntI1TYVfbHIZ28KiOUCVU8sQ%2BZdgyBndJs7Z6hOo
.rfihub.com/	1970-01-20 10:00:09	Name: eud Value: H4sIAAAAAAAAADvEyGtoZmJsaWhsam5gZm7aJIjENzI1AQBK05kmIAAAAA
.agkn.com/	1970-01-20 09:24:09	Name: ab Value: 0001%3A%2FpG6xPXWqWuYplN2iezeA93R0JYqzHbg
.ml314.com/	1970-01-20 00:38:33	Name: u Value: aHR0cHM6Ly9jZG4ua3J4ZC5uZXQvcGFydG5lcmpzL3hkaS9wcm94eS4zZDIxMDBmZDcxMDcyNjJlY2I1NWNlNjg0N2YwMWZhNS5odG1sIyFreGNpZD11dGh0eG1kZGcma3h0PWh0dHBzJTNBJTJGJTJGZ2NwLWNoZWV0LTQ2MzItb250YXJpb2Zhcm1lci5nZGV2LnBvc3RtZWRpYS5kaWdpdGFsJmt4Y2w9Y2RuJmt4cD0=
.ml314.com/	1970-01-20 09:24:09	Name: pi Value: 3624884529290805302
.casalemedia.com/	1970-01-20 09:24:09	Name: CMID Value: YfwhYlBla4vvqMN87eREJQAA
.casalemedia.com/	1970-01-20 02:48:09	Name: CMPRO Value: 513
.openx.net/	1970-01-20 01:00:09	Name: univ_id Value: 537072971\|d534b263-5dde-4c14-ba5a-876c938f2180\|1643913570698437
.pubmatic.com/	1970-01-20 02:48:09	Name: KADUSERCOOKIE Value: 23C78D8A-DA97-4FAD-8138-2A3B325854B5
.pubmatic.com/	1970-01-20 02:48:09	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 00:39:59	Name: pi Value: 156011:2
.pubmatic.com/	1970-01-20 02:48:09	Name: DPSync3 Value: 1645056000%3A201_197%7C1644451200%3A164%7C1643932800%3A174
.pubmatic.com/	1970-01-20 02:48:09	Name: SyncRTB3 Value: 1645056000%3A220_21_13_22_54%7C1644451200%3A2
.quantserve.com/	1970-01-20 02:48:09	Name: d Value: ECMBDQGtJd-owQA
.quantserve.com/	1970-01-20 10:08:47	Name: mc Value: 61fc2162-b2e90-29557-761f8
.bidswitch.net/	1970-01-20 09:24:09	Name: tuuid Value: dccf4511-a5cd-4f33-9c8c-7b158fbd479f
.bidswitch.net/	1970-01-20 09:24:09	Name: c Value: 1643913570
.bidswitch.net/	1970-01-20 09:24:09	Name: tuuid_lu Value: 1643913570
.lijit.com/	1970-01-20 09:24:09	Name: _ljtrtb_10 Value: 968062827439473446
.lijit.com/	1970-01-20 09:24:09	Name: _ljtrtb_27 Value: d534b263-5dde-4c14-ba5a-876c938f2180
.rubiconproject.com/	1970-01-20 09:24:09	Name: khaos Value: KZ7BP1AX-1N-HW1Z
.lijit.com/	1970-01-20 09:24:09	Name: _ljtrtb_43 Value: ZlYcm2JWTMp9BUidaVdXymlST899UEzJNl8UtJK0
.adform.net/	1970-01-20 01:18:52	Name: C Value: 1
.adform.net/	1970-01-20 02:04:57	Name: uid Value: 8417904000596652597
.pubmatic.com/	1970-01-20 01:21:45	Name: KRTBCOOKIE_377 Value: 6810-d534b263-5dde-4c14-ba5a-876c938f2180&KRTB&22918-d534b263-5dde-4c14-ba5a-876c938f2180&KRTB&23031-d534b263-5dde-4c14-ba5a-876c938f2180
.rlcdn.com/	1970-01-20 02:04:57	Name: pxrc Value: COLC8I8GEgUI6AcQABIFCOhHEAA=
.turn.com/	1970-01-20 04:57:45	Name: uid Value: 7300976281851386186
.simpli.fi/	1970-01-20 09:25:35	Name: suid Value: E3F515BC34A04FE9B59C9D99074FC859
.1rx.io/	1970-01-20 09:24:09	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005%22%2C%22nxtrdr%22%3Afalse%7D
.pippio.com/	1970-01-20 09:24:09	Name: did Value: fbOITY7-_l3W-Fg5
.pippio.com/	1970-01-20 09:24:09	Name: didts Value: 1643913570
.pippio.com/	1970-01-20 02:04:57	Name: nnls Value:
.pubmatic.com/	1970-01-20 01:21:45	Name: KRTBCOOKIE_22 Value: 14911-7300976281851386186
.lijit.com/	1970-01-20 09:24:09	Name: _ljtrtb_26 Value: dccf4511-a5cd-4f33-9c8c-7b158fbd479f
.mathtag.com/	1970-01-20 01:21:45	Name: mt_mop Value: 9:1643913571
.adsrvr.org/	1970-01-20 09:24:09	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwje9K7E0dOzOhAFEhYKB3J1Ymljb24SCwjq6uHG0dOzOhAFGAEgAigCMgsItvP08efTszoQBTgBWgthZGNvbmR1Y3RvcmAC
.pubmatic.com/	1970-01-20 01:21:45	Name: KRTBCOOKIE_80 Value: 16514-CAESEFp4ClLuyDAF2-3_33jJ4mQ&KRTB&22987-CAESEFp4ClLuyDAF2-3_33jJ4mQ&KRTB&23025-CAESEFp4ClLuyDAF2-3_33jJ4mQ
.pubmatic.com/	1970-01-20 01:21:45	Name: KRTBCOOKIE_148 Value: 19421-uid:E3F515BC34A04FE9B59C9D99074FC859
.doubleclick.net/	1970-01-20 00:38:34	Name: test_cookie Value: CheckForPermission
.postmedia.digital/	1970-01-20 10:00:09	Name: __gads Value: ID=9aa22c5d1ece99d2-226baa17a7cf002a:T=1643913570:S=ALNI_MbBUYd42n2WSiNYdKFuS0-CXrKMMQ
.adsymptotic.com/	1970-01-20 02:48:09	Name: U Value: c2033ce5991c705ea3f3291e722f7f64
.pippio.com/	1970-01-20 02:04:57	Name: pxrc Value: COPC8I8GEgQIAhAAEgYI7OsBEAA=
.targeting.unrulymedia.com/	1970-01-20 09:24:09	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005%22%7D
.rubiconproject.com/	1970-01-20 09:24:09	Name: audit Value: 1\|We8Mu72mTuw6RdkkDcsaxdik9LlasUUPEjJAktHul9keECEUBMheikdV7z6Moq92PIw6JCMSuFfqFTrNE4+z9kqVaHlG5SlgpmvllXEtYN4=
.lijit.com/	1970-01-20 09:24:09	Name: ljtrtb Value: eJwVyr0KAjEMAOB36WygbdI2cRRcTnTR829rUwvCHTi4qPju1vn7PsZHszRVtVFwDnLQCtQQQZQVUnGBW6mUpJmF8el%2FA1LxESHUegNSR1ByyMApqiA379j262y%2FEtlGzz4RCiUkil0Iu1yni85%2BOB22D1mN95qP9fyap%2F2BRcb1e9hNPD6HjTXfHyK%2FKpM%3D
.lijit.com/	1970-01-20 09:24:09	Name: _ljtrtb_56 Value: RX-a6cfd350-7dc5-4165-a719-5d7c884a451e-005
.linksynergy.com/	1970-01-20 09:24:09	Name: rmuid Value: d70c878c-5e9f-4717-9c38-efbf6d44241f
.linksynergy.com/	1970-01-20 09:24:09	Name: icts Value: 2022-02-03T18:39:31Z
.rlcdn.com/	1970-01-20 09:24:09	Name: rlas3 Value: 4GEzHhXOPCGE33VI9tH6N0ucSfleAg8PBUR2mGV67Mg=
.pubmatic.com/	1970-01-20 01:21:45	Name: SPugT Value: 1643913572
.everesttech.net/	1970-01-20 09:24:09	Name: everest_g_v2 Value: g_surferid~YfwhZgADgQ1y8ABH
.pubmatic.com/	1970-01-20 02:48:09	Name: KRTBCOOKIE_218 Value: 4056-YfwhZgADgP1xSwBH&KRTB&22978-YfwhZgADgP1xSwBH&KRTB&23194-YfwhZgADgP1xSwBH&KRTB&23209-YfwhZgADgP1xSwBH
.pubmatic.com/	1970-01-20 01:21:45	Name: PugT Value: 1643913574
.pubmatic.com/	1970-01-20 02:48:09	Name: PUBMDCID Value: 2

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 71) Message: Unrecognized feature: 'attribution-reporting'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-full-version-list'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network	error	URL: https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=8f1e61fc-2162-4900-902b-e4ff76eedd0a&expires=28 Message: Failed to load resource: the server responded with a status of 422 (Unprocessable Entity)
network	error	URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEB5BgrgZe2tsL4LcUP-0u8U&google_cver=1 Message: Failed to load resource: the server responded with a status of 422 (Unprocessable Entity)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
ad.turn.com
ads.pubmatic.com
ads.yahoo.com
adservice.google.ca
adservice.google.com
ak.sail-horizon.com
analytics.twitter.com
ap.lijit.com
api.sail-personalize.com
assets.ribn.com
auth.lrcontent.com
beacon.krxd.net
bid.g.doubleclick.net
c.amazon-adsystem.com
c1.adform.net
c5067f650385d0f70f33b1b0646d80cc.safeframe.googlesyndication.com
cdn.adsafeprotected.com
cdn.districtm.io
cdn.krxd.net
ce.lijit.com
cm.g.doubleclick.net
connect.facebook.net
consumer.krxd.net
d395dw5zk780j2.cloudfront.net
data.adsrvr.org
dmx.districtm.io
dt.adsafeprotected.com
eb2.3lift.com
eus.rubiconproject.com
fem.prod.postmedia.digital
fonts.googleapis.com
fonts.gstatic.com
gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital
googleads.g.doubleclick.net
hb.districtm.io
i.ytimg.com
ib.adnxs.com
identity.mparticle.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
jssdkcdns.mparticle.com
jssdks.mparticle.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
ml314.com
p.adsymptotic.com
p.rfihub.com
pagead2.googlesyndication.com
pippio.com
pixel-us-east.rubiconproject.com
pixel.adsafeprotected.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
px.ads.linkedin.com
px4.ads.linkedin.com
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
smartcdn.gprod.postmedia.digital
smartcdn.prod.postmedia.digital
snap.licdn.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stags.bluekai.com
static.ads-twitter.com
static.adsafeprotected.com
static.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
t.co
tags.rd.linksynergy.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
us.creativecdn.com
usermatch.krxd.net
www.facebook.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.linkedin.com
www.npttech.com
www.youtube.com
x.bidswitch.net
yt3.ggpht.com
104.16.68.69
104.18.98.194
104.244.42.3
104.244.42.69
104.36.113.17
104.36.115.109
104.36.115.114
104.76.100.229
107.178.254.65
108.174.10.14
13.225.230.62
13.33.46.5
142.250.65.194
142.250.80.34
142.250.80.66
142.251.4.154
143.204.150.85
151.101.66.133
151.101.66.49
169.61.103.241
18.213.185.73
185.167.164.42
185.184.10.30
199.127.204.142
199.232.36.157
199.38.167.129
2001:4998:1c:800::1001
209.54.180.144
23.221.203.12
23.50.66.244
23.52.162.21
2600:1400:9000::687e:74bb
2600:1f18:4e9:5a02:5944:263c:7447:bef1
2600:9000:21dd:c00:7:75d4:e40:93a1
2600:9000:2209:5200:8:f216:eb80:93a1
2600:9000:2209:6400:8:48e:53c0:93a1
2606:4700:10::6816:49e8
2606:4700:3032::ac43:c0b6
2607:f8b0:4006:809::2002
2607:f8b0:4006:809::2003
2607:f8b0:4006:80a::2001
2607:f8b0:4006:80c::2002
2607:f8b0:4006:80d::2001
2607:f8b0:4006:80d::200e
2607:f8b0:4006:80e::2002
2607:f8b0:4006:80e::2016
2607:f8b0:4006:816::2002
2607:f8b0:4006:81d::2004
2607:f8b0:4006:81d::200a
2607:f8b0:4006:81e::2003
2607:f8b0:4006:81f::2008
2607:f8b0:4006:820::2003
2607:f8b0:4006:820::2006
2607:f8b0:4006:822::2006
2607:f8b0:4006:823::2001
2607:f8b0:4006:823::2002
2620:112:f002:bbbb::21
2620:116:800b:21:44af:4f54:8af4:5563
2620:1ec:22::14
2a03:2880:f03a:1c:face:b00c:0:3
2a03:2880:f13a:83:face:b00c:0:25de
2a04:4e42:400::645
2a04:4e42:600::645
2a04:4e42::645
3.218.90.66
3.94.164.110
34.149.157.221
34.233.34.144
34.235.23.231
34.95.11.30
34.98.67.3
35.190.60.146
35.211.178.172
35.244.159.8
35.71.139.29
52.223.40.198
52.43.241.68
52.44.16.134
52.44.19.43
52.85.61.100
52.85.61.107
52.85.61.89
54.166.244.71
54.239.200.177
63.251.86.49
68.67.179.153
74.121.140.14
75.2.40.13
8.28.7.81
8.28.7.84
8.43.72.97
8.43.72.98
0540f52a4827b5be2b2c6625d6c84e4bc8048d9a4ad44bc810282870b404a9ec
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
081417696c4bc8c61ab42ec11a63db18893fa9372a66935c5492d931f4aebfc9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b93db8d9084f4d447ad44bc0517ae517c735507636add991dcfa41aac220127
0ca367a40b39037858a2dbfc221129b3f620a7a35731880c725369a9671863d2
0e12f122fc5eff3aa4015100ff24d472d3fb9e8938488954026411361c67aec9
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f9e987aa32b5f14ee8d1ad30f740d53f71be9750a3d9e071c15b27e60276cc7
0fbc907061b6169dcb1fb510d8e037414886f7c2d0782747392db7c423b89116
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1497c2deda8954f8b1eb298e6d80fd5a025c55bf3c679ea7c99dfbac50b4103a
1c2472bf7ed7e83825289620248f5b88650b428174bff537d406b2f6193d29ce
1c7929483b2a6f636559247768b455c4556fda7e90825ff99da20540673e0228
20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394
2153b9a94411b62360fb95abaaff9a1d96a02287ff07e819c649ae1efa06cc01
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23c319aa222079e7f42123fbaf8ccbca3e6b9c185c7320406e606701dd54b4e0
23d00276404c2322c5d3bb27f5e930b67f81bc964189b36b028ab1521a5929db
257c9947bb8a45c4a0519f4ddc8769ecc7f889e268a046b0f05c17dfc7912eee
26b263e4a0664acb1a410735c4e951a72a086cd4b9e4e9b0b03ab00922873dbb
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2cca8cb38d69c0af42eb4fee218ac47b89e8977f3c862163f6814184be06c8dc
2f28c008f0ce667d697ccc95a07377e8562c0c28dd910f864724a265f75671e4
300b9ba11e041384aafe746b81adbac891f04890e6d71728d572df9073610076
30728e5014c972fd0088fd844154b0aa6459f7d647eacca295f1e9815fa1833d
33c7fad22eb2a4a9f47410052ddb22d4406cb030b00853e46fe8a1852e3b5e2d
342934f269e2f27d57cdd65c0d15647e3c35d9efee906d357cf793de944c5f9e
348180de8ed0528db1aee2b84174dcbe296baf2df1048a6f8d405181f4c3861d
34c4351e0ce42542bb0657355bfd91b4cb376ffce3bfc7de9ab1be8652124e3e
3528263a1e7e21042453a4c3f4bbe06094d9aa73eb97874692c62177d94c9416
352bf16f1da51fd78d09e074022f434e41ad55934cc57f880826c1b413cc3c96
364b573c8a6a65afef0815247a4caab0fc85190796141e0dd3166f9d5e7ced62
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b
39874e19af66fa05a8e943e773c81187cb7437bb3cb0076df6defb9381d32911
39a95bd7f8ff911c8a36dc1ae3b37f85d4684fd3897ab3df6dca5f8c3cd9b422
3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9
3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fde76cacc186420d0405496f66f9cd00a7c14a38a9ffa4b626a09affe83cc2a
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40e562e806ce113ae7879d0dd76db82797b5c274794751c260381f2c8b283641
42cb48fcecb9f09d629e736d1ca8a7eb9c37c8e493b140d071fa92396897b333
42d28b968b79182a5ce39cb1bfb0a1f62441f1fb1a5d233162712097967aa6cd
44ee31a43035a097d99b0ea6399a42b3432b50f0e789bc77cc47caa49df43d7b
460e88a4766bbe07c7bbfb9a70cbc39d4fc1324d7c78ff192568e6b415c1cab4
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
473a882fe873abbe0425cd52ded4b389a3153e121cc5b39c1dc14e9596a5edad
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4910659dc839049030cd900a2fba16b8b73872cbdc04bf71c494b0c0512edef4
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4a2626d3d017ee97d1a7027e3d28781aaddb186b9c528f7c47458d4ae54b0d75
4cd5569d623057358d654a947acd904f2533bc60992bd6a9b72da8387a1b56c1
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f4bdf7aa613f511c93f9b188225a3524b04072394730c9c5e577bebdba2981e
509e4a5df0a650cb0afa2e1ea2dd9dddc4cb568e241b12c262ee1b6b9e8832cd
51b040406d51fc17fbdc3226dc0cf7d791a37c980e42ded92369c9ba5ccd8bf1
5286b4ae41046359ddfc4ed21d9371d4a74289e4cd9ba2491fec19f914bb0dff
543c46a50d60a9c177d4b3e204a236e9a096a0c13661ebef579443a5d2b8a032
5509db569f40fcf92ae04e040e67bf4e1452df01479d28a6a257459ff6153090
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5853621d02d975fba45c91907a09fec43c635c608a30f31ecd9b85342693b41d
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
5bfee1a430ede5828fcb00547e58f4121e6758b35517b4ee1b5387067a2e65e9
5c667e02e94345d394e84e0050a7fc842eef03b1afe6e8b06f75afcb72dbb147
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
60bc2c8f43a8beb37b3522f68592595265d39bfcfefffadb27491f262e168c00
61a9435112cb68acc5f8da27798416ac4082a71a8ee5d392fb39c30185e4bc73
61aa815692e9edf603f12550ad0976ccde355df6e118e42f018a691738997d40
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6590b84c9dbfba3a76bf7e4a69031f151271bad37a2c32bc24b766de799b22df
67418c9d1b786534118b4fe691ac5ad8ebc7d9c0679c3e528ea29908b2609f48
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c
6c3223c27067f54618683e5fdfe83536907b179e81ed9a39873aa8b8140c05f2
728963de62d8aa3c97c44cecd4c4cc716a5104e698562b3ee4a596087724c060
740a9e7b3db299d6c5d2013418c00c437d768f4097e5d74f6c58db38cc431e28
740d0e2ab785d5697336ecd812e6c6fb5547e741ab78204d93023d08bd274ecd
740d6650b6c1542e1cbf0824a10fa78571dc070185c080d6aaeab048900fb4cc
74a8b34ddd37ba93b4c8198cebbc858c098de1effdddd63eebf9009d55cc53c0
7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b
758049ebc8def60e9f2321b3e9a478169df806ef8b3fac32d4612268756fa1ff
76a237b880fbfc8ac655e91dcf5c9af3b44ccc506c69328409b4047d72519eea
76e60aca1dbbfbd15f47eddbf9724cffb0b6984b503c7bfdd5b8b3505ba6f579
7720a0f40d088f144d749c07f075b8dfdc84afd25900a59045fe6c29d0fc5090
788d8f059102a07fd4202528e8debfab55072c0123aa1bae786dcc97b0f12aa5
7a8eeaf2b963d18188f07f3e78982938224c9e58b5fab050989e51cbf44a3d6c
7baa57ed1f3c6946b39dd8339b79b28f37b605603eb990d615b2804d16f091e1
7e1aca3fabf1b9a4f0ac9d60cafde446f0b560a3d44ebf31664883f4e21e175a
7fb15552a88b764ca42963e71136255cecf99c6bccc6fdc68fbe0f930a516cb7
80e9b90d32a294251cbec3aa3402fbd9c560100a23484d7947fd61e1faf5740e
8142b2237bdff3c25b7330280c3e49d854a6ebabdb5b5cb15e3ef6987016a4da
82b89ed3521ceae654e81e6b5d453c0c73abf4fce788f7f55dc92cc1b0b39551
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8638ec50e9819468bde0e186fd824072ea0944ef09ffe6f3060996adcd0027d3
8beb132a751bf7fdfd70084935bcd73065ba507d0210fe7b2365d19941a81bcf
8ddf9e8fa96d1bbbeaf292ca94fc082dde61e4a6be90c87f8b2609fd88edbd4d
8efc268132d526206d433febe50d279a657513bcf23a6b6a527f84811c6ba6c8
9008ac843d4735e349bdde45c352caeb6d5c1517622730fa602d6b56cf5e4b3a
9034335635758d7a2b0d8f6f94a42f45ca55f3a87ed38929c7ab89800036e708
975a64dc9bbc5e1884ba8ca2e76d9b2791d16d5c9f3619bf30477cd21a8636d2
97ebbb14c84d4682c8097790b33367c3a0614d1775bc8eb76b194e8c94262b3d
97f021d21f4c6ecb256ef53df152984ad47d4fa5d9b013223454abaccb92814a
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9b487e6390458c38b99abb6215507b8bd25f795dbaf1e24d233ddd5c51d295a5
9c7065338651c8d13e687d70c3ef6554dffb26d6e534eaad58e090481d30e5d6
9dea0d5132ee95121b30ed133899167bf59399162c6fdedcb215f046d40b2543
9f8cb9f43f4f58bce85c8132e429a21d46e590f1f18d1baa51c95be0202e3632
a1a9324c503cc885e5bf568d8c5de12c34c0adc3a4990d547a4514179108badd
a1f4086973dc8059c20b2a680c1e4cfae4069ff3a4a063a297bbcd9281115dab
a22c497288d6b312171de3df8ed00831f34a76a52384c1ba9d504e11c98a5f21
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a29b8bab5f1f800a0d2b9c2c0d04c5b4d6fdaaed46a77b5585debcf250791910
a43daa7f7b51b472b7b657134f86414bfbde762ce8828a9a66f57a0c22db4152
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a567b1ffaf953d8ca0adfdb0fd41a41412b1d21ae5bc6bb97fc3c78ece50851a
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa8c4f5924fd06cbaf5c65fac729f0c3207d1f70534b07fc0915948c41b29d6e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ace66f2f5329389d486ce5840303022ad069e1334c9ed0337ca5ae818e54abec
aebd50af0cd8da2f314a52e2088788775d1a441bd674ef9379578e7bc1b5ad50
af292e1466b0f8d0784fbda9e2be89d26c77262d4eaa7a929ea23390ccd75a0a
aff5a2888286377101d3810961faad47bb503044e86361bb29c9d23b6b835912
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b21513c597a3fd59b0b8a3b8908f1f44aad53257a4cf5a133f823eb342b4e4ad
b40fffdca8df7dcf6a825dc35de6f3ee8bca5119730c8938e77e805d8016cb78
b445a1ed94ec142111c5c789164b0500ee0a2c180bbb371e2bc92c026532eb58
b6450083a5b47788232fbe8dbf4ef3f900984519e23585b78d082e9f41109a1b
b9738f13adcd8289b20f18e91fcdaf4c90623de14a712b74f0d6ee0a14de4e5c
babd8f0ccc810b71cdbb5bec594ae60fc84f3f7993613d9fb90393bb634db2be
bed79e22634d48c6e53d084c7dc1ac8e7ed34377df61478f7020d89248124ea1
c1add651533632e1df172984928eaa70fffe35b711e79ad8088727c97736b788
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c51a4086e332a8b351790a53582dbba5bd78b7a1f021b829d93da3ad59ca575f
c5bfe7e837984f45a4b301978ceb06a03fea2e60a15b937d99fd5b30d6ae9946
c6d4675d324e5b40ed5fe0f15dfc55855a7d6389232ce7c981062d99b80d366c
c7360a9b46fde11845b3090ca0034fb409d92398a71f3ae15fac3a2fa29ae6cc
c744ae835cf93919e5f0b89bf9937fe8af5d5fb5e4846ca19e42f758a6133986
c79b934a9c7a6bc11a607c6d514b088f7da1145f4a8cfaf237bbdd149c0a13d4
c7fe56ebfebd6a0305378558f2cfe9265f3f2324efa9036451f6c729ad349c5f
c81cab8c63d469329c0e0724770c6c8622f0d5d1fb8b6f919b6d7dddfadba190
c97a6c5363ec1db5ca67dc9e19eecca3f81dbc0480a1db8b068a10426be24493
ca157b8a9c98a19c0446a974ea642d13e3b3398f328d312fd474df9f63c45fe9
cc3cc0865aad29753640bd3cfee8f49521946b2c5867aea60616ea09b15f599e
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf
d3a6fb9e39c82eed501889521b19cc4fc13d1104f83128928775b520c86f8abc
d5f7c1c0cbec2c27d4165db4cd06b7780f477fc9161008bde67c7a9d62b223aa
d627bfed9c45cb007955e86a56be2e34a8918993c3b79c3d6ee2352730188d0f
d72b41e9ee1228706defd9248456e5a270518d80cf7ac077211b55127c47ae83
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d9975ba9667076e9f446fed66c121e652c7203dc449b5ad3ca5efb6578195c8d
dcbea8a07a327fa7d86348a59bd3221e4defa0e0825c5bb05c9c93067f7a0f62
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
dfdc1f05ccfc2cb2352ee1b2a6a0988d1525f7c67cb966dce430ae8c4231245d
e10c7c2a79f0ea6b115d5102e944ac00f310e6e46d60ddd868855fdf7cd959a7
e2cf23246faa8dc51d53f8194af77082ccfa8dff6a73596ea98c0ded52fb3a39
e2f4ff612aae54db25ceb56885665ad9c8bfac2cad5f30c1b582febc1fe10789
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc
e64bc5d8275b9bb01415266454435954ab6323383c8ce3e799db97c916ee9e6e
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
e8989050bbb0d2b2573fdd8dfd7313ad8b377438339e13b400b1daf6adf600e5
ea24837103070968a4b29ff947900cc3595204a8164ab822e53e0731074989ed
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eeb4dcddfa0f47eacde3fb23b0b57ed7bc131bfcb36e11c11d3e6ca4c217801d
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff9611cedbd4005f4e14141b36370a67bffe1e50b1082cb32a84ee835c27a21
f1bc452030c333c2f2b7b7c6c59b0ed4711b76daf04597a629391c13f79a66b0
f3168403eabe87c4fa8bf097e63d6409e3e6d15a14825215c27e9e4f1f943c95
f40c33990c532ef379fe609b48dfca08d5fbcb6139e312a8e829466d7d09f34e
f752ad8cf812a358129aac3fd9784b0baf6f19899eb49116f08a1afab1fa133e
f79e1f14cff6f380ebbbea645bb159978ead5447a33a0ced34534b2271eb4019
fbc5b6820ad3f7829dffe54880e9ec215ccf69b6294dd25afeef28bf71aaacbf
fd51702795d8496e8ce980a116a7b8e11a79ab0a7aaf20b4556be965415e36f3
fd583bd394cf970e462e11c2855609a468859ce761c8c3b6bc93dc90e93923cf
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3
ffb1aa4c12a99329b7f5a3196d421fd8efdfdb9435f80a61fe11f6a3024bd4c9

gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital Open in urlscan Pro 34.95.11.30 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

291 Requests

83 %HTTPS

37 %IPv6

63 Domains

102 Subdomains

71 IPs

5 Countries

3348 kBTransfer

10391 kBSize

102 Cookies

12 Outgoing links

Page URL History

Redirected requests

291 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

gcp-cheet-4632-ontariofarmer.gdev.postmedia.digital Open in urlscan Pro
34.95.11.30 Public Scan

Screenshot
Live screenshot

Full Image

291
Requests

83 %
HTTPS

37 %
IPv6

63
Domains

102
Subdomains

71
IPs

5
Countries

3348 kB
Transfer

10391 kB
Size

102
Cookies

291 HTTP transactions
5 data transactions