directcreditsuissevhost217587.lowhost.ru
195.128.123.5  Malicious Activity!

URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Submission Tags: 7455889
Submission: On March 02 via api from US — Scanned from DE

Summary

This website contacted 10 IPs in 3 countries across 8 domains to perform 45 HTTP transactions. The main IP is 195.128.123.5, located in Russian Federation and belongs to GARANT-PARK-INTERNET, RU. The main domain is directcreditsuissevhost217587.lowhost.ru.
TLS certificate: Issued by R3 on March 2nd 2022. Valid for: 3 months.
This is the only time directcreditsuissevhost217587.lowhost.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

Apex Domain
Subdomains
Transfer
12 lowhost.ru
directcreditsuissevhost217587.lowhost.ru
982 KB
11 gstatic.com
www.gstatic.com
fonts.gstatic.com
47 KB
8 google.com
www.google.com — Cisco Umbrella Rank: 2
adservice.google.com — Cisco Umbrella Rank: 57
49 KB
7 doubleclick.net
9852050.fls.doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
4 KB
4 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 101
37 KB
3 google.de
adservice.google.de — Cisco Umbrella Rank: 8832
www.google.de — Cisco Umbrella Rank: 6433
2 KB
2 fonts.googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
2 KB
0 23323232-postescanada.ca Failed
evaluation.23323232-postescanada.ca Failed
45 8
Domain Requested by
12 directcreditsuissevhost217587.lowhost.ru directcreditsuissevhost217587.lowhost.ru
8 www.gstatic.com www.google.com
6 www.google.com 2 redirects directcreditsuissevhost217587.lowhost.ru
5 9852050.fls.doubleclick.net 2 redirects directcreditsuissevhost217587.lowhost.ru
adservice.google.com
4 www.googleadservices.com 9852050.fls.doubleclick.net
www.googleadservices.com
3 fonts.gstatic.com fonts.googleapis.com
2 www.google.de 9852050.fls.doubleclick.net
2 googleads.g.doubleclick.net 2 redirects
2 fonts.googleapis.com directcreditsuissevhost217587.lowhost.ru
2 adservice.google.com 9852050.fls.doubleclick.net
1 adservice.google.de 1 redirects
0 evaluation.23323232-postescanada.ca Failed directcreditsuissevhost217587.lowhost.ru
45 12

This site contains links to these domains. Also see Links.

Domain
www.23323232.ca
Subject Issuer Validity Valid
directcreditsuissevhost217587.lowhost.ru
R3
2022-03-02 -
2022-05-31
3 months crt.sh
www.google.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
*.google.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2022-02-17 -
2022-05-12
3 months crt.sh

This page contains 12 frames:

Primary Page: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Frame ID: CB6F80F7E00DC5A08C1663D1C10573DA
Requests: 10 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Frame ID: 866A641DEC9A3058DF99C36B9BF2E540
Requests: 3 HTTP requests in this frame

Frame: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Frame ID: B7B3E2C24FEE6B75FEE91FA3EAE2AFD9
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/activityi;dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Frame ID: C290323608E361A7E0320CC06C6CE8AA
Requests: 1 HTTP requests in this frame

Frame: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Frame ID: 81593E719B18746333EC6E4758323034
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Frame ID: 0EE0BD0458EE900A4C66D8165AC61836
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Frame ID: EDDEF07FC7CF45BD612CF3A258E26247
Requests: 3 HTTP requests in this frame

Frame: https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Frame ID: A859387758FBC3E2ADB68D2E7FEED688
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Frame ID: A9187B4E7056BA03B1C568E5D89EAD96
Requests: 5 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Frame ID: 8DA20BAD0C5C2726632A0429A1185317
Requests: 3 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 5109E2279F040D9FE9D4016FF0E653D8
Requests: 1 HTTP requests in this frame

Frame: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Frame ID: 263B4B105D16A7168E3815E137164FE0
Requests: 4 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]+foundation[^>"]+css

Page Statistics

45
Requests

84 %
HTTPS

73 %
IPv6

8
Domains

12
Subdomains

10
IPs

3
Countries

1119 kB
Transfer

1235 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal? HTTP 302
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Request Chain 21
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal? HTTP 302
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Request Chain 35
  • https://adservice.google.de/ddm/fls/i/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal HTTP 302
  • https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Request Chain 37
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJLJ4dCKqPYCFcvM1QodVbQPWA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fdirectcreditsuissevhost217587.lowhost.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=7rofYt-bLtGxgQeGy5CgBQ&sscte=1&crd=CNPgGw HTTP 302
  • https://www.google.com/pagead/1p-conversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJLJ4dCKqPYCFcvM1QodVbQPWA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fdirectcreditsuissevhost217587.lowhost.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=7rofYt-bLtGxgQeGy5CgBQ&cid=CAQSKQCNIrLMxopFnmWpO2sCEM3-CH1uD34OgVAWH7pKfxIaw8orEII3onUQ&random=3915705138&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJLJ4dCKqPYCFcvM1QodVbQPWA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fdirectcreditsuissevhost217587.lowhost.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=7rofYt-bLtGxgQeGy5CgBQ&cid=CAQSKQCNIrLMxopFnmWpO2sCEM3-CH1uD34OgVAWH7pKfxIaw8orEII3onUQ&random=3915705138&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Request Chain 40
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOOQ3NCKqPYCFQar1QodFVEFpg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=7rofYs22OY_Kx_AP85eLuAQ&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOOQ3NCKqPYCFQar1QodFVEFpg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=7rofYs22OY_Kx_AP85eLuAQ&cid=CAQSKQCNIrLM1RaoMJQl6JfFVjIWzjghSABHI7QwNnDKsCCvkc-GswCFSCJl&random=4094432302&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOOQ3NCKqPYCFQar1QodFVEFpg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=7rofYs22OY_Kx_AP85eLuAQ&cid=CAQSKQCNIrLM1RaoMJQl6JfFVjIWzjghSABHI7QwNnDKsCCvkc-GswCFSCJl&random=4094432302&resp=GooglemKTybQhCsO&ipr=y&prhg=0

45 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
29 KB
30 KB
Document
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 / PHP/7.0.33
Resource Hash
c267dfde1c7b1dd426982d87222bcd358207033eb56112c8e817ad31b132368b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx/1.20.1
Date
Wed, 02 Mar 2022 18:43:58 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.0.33
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
foundation.css?version=2104.04.2427
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/
205 KB
206 KB
Stylesheet
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/foundation.css?version=2104.04.2427
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:36 GMT
Server
nginx/1.20.1
ETag
"60e99544-33543"
Strict-Transport-Security
max-age=31536000;
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
210243
cwc.css
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/
191 KB
192 KB
Stylesheet
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/cwc.css
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:31 GMT
Server
nginx/1.20.1
ETag
"60e9953f-2fdaf"
Strict-Transport-Security
max-age=31536000;
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
196015
styles.css?version=2104.04.2427
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/
32 KB
32 KB
Stylesheet
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/styles.css?version=2104.04.2427
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
e5cd5d3d19a7f6b3aeea4c95c6b41913f56b93b6d29c4a086b6c8b62f3dae38c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:37 GMT
Server
nginx/1.20.1
ETag
"60e99545-7e6d"
Strict-Transport-Security
max-age=31536000;
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
32365
net.png
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/
22 KB
22 KB
Image
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/net.png
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
5a8e6f8104e4e4e002f7f9cc0e61fb477881da3147cd731ec3834b916d9e1fcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:45 GMT
Server
nginx/1.20.1
ETag
"60e9954d-56d5"
Strict-Transport-Security
max-age=31536000;
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22229
ccyat.png
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/
10 KB
10 KB
Image
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/ccyat.png
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
d12cc5ef49c949cf5579f4d5e9e82bda316d48792136364585b83a59be995cdc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:38 GMT
Server
nginx/1.20.1
ETag
"60e99546-2714"
Strict-Transport-Security
max-age=31536000;
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10004
anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
www.google.com/recaptcha/api2/ Frame 866A
42 KB
22 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
705b91c83f54d1c456ed3e31258a5d32f0e919d351a4091049af57d2f4940a38
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-kGK+2o3ypGAKA2IqFxSE4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 02 Mar 2022 18:43:58 GMT
content-security-policy
script-src 'report-sample' 'nonce-kGK+2o3ypGAKA2IqFxSE4Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
22456
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
evaluation.23323232-postescanada.ca/jfe/form/ Frame B7B3
0
0

activityi;dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BRef...
9852050.fls.doubleclick.net/ Frame C290
Redirect Chain
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BR...
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...
646 B
656 B
Document
General
Full URL
https://9852050.fls.doubleclick.net/activityi;dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f6.1e100.net
Software
cafe /
Resource Hash
83ac9b146c94621e27b43c74266244ad0b4841ba5b421b752bc9b9b60b7edc0d
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 02 Mar 2022 18:43:58 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
479
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 02 Mar 2022 18:43:58 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://9852050.fls.doubleclick.net/activityi;dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/ Frame 8159
29 KB
30 KB
Document
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 / PHP/7.0.33
Resource Hash
c267dfde1c7b1dd426982d87222bcd358207033eb56112c8e817ad31b132368b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/

Response headers

Server
nginx/1.20.1
Date
Wed, 02 Mar 2022 18:43:58 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Powered-By
PHP/7.0.33
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Strict-Transport-Security
max-age=31536000;
bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
www.google.com/recaptcha/api2/ Frame 0EE0
7 KB
2 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b06c023c70e35f3aebc4404f52ecae63cfd48bcdd4bb5cc480c3689b5fc39f32
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-mQ7TyrV803IhXGfsqarkNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 02 Mar 2022 18:43:58 GMT
content-security-policy
script-src 'report-sample' 'nonce-mQ7TyrV803IhXGfsqarkNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1113
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 0EE0
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 0EE0
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 866A
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 866A
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

foundation.css?version=2104.04.2427
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/ Frame 8159
205 KB
206 KB
Stylesheet
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/foundation.css?version=2104.04.2427
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:36 GMT
Server
nginx/1.20.1
ETag
"60e99544-33543"
Strict-Transport-Security
max-age=31536000;
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
210243
cwc.css
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/ Frame 8159
191 KB
192 KB
Stylesheet
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/cwc.css
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:31 GMT
Server
nginx/1.20.1
ETag
"60e9953f-2fdaf"
Strict-Transport-Security
max-age=31536000;
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
196015
styles.css?version=2104.04.2427
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/ Frame 8159
32 KB
32 KB
Stylesheet
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/styles.css?version=2104.04.2427
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
e5cd5d3d19a7f6b3aeea4c95c6b41913f56b93b6d29c4a086b6c8b62f3dae38c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:37 GMT
Server
nginx/1.20.1
ETag
"60e99545-7e6d"
Strict-Transport-Security
max-age=31536000;
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
32365
net.png
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/ Frame 8159
22 KB
22 KB
Image
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/net.png
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
5a8e6f8104e4e4e002f7f9cc0e61fb477881da3147cd731ec3834b916d9e1fcf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:45 GMT
Server
nginx/1.20.1
ETag
"60e9954d-56d5"
Strict-Transport-Security
max-age=31536000;
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22229
ccyat.png
directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/ Frame 8159
10 KB
10 KB
Image
General
Full URL
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/img/ccyat.png
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.128.123.5 , Russian Federation, ASN47196 (GARANT-PARK-INTERNET, RU),
Reverse DNS
inoventica-tech.ru
Software
nginx/1.20.1 /
Resource Hash
d12cc5ef49c949cf5579f4d5e9e82bda316d48792136364585b83a59be995cdc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Wed, 02 Mar 2022 18:43:58 GMT
Last-Modified
Sat, 10 Jul 2021 12:40:38 GMT
Server
nginx/1.20.1
ETag
"60e99546-2714"
Strict-Transport-Security
max-age=31536000;
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
10004
anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
www.google.com/recaptcha/api2/ Frame EDDE
42 KB
22 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2a7c2130957b3036fdc18861c33799598197fc345b981a16aeafb0293055d89d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-dVxGUj8jiYQZ70cqF0rcmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 02 Mar 2022 18:43:58 GMT
content-security-policy
script-src 'report-sample' 'nonce-dVxGUj8jiYQZ70cqF0rcmw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
22568
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
evaluation.23323232-postescanada.ca/jfe/form/ Frame A859
0
0

activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BRef...
9852050.fls.doubleclick.net/ Frame A918
Redirect Chain
  • https://9852050.fls.doubleclick.net/activityi;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BR...
  • https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...
1 KB
760 B
Document
General
Full URL
https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f6.1e100.net
Software
cafe /
Resource Hash
8f920c4b94e72948805b69724806f3a14735c8f9a43d5f4b5fa0f72cc5e6e46a
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 02 Mar 2022 18:43:58 GMT
expires
Wed, 02 Mar 2022 18:43:58 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
735
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 02 Mar 2022 18:43:58 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
www.google.com/recaptcha/api2/ Frame 8DA2
7 KB
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
081d8cccfbd58d74131b8e75db84989d72984152c045280e6f6b4db5440c6199
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-YeTQ7uG+lOy/9zrp6LcHEg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 02 Mar 2022 18:43:58 GMT
content-security-policy
script-src 'report-sample' 'nonce-YeTQ7uG+lOy/9zrp6LcHEg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1112
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u...
adservice.google.com/ddm/fls/i/ Frame 5109
645 B
947 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0f09c5fec71bc89f023193e783430dbed25edb1a6994421f98545295f7c90898
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 02 Mar 2022 18:43:58 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
478
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame EDDE
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame EDDE
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&co=aHR0cHM6Ly9zc28tb3N1LmNhbmFkYXBvc3QtcG9zdGVzY2FuYWRhLmNhOjQ0Mw..&hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&size=invisible&badge=inline&cb=bduv6gvy4bnn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

css?family=Roboto:300,400,500,700
fonts.googleapis.com/
8 KB
787 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/cwc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 18:02:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 02 Mar 2022 18:43:58 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 02 Mar 2022 18:43:58 GMT
styles__ltr.css
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 8DA2
0
0
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

recaptcha__en.js
www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/ Frame 8DA2
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=sG0iO6gHcGdWJzjJjW9AY49S&k=6Lc5GaEUAAAAAPOr96CP5TcLgJ47q6GMkl4qIbBF&cb=atzvqwustmhr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

css?family=Roboto:300,400,500,700
fonts.googleapis.com/ Frame 8159
8 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Requested by
Host: directcreditsuissevhost217587.lowhost.ru
URL: https://directcreditsuissevhost217587.lowhost.ru/ilk/ol/ui/css/cwc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://directcreditsuissevhost217587.lowhost.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 18:10:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 02 Mar 2022 18:43:58 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 02 Mar 2022 18:43:58 GMT
conversion.js
www.googleadservices.com/pagead/ Frame A918
44 KB
17 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
47416c97abf6445e8743d61d244f2a58f1417c3d8bb9993ac0b195dce20afe13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 18:43:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17259
x-xss-protection
0
server
cafe
etag
3097536548863330078
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 02 Mar 2022 18:43:58 GMT
dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=*;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=...
adservice.google.com/ddm/fls/z/ Frame A918
42 B
118 B
Image
General
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=*;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 18:43:58 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://directcreditsuissevhost217587.lowhost.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 09:48:03 GMT
x-content-type-options
nosniff
age
464155
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 25 Feb 2023 09:48:03 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://directcreditsuissevhost217587.lowhost.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 17:58:32 GMT
x-content-type-options
nosniff
age
2726
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 02 Mar 2023 17:58:32 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://directcreditsuissevhost217587.lowhost.ru
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 01 Mar 2022 14:02:00 GMT
x-content-type-options
nosniff
age
103318
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 01 Mar 2023 14:02:00 GMT
dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u...
9852050.fls.doubleclick.net/ddm/fls/r/ Frame 263B
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Na...
  • https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BP...
851 B
525 B
Document
General
Full URL
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.23.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s45-in-f6.1e100.net
Software
cafe /
Resource Hash
6042ad8c3bdcc3ab368872b5df39419ea249d06ff935990cd5d84e0318d3f091
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 02 Mar 2022 18:43:58 GMT
expires
Wed, 02 Mar 2022 18:43:58 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
502
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Wed, 02 Mar 2022 18:43:58 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
location
https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
?random=1646246638684&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=f...
www.googleadservices.com/pagead/conversion/674834224/ Frame A918
2 KB
1 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/674834224/?random=1646246638684&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJLJ4dCKqPYCFcvM1QodVbQPWA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fdirectcreditsuissevhost217587.lowhost.ru%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
05d0edfd39708be15ecf83646139b2d9e410bd4fae209d382edd4348f3b8342f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 18:43:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false...
www.google.de/pagead/1p-conversion/674834224/ Frame A918
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=37560326...
  • https://www.google.com/pagead/1p-conversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u...
  • https://www.google.de/pagead/1p-conversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_...
42 B
548 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJLJ4dCKqPYCFcvM1QodVbQPWA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fdirectcreditsuissevhost217587.lowhost.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=7rofYt-bLtGxgQeGy5CgBQ&cid=CAQSKQCNIrLMxopFnmWpO2sCEM3-CH1uD34OgVAWH7pKfxIaw8orEII3onUQ&random=3915705138&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/activityi;dc_pre=CJLJ4dCKqPYCFcvM1QodVbQPWA;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal?
Protocol
H2
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 18:43:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 02 Mar 2022 18:43:58 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/674834224/?random=563802059&cv=9&fst=1646246638684&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Factivityi%3Bdc_pre%3DCJLJ4dCKqPYCFcvM1QodVbQPWA%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal%3F&ref=https%3A%2F%2Fdirectcreditsuissevhost217587.lowhost.ru%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGw&is_vtc=1&ocp_id=7rofYt-bLtGxgQeGy5CgBQ&cid=CAQSKQCNIrLMxopFnmWpO2sCEM3-CH1uD34OgVAWH7pKfxIaw8orEII3onUQ&random=3915705138&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion.js
www.googleadservices.com/pagead/ Frame 263B
44 KB
17 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
47416c97abf6445e8743d61d244f2a58f1417c3d8bb9993ac0b195dce20afe13
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 02 Mar 2022 18:43:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17259
x-xss-protection
0
server
cafe
etag
3097536548863330078
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 02 Mar 2022 18:43:58 GMT
?random=1646246638925&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=f...
www.googleadservices.com/pagead/conversion/674834224/ Frame 263B
2 KB
1 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion/674834224/?random=1646246638925&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOOQ3NCKqPYCFQar1QodFVEFpg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
8d5cece8721ea67c9d11296ff76c4ab6c16518e39d127c92fa5e5355d6d4a8e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 18:43:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1355
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=fals...
www.google.de/pagead/1p-conversion/674834224/ Frame 263B
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=3756032...
  • https://www.google.com/pagead/1p-conversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&...
  • https://www.google.de/pagead/1p-conversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u...
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-conversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOOQ3NCKqPYCFQar1QodFVEFpg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=7rofYs22OY_Kx_AP85eLuAQ&cid=CAQSKQCNIrLM1RaoMJQl6JfFVjIWzjghSABHI7QwNnDKsCCvkc-GswCFSCJl&random=4094432302&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Requested by
Host: 9852050.fls.doubleclick.net
URL: https://9852050.fls.doubleclick.net/ddm/fls/r/dc_pre=COOQ3NCKqPYCFQar1QodFVEFpg;src=9852050;type=optim0;cat=perso0;ord=1374118205095;gtm=2od5q1;auiddc=1944792256.1620952204;u1=%5BProduct%5D;u2=%5BPage%20Name%5D;u3=%5BURL%5D;u4=%5BReferral%5D;u5=%5BLanguage%5D;u6=%5BJourney%20Step%5D;~oref=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal
Protocol
H2
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://9852050.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 02 Mar 2022 18:43:59 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 02 Mar 2022 18:43:59 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/674834224/?random=1441618582&cv=9&fst=1646246638925&num=1&npa=1&label=S1hGCOWN-eEBELDO5MEC&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F9852050.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOOQ3NCKqPYCFQar1QodFVEFpg%3Bsrc%3D9852050%3Btype%3Doptim0%3Bcat%3Dperso0%3Bord%3D1374118205095%3Bgtm%3D2od5q1%3Bauiddc%3D1944792256.1620952204%3Bu1%3D%255BProduct%255D%3Bu2%3D%255BPage%2520Name%255D%3Bu3%3D%255BURL%255D%3Bu4%3D%255BReferral%255D%3Bu5%3D%255BLanguage%255D%3Bu6%3D%255BJourney%2520Step%255D%3B~oref%3Dhttps%253A%252F%252Fsso-osu.23323232-postescanada.ca%252Fpfe-pap%252Fen%252Fregistration%252Fpersonal&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=7rofYs22OY_Kx_AP85eLuAQ&cid=CAQSKQCNIrLM1RaoMJQl6JfFVjIWzjghSABHI7QwNnDKsCCvkc-GswCFSCJl&random=4094432302&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
evaluation.23323232-postescanada.ca
URL
https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1
Domain
evaluation.23323232-postescanada.ca
URL
https://evaluation.23323232-postescanada.ca/jfe/form/SV_71iOFlig0vNugpn?Q_CHL=si&Page=https%3A%2F%2Fsso-osu.23323232-postescanada.ca%2Fpfe-pap%2Fen%2Fregistration%2Fpersonal&Q_lang=EN&Q_CanScreenCapture=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 function| structuredClone object| oncontextlost object| oncontextrestored

2 Cookies

Domain/Path Name / Value
directcreditsuissevhost217587.lowhost.ru/ Name: PHPSESSID
Value: 8o2t4id1l75hropt09atf85lt3
.doubleclick.net/ Name: IDE
Value: AHWqTUnUd8a0aAmYFEKsOYgDBW8xz6xUBhzFDeilGtshuUwhShadbcETn2CKEwwq4Zs

10 Console Messages

Source Level URL
Text
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://www.googleadservices.com/pagead/conversion.js(Line 79)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/recaptcha__en.js
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://www.googleadservices.com/pagead/conversion.js(Line 79)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://www.gstatic.com/recaptcha/releases/sG0iO6gHcGdWJzjJjW9AY49S/styles__ltr.css
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9852050.fls.doubleclick.net
adservice.google.com
adservice.google.de
directcreditsuissevhost217587.lowhost.ru
evaluation.23323232-postescanada.ca
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
www.google.com
www.google.de
www.googleadservices.com
www.gstatic.com
evaluation.23323232-postescanada.ca
142.250.185.162
172.217.23.102
195.128.123.5
2a00:1450:4001:803::2003
2a00:1450:4001:811::2003
2a00:1450:4001:811::200a
2a00:1450:4001:812::2002
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2002
05d0edfd39708be15ecf83646139b2d9e410bd4fae209d382edd4348f3b8342f
081d8cccfbd58d74131b8e75db84989d72984152c045280e6f6b4db5440c6199
0f09c5fec71bc89f023193e783430dbed25edb1a6994421f98545295f7c90898
216da4960223c3fcc55a0fa7942b8c3ef1d21b7fb2143e7ec5e6cd32c13aa13f
2a7c2130957b3036fdc18861c33799598197fc345b981a16aeafb0293055d89d
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
47416c97abf6445e8743d61d244f2a58f1417c3d8bb9993ac0b195dce20afe13
5a8e6f8104e4e4e002f7f9cc0e61fb477881da3147cd731ec3834b916d9e1fcf
6042ad8c3bdcc3ab368872b5df39419ea249d06ff935990cd5d84e0318d3f091
705b91c83f54d1c456ed3e31258a5d32f0e919d351a4091049af57d2f4940a38
83ac9b146c94621e27b43c74266244ad0b4841ba5b421b752bc9b9b60b7edc0d
8d5cece8721ea67c9d11296ff76c4ab6c16518e39d127c92fa5e5355d6d4a8e0
8f920c4b94e72948805b69724806f3a14735c8f9a43d5f4b5fa0f72cc5e6e46a
a61def1cd61dedd0cccbcefcf32bf6e718434265d41fe7a16ab367fed074e57b
b06c023c70e35f3aebc4404f52ecae63cfd48bcdd4bb5cc480c3689b5fc39f32
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c267dfde1c7b1dd426982d87222bcd358207033eb56112c8e817ad31b132368b
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d12cc5ef49c949cf5579f4d5e9e82bda316d48792136364585b83a59be995cdc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5cd5d3d19a7f6b3aeea4c95c6b41913f56b93b6d29c4a086b6c8b62f3dae38c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629