urlscan.io logo urlscan.io
SecurityTrails logo

nationalpost.com Open in urlscan Pro
34.111.249.109  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://u12097671.ct.sendgrid.net/ls/click?upn=9rudYHeevExQpJ5A1h-2BA7d1MAgxAcU8tnD95e0wW2LiVSXuNk0qMXXtW26iHRhhdlLrILHzlDn3l2Knxg...
Effective URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-th...
Submission: On September 05 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 125 IPs in 7 countries across 105 domains to perform 511 HTTP transactions. The main IP is 34.111.249.109, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is nationalpost.com. The Cisco Umbrella rank of the primary domain is 171815.
TLS certificate: Issued by GTS CA 1D4 on August 25th 2022. Valid for: 3 months.
This is the only time nationalpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.28 11377 (SENDGRID)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.111.249.109 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
3 184.29.129.7 16625 (AKAMAI-AS)
1 2620:100:a001::4 19750 (AS-CRITEO)
9 23.217.30.202 16625 (AKAMAI-AS)
8 108.139.52.24 16509 (AMAZON-02)
1 13.225.214.51 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 54.230.163.28 16509 (AMAZON-02)
37 34.117.54.29 15169 (GOOGLE)
3 34.149.157.221 15169 (GOOGLE)
6 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 34.120.155.137 396982 (GOOGLE-CL...)
4 5 15.197.193.217 16509 (AMAZON-02)
1 23.217.29.148 16625 (AKAMAI-AS)
1 23.217.43.215 16625 (AKAMAI-AS)
1 35.241.9.51 15169 (GOOGLE)
7 11 68.67.178.10 29990 (ASN-APPNEX)
1 104.19.150.54 13335 (CLOUDFLAR...)
12 34.107.254.252 15169 (GOOGLE)
4 2606:4700:10:... 13335 (CLOUDFLAR...)
2 23.92.190.69 32475 (SINGLEHOP...)
29 52.4.33.45 14618 (AMAZON-AES)
3 8 104.18.18.126 13335 (CLOUDFLAR...)
5 18 34.98.64.218 15169 (GOOGLE)
1 8 68.67.179.153 29990 (ASN-APPNEX)
6 52.206.176.232 14618 (AMAZON-AES)
2 74.119.119.129 19750 (AS-CRITEO)
1 44.199.168.235 14618 (AMAZON-AES)
2 75.2.40.13 16509 (AMAZON-02)
4 35.169.125.112 14618 (AMAZON-AES)
1 2 2620:100:a001::c 19750 (AS-CRITEO)
1 178.250.0.157 44788 (ASN-CRITE...)
14 20 142.250.65.194 15169 (GOOGLE)
3 184.29.128.213 16625 (AKAMAI-AS)
1 23.34.248.177 16625 (AKAMAI-AS)
2 2 64.74.236.255 22075 (AS-OUTBRAIN)
1 2 23.197.37.29 16625 (AKAMAI-AS)
2 2 44.209.207.157 14618 (AMAZON-AES)
8 2606:4700::68... 13335 (CLOUDFLAR...)
22 2600:9000:21d... 16509 (AMAZON-02)
8 2607:f8b0:400... 15169 (GOOGLE)
2 9 108.138.128.77 16509 (AMAZON-02)
1 2a04:4e42:600... 54113 (FASTLY)
9 151.101.66.133 54113 (FASTLY)
1 108.139.47.129 16509 (AMAZON-02)
2 8.28.7.81 62713 (AS-PUBMATIC)
1 2 52.45.33.138 14618 (AMAZON-AES)
3 6 35.190.60.146 15169 (GOOGLE)
2 2 107.178.254.65 15169 (GOOGLE)
1 1 34.98.67.3 15169 (GOOGLE)
2 10 52.46.151.131 16509 (AMAZON-02)
2 2 2620:112:f002... 6336 (TURN-US-ASN)
4 4 151.101.66.49 54113 (FASTLY)
2 2600:1f18:4e9... 14618 (AMAZON-AES)
5 5 35.211.178.172 19527 (GOOGLE-2)
2 2 52.4.169.124 14618 (AMAZON-AES)
3 184.29.128.24 16625 (AKAMAI-AS)
1 2 74.119.119.150 19750 (AS-CRITEO)
2 2 35.207.24.140 15169 (GOOGLE)
2 2 185.184.8.90 204995 (RTB-HOUSE...)
4 2a04:4e42:400... 54113 (FASTLY)
2 7 2620:116:800b... 14618 (AMAZON-AES)
24 3.214.50.196 14618 (AMAZON-AES)
3 2600:1f18:44f... 14618 (AMAZON-AES)
7 2a04:4e42::645 54113 (FASTLY)
2 2600:9000:23c... 16509 (AMAZON-02)
2 3 185.167.164.43 198622 (ADFORM)
2 18 104.36.115.109 62713 (AS-PUBMATIC)
6 7 18.215.140.171 14618 (AMAZON-AES)
1 1 199.187.193.199 47043 (SMARTADSE...)
1 1 198.148.27.140 19189 (PULSEPOINT)
1 1 141.148.45.191 31898 (ORACLE-BM...)
7 8.28.7.83 62713 (AS-PUBMATIC)
5 5 216.200.232.249 30419 (MEDIAMATH...)
2 2 173.231.184.20 32475 (SINGLEHOP...)
1 169.197.150.8 398989 (DEEPINTENT)
2 2 52.205.223.187 14618 (AMAZON-AES)
2 2 18.235.217.239 14618 (AMAZON-AES)
1 1 69.90.254.78 13768 (COGECO-PEER1)
4 4 199.127.204.142 26120 (RHYTHMONE)
1 2 2606:4700:440... 13335 (CLOUDFLAR...)
1 2 72.44.36.54 14618 (AMAZON-AES)
1 1 2606:4700::68... 13335 (CLOUDFLAR...)
3 4 23.217.18.198 16625 (AKAMAI-AS)
2 104.36.115.114 62713 (AS-PUBMATIC)
1 1 34.133.71.175 396982 (GOOGLE-CL...)
2 2 2606:ae80:147... 26762 (CNVR-US-EAST)
2 2 23.21.236.46 14618 (AMAZON-AES)
4 4 207.198.113.86 13768 (COGECO-PEER1)
1 54.243.198.75 14618 (AMAZON-AES)
1 1 51.68.39.188 16276 (OVH)
1 2 204.2.255.233 2914 (NTT-LTD-2914)
1 2606:4700::68... 13335 (CLOUDFLAR...)
8 2001:4860:480... 15169 (GOOGLE)
9 52.45.87.68 14618 (AMAZON-AES)
1 2600:9000:21d... 16509 (AMAZON-02)
11 205.185.216.10 20446 (STACKPATH...)
5 205.185.216.42 20446 (STACKPATH...)
1 2607:f8b0:400... 15169 (GOOGLE)
5 2607:f8b0:400... 15169 (GOOGLE)
2 151.101.2.207 54113 (FASTLY)
2 2a03:2880:f00... 32934 (FACEBOOK)
1 13.226.25.39 16509 (AMAZON-02)
3 104.18.19.126 13335 (CLOUDFLAR...)
1 2600:9000:21d... 16509 (AMAZON-02)
10 2607:f8b0:400... 15169 (GOOGLE)
9 2607:f8b0:400... 15169 (GOOGLE)
4 9 3.224.21.15 14618 (AMAZON-AES)
2 23.1.200.83 16625 (AKAMAI-AS)
2 3 35.71.139.29 16509 (AMAZON-02)
9 2606:4700::68... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
3 63.251.114.182 32475 (SINGLEHOP...)
1 2 34.196.96.235 14618 (AMAZON-AES)
1 1 8.43.72.98 26667 (RUBICONPR...)
1 2 35.227.252.103 15169 (GOOGLE)
1 2 107.178.246.49 15169 (GOOGLE)
2 2 192.35.249.127 11742 (SPOTX-IAD)
1 34.194.161.83 14618 (AMAZON-AES)
2 2607:f8b0:400... 15169 (GOOGLE)
4 188.40.92.96 24940 (HETZNER-AS)
2 151.101.66.207 54113 (FASTLY)
2 2001:4860:480... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
15 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f10... 32934 (FACEBOOK)
5 18.204.250.37 14618 (AMAZON-AES)
5 5 23.21.59.154 14618 (AMAZON-AES)
1 2 34.197.192.192 14618 (AMAZON-AES)
1 3 34.111.234.236 15169 (GOOGLE)
1 13.225.214.50 16509 (AMAZON-02)
8 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 142.250.64.66 15169 (GOOGLE)
1 8.28.7.84 62713 (AS-PUBMATIC)
1 3.230.217.116 14618 (AMAZON-AES)
1 2 2600:1f18:612... 14618 (AMAZON-AES)
1 69.166.1.15 27630 (AS-XFERNET)
1 192.35.249.142 11742 (SPOTX-IAD)
1 67.226.210.221 26120 (RHYTHMONE)
1 104.36.115.111 62713 (AS-PUBMATIC)
1 44.210.205.198 14618 (AMAZON-AES)
2 52.218.216.144 16509 (AMAZON-02)
2 23.217.28.180 16625 (AKAMAI-AS)
1 2607:f8b0:400... 15169 (GOOGLE)
1 204.236.250.205 14618 (AMAZON-AES)
511 125
1    167.89.118.28 (Las Vegas, United States)

ASN11377 (SENDGRID, US)
PTR: o16789118x28.outbound-mail.sendgrid.net
u12097671.ct.sendgrid.net
1    2606:4700::6812:5f3c (United States)

ASN13335 (CLOUDFLARENET, US)
app2.cision.com
1    34.111.249.109 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 109.249.111.34.bc.googleusercontent.com
nationalpost.com
4    2607:f8b0:4006:80c::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
3    184.29.129.7 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-129-7.deploy.static.akamaitechnologies.com
js-sec.indexww.com
1    2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
9    23.217.30.202 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-30-202.deploy.static.akamaitechnologies.com
c.aaxads.com
l3.aaxads.com
8    108.139.52.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-52-24.jfk50.r.cloudfront.net
c.amazon-adsystem.com
1    13.225.214.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-51.ewr50.r.cloudfront.net
cdn.adsafeprotected.com
2    2607:f8b0:4006:81e::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:3032::ac43:bf95 (United States)

ASN13335 (CLOUDFLARENET, US)
www.npttech.com
2    2606:4700:10::ac43:835 (United States)

ASN13335 (CLOUDFLARENET, US)
auth.lrcontent.com
1    54.230.163.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-163-28.ewr53.r.cloudfront.net
ak.sail-horizon.com
37    34.117.54.29 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 29.54.117.34.bc.googleusercontent.com
fem.gprod.postmedia.digital
dcs-static.gprod.postmedia.digital
3    34.149.157.221 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 221.157.149.34.bc.googleusercontent.com
smartcdn.gprod.postmedia.digital
6    2607:f8b0:4006:821::2003 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700::6812:451 (United States)

ASN13335 (CLOUDFLARENET, US)
23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
1    34.120.155.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.155.120.34.bc.googleusercontent.com
api.rlcdn.com
5    15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
1    23.217.29.148 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-29-148.deploy.static.akamaitechnologies.com
www.aaxdetect.com
1    23.217.43.215 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-43-215.deploy.static.akamaitechnologies.com
secure.cdn.fastclick.net
1    35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com
23dc09d6-b664-425a-a76e-0eed6a6cc102.prmutv.co
11    68.67.178.10 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
1    104.19.150.54 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.permutive.com
12    34.107.254.252 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 252.254.107.34.bc.googleusercontent.com
api.permutive.com
googlesync.permutive.com
4    2606:4700:10::6816:49e8 (United States)

ASN13335 (CLOUDFLARENET, US)
config.lrcontent.com
2    23.92.190.69 (Katy, United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
29    52.4.33.45 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-33-45.compute-1.amazonaws.com
c2shb.ssp.yahoo.com
c2shb.pubgw.yahoo.com
8    104.18.18.126 (None, )

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
18    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
postmedia-d.openx.net
us-u.openx.net
u.openx.net
distroscale-d.openx.net
8    68.67.179.153 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
6    52.206.176.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-206-176-232.compute-1.amazonaws.com
btlr.sharethrough.com
2    74.119.119.129 (United States)

ASN19750 (AS-CRITEO, US)
PTR: bidder.va1.vip.prod.criteo.com
bidder.criteo.com
1    44.199.168.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-199-168-235.compute-1.amazonaws.com
pixel.adsafeprotected.com
2    75.2.40.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com
api.sail-personalize.com
4    35.169.125.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-125-112.compute-1.amazonaws.com
postmedia.hub.loginradius.com
2    2620:100:a001::c (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
1    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
20    142.250.65.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f2.1e100.net
cm.g.doubleclick.net
pubads.g.doubleclick.net
3    184.29.128.213 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-128-213.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    23.34.248.177 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-34-248-177.deploy.static.akamaitechnologies.com
hbx.media.net
2    64.74.236.255 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com
b1sync.zemanta.com
2    23.197.37.29 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-37-29.deploy.static.akamaitechnologies.com
stags.bluekai.com
2    44.209.207.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-209-207-157.compute-1.amazonaws.com
cs.emxdgt.com
8    2606:4700::6811:b6b1 (United States)

ASN13335 (CLOUDFLARENET, US)
experience.tinypass.com
cdn.tinypass.com
buy.tinypass.com
22    2600:9000:21dd:3600:8:2ae1:d740:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.viafoura.net
8    2607:f8b0:4006:820::2008 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
9    108.138.128.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-77.jfk50.r.cloudfront.net
sb.scorecardresearch.com
1    2a04:4e42:600::645 (United States)

ASN54113 (FASTLY, US)
jssdkcdns.mparticle.com
9    151.101.66.133 (United States)

ASN54113 (FASTLY, US)
cdn.krxd.net
consumer.krxd.net
1    108.139.47.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-129.jfk50.r.cloudfront.net
c.jsrdn.com
2    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    52.45.33.138 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-33-138.compute-1.amazonaws.com
ups.analytics.yahoo.com
6    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
2    107.178.254.65 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
1    34.98.67.3 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com
tags.rd.linksynergy.com
10    52.46.151.131 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
2    2620:112:f002:bbbb::21 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
4    151.101.66.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
2    2600:1f18:4e9:5a01:19f8:d00:d1ab:5f75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pr-bh.ybp.yahoo.com
5    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
2    52.4.169.124 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-169-124.compute-1.amazonaws.com
t.pswec.com
3    184.29.128.24 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a184-29-128-24.deploy.static.akamaitechnologies.com
contextual.media.net
2    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
2    35.207.24.140 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com
rtb.mfadsrvr.com
2    185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net
creativecdn.com
4    2a04:4e42:400::645 (United States)

ASN54113 (FASTLY, US)
identity.mparticle.com
7    2620:116:800b:21:b08a:1dc5:659b:4055 (United States)

ASN14618 (AMAZON-AES, US)
secure.quantserve.com
pixel.quantserve.com
24    3.214.50.196 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-214-50-196.compute-1.amazonaws.com
s.jsrdn.com
i.jsrdn.com
3    2600:1f18:44f0:4864:b609:1375:60a5:e0dc (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
api.viafoura.co
7    2a04:4e42::645 (United States)

ASN54113 (FASTLY, US)
jssdks.mparticle.com
2    2600:9000:23ca:3000:7:75d4:e40:93a1 (United States)

ASN16509 (AMAZON-02, US)
assets.ribn.com
3    185.167.164.43 (Denmark)

ASN198622 (ADFORM, DK)
c1.adform.net
18    104.36.115.109 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
7    18.215.140.171 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-215-140-171.compute-1.amazonaws.com
match.prod.bidr.io
1    199.187.193.199 (Canada)

ASN47043 (SMARTADSERVER, CA)
rtb-csync.smartadserver.com
1    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
1    141.148.45.191 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
sync.technoratimedia.com
7    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
5    216.200.232.249 (Frederick, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    173.231.184.20 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: lga-cassandra-1.sys.adgear.com
cm.adgrx.com
1    169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com
match.deepintent.com
2    52.205.223.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-223-187.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    18.235.217.239 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-217-239.compute-1.amazonaws.com
pm.w55c.net
1    69.90.254.78 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
ums.acuityplatform.com
4    199.127.204.142 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
2    2606:4700:4400::6812:230b (United States)

ASN13335 (CLOUDFLARENET, US)
a.tribalfusion.com
s.tribalfusion.com
2    72.44.36.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-72-44-36-54.compute-1.amazonaws.com
beacon.lynx.cognitivlabs.com
1    2606:4700::6813:ac6c (United States)

ASN13335 (CLOUDFLARENET, US)
csync.loopme.me
4    23.217.18.198 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-18-198.deploy.static.akamaitechnologies.com
px.owneriq.net
2    104.36.115.114 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
1    34.133.71.175 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 175.71.133.34.bc.googleusercontent.com
um.simpli.fi
2    2606:ae80:1471:17::1080 (United States)

ASN26762 (CNVR-US-EAST, US)
pubmatic-match.dotomi.com
2    23.21.236.46 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-236-46.compute-1.amazonaws.com
sync.ipredictive.com
4    207.198.113.86 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
1    54.243.198.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-243-198-75.compute-1.amazonaws.com
rtb.adentifi.com
1    51.68.39.188 (France)

ASN16276 (OVH, FR)
PTR: ns3129809.ip-51-68-39.eu
dsp.nrich.ai
2    204.2.255.233 (Bear, United States)

ASN2914 (NTT-LTD-2914, US)
pmp.mxptint.net
1    2606:4700::6810:f015 (United States)

ASN13335 (CLOUDFLARENET, US)
c2.piano.io
8    2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
9    52.45.87.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-87-68.compute-1.amazonaws.com
beacon.krxd.net
1    2600:9000:21dd:400:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
rules.quantcount.com
11    205.185.216.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net
c5x8i7c7.ssl.hwcdn.net
5    205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net
a.jsrdn.com
1    2607:f8b0:4006:81e::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
5    2607:f8b0:4006:820::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
adservice.google.com
2    151.101.2.207 (United States)

ASN54113 (FASTLY, US)
sdk.mrf.io
2    2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    13.226.25.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-25-39.ewr53.r.cloudfront.net
cdn.parsely.com
3    104.18.19.126 (None, )

ASN13335 (CLOUDFLARENET, US)
as-sec.casalemedia.com
1    2600:9000:21dd:6800:11:615:7240:93a1 (United States)

ASN16509 (AMAZON-02, US)
pxl.qccerttest.com
10    2607:f8b0:4006:809::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
9    2607:f8b0:4006:80b::2001 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
tpc.googlesyndication.com
9    3.224.21.15 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-224-21-15.compute-1.amazonaws.com
match.sharethrough.com
2    23.1.200.83 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-1-200-83.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
3    35.71.139.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
9    2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2607:f8b0:4006:808::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    63.251.114.182 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ce.lijit.com
2    34.196.96.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-96-235.compute-1.amazonaws.com
sync.crwdcntrl.net
1    8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
2    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
2    107.178.246.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.246.178.107.bc.googleusercontent.com
pixel.tapad.com
2    192.35.249.127 (Ashburn, United States)

ASN11742 (SPOTX-IAD, US)
sync.search.spotxchange.com
1    34.194.161.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-161-83.compute-1.amazonaws.com
p1.parsely.com
2    2607:f8b0:4004:c06::9a (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
4    188.40.92.96 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: haproxy01.cl03.k8s.mrf.io
events.newsroom.bi
2    151.101.66.207 (United States)

ASN54113 (FASTLY, US)
flowcards.mrf.io
2    2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
2    2607:f8b0:4006:81f::2003 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.google.ca
15    2607:f8b0:4006:822::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
3    2607:f8b0:4006:81e::2004 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2a03:2880:f103:181:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
5    18.204.250.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-204-250-37.compute-1.amazonaws.com
i.viafoura.co
notifications.viafoura.co
livecomments.viafoura.co
5    23.21.59.154 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-59-154.compute-1.amazonaws.com
usermatch.krxd.net
2    34.197.192.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-192-192.compute-1.amazonaws.com
ps.eyeota.net
3    34.111.234.236 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 236.234.111.34.bc.googleusercontent.com
ml314.com
1    13.225.214.50 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-50.ewr50.r.cloudfront.net
aa.agkn.com
8    2607:f8b0:4006:821::2006 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    2607:f8b0:4006:807::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2607:f8b0:4006:81c::2002 (Perth Amboy, United States)

ASN15169 (GOOGLE, US)
www.googletagservices.com
2    142.250.64.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s30-in-f2.1e100.net
googleads4.g.doubleclick.net
1    8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
1    3.230.217.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-217-116.compute-1.amazonaws.com
c2shb.pubgw.yahoo.com
2    2600:1f18:612b:4232:404:2bd9:b8a8:362 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
5ew8d-b3mmu.ads.tremorhub.com
1    69.166.1.15 (United States)

ASN27630 (AS-XFERNET, US)
apex.go.sonobi.com
1    192.35.249.142 (Ashburn, United States)

ASN11742 (SPOTX-IAD, US)
search.spotxchange.com
1    67.226.210.221 (United States)

ASN26120 (RHYTHMONE, US)
tag.1rx.io
1    104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
1    44.210.205.198 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-210-205-198.compute-1.amazonaws.com
prebid-server.rubiconproject.com
2    52.218.216.144 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com
s3-us-west-2.amazonaws.com
2    23.217.28.180 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-28-180.deploy.static.akamaitechnologies.com
video-ads.rubiconproject.com
1    2607:f8b0:4001:c0a::5e (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
csi.gstatic.com
1    204.236.250.205 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-204-236-250-205.compute-1.amazonaws.com
optimized-by.rubiconproject.com
Apex Domain
Subdomains		 Transfer
40 postmedia.digital
fem.gprod.postmedia.digital — Cisco Umbrella Rank: 184247
dcs-static.gprod.postmedia.digital — Cisco Umbrella Rank: 154924
smartcdn.gprod.postmedia.digital — Cisco Umbrella Rank: 124286
803 KB
34 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 713
image6.pubmatic.com — Cisco Umbrella Rank: 891
simage2.pubmatic.com — Cisco Umbrella Rank: 999
image2.pubmatic.com — Cisco Umbrella Rank: 1557
image4.pubmatic.com — Cisco Umbrella Rank: 1518
simage4.pubmatic.com — Cisco Umbrella Rank: 1673
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 702
41 KB
34 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1492
ups.analytics.yahoo.com — Cisco Umbrella Rank: 419
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 772
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 1251
10 KB
30 jsrdn.com
c.jsrdn.com — Cisco Umbrella Rank: 32271
s.jsrdn.com — Cisco Umbrella Rank: 33474
i.jsrdn.com — Cisco Umbrella Rank: 33606
a.jsrdn.com — Cisco Umbrella Rank: 38335
3 MB
30 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 226
cm.g.doubleclick.net — Cisco Umbrella Rank: 303
stats.g.doubleclick.net — Cisco Umbrella Rank: 188
googleads.g.doubleclick.net — Cisco Umbrella Rank: 73
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 373
pubads.g.doubleclick.net — Cisco Umbrella Rank: 368
240 KB
23 krxd.net
cdn.krxd.net — Cisco Umbrella Rank: 2230
beacon.krxd.net — Cisco Umbrella Rank: 741
consumer.krxd.net — Cisco Umbrella Rank: 3034
usermatch.krxd.net — Cisco Umbrella Rank: 1847
186 KB
22 viafoura.net
cdn.viafoura.net — Cisco Umbrella Rank: 11922
403 KB
20 openx.net
postmedia-d.openx.net — Cisco Umbrella Rank: 235805
us-u.openx.net — Cisco Umbrella Rank: 708
u.openx.net — Cisco Umbrella Rank: 975
rtb.openx.net — Cisco Umbrella Rank: 2282
distroscale-d.openx.net — Cisco Umbrella Rank: 47241
5 KB
19 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 129
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 174
107 KB
19 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 329
secure.adnxs.com — Cisco Umbrella Rank: 725
17 KB
18 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 120
ajax.googleapis.com — Cisco Umbrella Rank: 480
imasdk.googleapis.com — Cisco Umbrella Rank: 456
2 MB
18 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 362
s.amazon-adsystem.com — Cisco Umbrella Rank: 415
102 KB
15 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 1586
match.sharethrough.com — Cisco Umbrella Rank: 799
4 KB
13 permutive.com
cdn.permutive.com — Cisco Umbrella Rank: 2925
api.permutive.com — Cisco Umbrella Rank: 2450
googlesync.permutive.com — Cisco Umbrella Rank: 10434
12 KB
12 mparticle.com
jssdkcdns.mparticle.com — Cisco Umbrella Rank: 7994
identity.mparticle.com — Cisco Umbrella Rank: 2408
jssdks.mparticle.com — Cisco Umbrella Rank: 7349
55 KB
11 hwcdn.net
c5x8i7c7.ssl.hwcdn.net — Cisco Umbrella Rank: 42546
263 KB
11 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 755
as-sec.casalemedia.com — Cisco Umbrella Rank: 2163
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 709
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 904
32 KB
10 google.com
adservice.google.com — Cisco Umbrella Rank: 142
analytics.google.com — Cisco Umbrella Rank: 640
www.google.com — Cisco Umbrella Rank: 19
3 KB
9 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 355
90 KB
9 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 223
5 KB
9 aaxads.com
c.aaxads.com — Cisco Umbrella Rank: 4150
l3.aaxads.com — Cisco Umbrella Rank: 6856
124 KB
8 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 350
163 KB
8 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 94
20 KB
8 viafoura.co
api.viafoura.co — Cisco Umbrella Rank: 12157
i.viafoura.co — Cisco Umbrella Rank: 12457
notifications.viafoura.co — Cisco Umbrella Rank: 14490
livecomments.viafoura.co
7 KB
8 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 141
484 KB
8 tinypass.com
experience.tinypass.com — Cisco Umbrella Rank: 8266
cdn.tinypass.com — Cisco Umbrella Rank: 6841
buy.tinypass.com — Cisco Umbrella Rank: 5556
143 KB
7 rubiconproject.com
eus.rubiconproject.com — Cisco Umbrella Rank: 840
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1325
prebid-server.rubiconproject.com — Cisco Umbrella Rank: 1415
video-ads.rubiconproject.com — Cisco Umbrella Rank: 10132
optimized-by.rubiconproject.com — Cisco Umbrella Rank: 6451
34 KB
7 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 846
3 KB
7 quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1405
pixel.quantserve.com — Cisco Umbrella Rank: 691
12 KB
7 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 834
gum.criteo.com — Cisco Umbrella Rank: 458
mug.criteo.com — Cisco Umbrella Rank: 1814
dis.criteo.com — Cisco Umbrella Rank: 946
9 KB
7 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 1084
id.rlcdn.com — Cisco Umbrella Rank: 885
idsync.rlcdn.com — Cisco Umbrella Rank: 607
1 KB
7 gstatic.com
fonts.gstatic.com
csi.gstatic.com
183 KB
6 lrcontent.com
auth.lrcontent.com — Cisco Umbrella Rank: 58591
config.lrcontent.com — Cisco Umbrella Rank: 18948
96 KB
5 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 743
3 KB
5 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 420
3 KB
5 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 872
ce.lijit.com — Cisco Umbrella Rank: 1411
8 KB
5 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 486
3 KB
4 newsroom.bi
events.newsroom.bi — Cisco Umbrella Rank: 11965
3 KB
4 mrf.io
sdk.mrf.io — Cisco Umbrella Rank: 15147
flowcards.mrf.io — Cisco Umbrella Rank: 15580
29 KB
4 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 951
3 KB
4 owneriq.net
px.owneriq.net — Cisco Umbrella Rank: 1924
2 KB
4 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 807
tag.1rx.io — Cisco Umbrella Rank: 2666
2 KB
4 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 949
938 B
4 media.net
hbx.media.net — Cisco Umbrella Rank: 2510
contextual.media.net — Cisco Umbrella Rank: 819
11 KB
4 loginradius.com
postmedia.hub.loginradius.com — Cisco Umbrella Rank: 196335
1 KB
3 ml314.com
ml314.com — Cisco Umbrella Rank: 2659
32 KB
3 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 778
search.spotxchange.com — Cisco Umbrella Rank: 678
2 KB
3 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 652
1 KB
3 google.ca
adservice.google.ca — Cisco Umbrella Rank: 13273
www.google.ca — Cisco Umbrella Rank: 7394
1 KB
3 adform.net
c1.adform.net — Cisco Umbrella Rank: 1015
1 KB
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 942
71 KB
2 amazonaws.com
s3-us-west-2.amazonaws.com
9 KB
2 tremorhub.com
5ew8d-b3mmu.ads.tremorhub.com — Cisco Umbrella Rank: 64059
1 KB
2 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 1452
1 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 111
427 B
2 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 757
608 B
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 1087
1 KB
2 parsely.com
cdn.parsely.com — Cisco Umbrella Rank: 4001
p1.parsely.com — Cisco Umbrella Rank: 3342
26 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 208
112 KB
2 mxptint.net
pmp.mxptint.net — Cisco Umbrella Rank: 9671
965 B
2 ipredictive.com
sync.ipredictive.com — Cisco Umbrella Rank: 1659
1023 B
2 dotomi.com
pubmatic-match.dotomi.com — Cisco Umbrella Rank: 5194
746 B
2 cognitivlabs.com
beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 2522
833 B
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 1505
s.tribalfusion.com — Cisco Umbrella Rank: 3853
1 KB
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 1307
1 KB
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 1116
875 B
2 adgrx.com
cm.adgrx.com — Cisco Umbrella Rank: 2381
1 KB
2 ribn.com
assets.ribn.com — Cisco Umbrella Rank: 164882
7 KB
2 creativecdn.com
creativecdn.com — Cisco Umbrella Rank: 811
748 B
2 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 1431
832 B
2 pswec.com
t.pswec.com — Cisco Umbrella Rank: 6002
1 KB
2 turn.com
ad.turn.com — Cisco Umbrella Rank: 1268
959 B
2 pippio.com
pippio.com — Cisco Umbrella Rank: 1133
717 B
2 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 1371
741 B
2 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 826
1 KB
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 845
1 KB
2 sail-personalize.com
api.sail-personalize.com — Cisco Umbrella Rank: 4115
497 B
2 adsafeprotected.com
cdn.adsafeprotected.com — Cisco Umbrella Rank: 4431
pixel.adsafeprotected.com — Cisco Umbrella Rank: 867
24 KB
1 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 3006
2 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 234
44 KB
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 775
655 B
1 qccerttest.com
pxl.qccerttest.com — Cisco Umbrella Rank: 1351
548 B
1 quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1180
681 B
1 piano.io
c2.piano.io — Cisco Umbrella Rank: 5229
3 KB
1 nrich.ai
dsp.nrich.ai — Cisco Umbrella Rank: 4456
482 B
1 adentifi.com
rtb.adentifi.com — Cisco Umbrella Rank: 2164
35 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 1468
656 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 1389
333 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1901
633 B
1 acuityplatform.com
ums.acuityplatform.com — Cisco Umbrella Rank: 2435
674 B
1 deepintent.com
match.deepintent.com — Cisco Umbrella Rank: 1399
222 B
1 technoratimedia.com
sync.technoratimedia.com — Cisco Umbrella Rank: 1710
799 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 838
819 B
1 smartadserver.com
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 842
766 B
1 linksynergy.com
tags.rd.linksynergy.com — Cisco Umbrella Rank: 5748
391 B
1 prmutv.co
23dc09d6-b664-425a-a76e-0eed6a6cc102.prmutv.co — Cisco Umbrella Rank: 272022
393 B
1 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 2186
17 KB
1 aaxdetect.com
www.aaxdetect.com — Cisco Umbrella Rank: 10346
323 B
1 permutive.app
23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app — Cisco Umbrella Rank: 205217
92 KB
1 sail-horizon.com
ak.sail-horizon.com — Cisco Umbrella Rank: 4003
43 KB
1 npttech.com
www.npttech.com — Cisco Umbrella Rank: 5861
3 KB
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 782
39 KB
1 nationalpost.com
nationalpost.com — Cisco Umbrella Rank: 171815
91 KB
1 cision.com
app2.cision.com
509 B
1 sendgrid.net
u12097671.ct.sendgrid.net
251 B
511 105
Domain Requested by
32 dcs-static.gprod.postmedia.digital nationalpost.com
dcs-static.gprod.postmedia.digital
28 c2shb.ssp.yahoo.com js-sec.indexww.com
23 i.jsrdn.com
22 cdn.viafoura.net fem.gprod.postmedia.digital
cdn.viafoura.net
18 simage2.pubmatic.com 2 redirects ads.pubmatic.com
16 cm.g.doubleclick.net 14 redirects us-u.openx.net
googleads.g.doubleclick.net
15 imasdk.googleapis.com c5x8i7c7.ssl.hwcdn.net
imasdk.googleapis.com
s3-us-west-2.amazonaws.com
12 us-u.openx.net 3 redirects js-sec.indexww.com
us-u.openx.net
u.openx.net
11 c5x8i7c7.ssl.hwcdn.net c.jsrdn.com
c5x8i7c7.ssl.hwcdn.net
nationalpost.com
11 api.permutive.com 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
11 ib.adnxs.com 7 redirects 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
js-sec.indexww.com
googleads.g.doubleclick.net
nationalpost.com
10 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
googleads.g.doubleclick.net
www.googletagservices.com
10 s.amazon-adsystem.com 2 redirects us-u.openx.net
c.amazon-adsystem.com
s.amazon-adsystem.com
ap.lijit.com
u.openx.net
match.sharethrough.com
9 cdnjs.cloudflare.com buy.tinypass.com
9 match.sharethrough.com 4 redirects s.amazon-adsystem.com
match.sharethrough.com
9 beacon.krxd.net cdn.krxd.net
9 sb.scorecardresearch.com 2 redirects fem.gprod.postmedia.digital
8 s0.2mdn.net imasdk.googleapis.com
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
8 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
8 www.googletagmanager.com fem.gprod.postmedia.digital
jssdkcdns.mparticle.com
www.googletagmanager.com
8 secure.adnxs.com 1 redirects js-sec.indexww.com
8 c.amazon-adsystem.com nationalpost.com
c.amazon-adsystem.com
8 c.aaxads.com nationalpost.com
c.aaxads.com
ads.pubmatic.com
7 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
googleads.g.doubleclick.net
7 image2.pubmatic.com ads.pubmatic.com
7 match.prod.bidr.io 6 redirects
7 jssdks.mparticle.com jssdkcdns.mparticle.com
6 buy.tinypass.com cdn.tinypass.com
buy.tinypass.com
6 pixel.quantserve.com 2 redirects
6 cdn.krxd.net fem.gprod.postmedia.digital
cdn.krxd.net
6 btlr.sharethrough.com js-sec.indexww.com
6 fonts.gstatic.com fonts.googleapis.com
5 usermatch.krxd.net 5 redirects
5 adservice.google.com securepubads.g.doubleclick.net
imasdk.googleapis.com
5 a.jsrdn.com nationalpost.com
5 sync.mathtag.com 5 redirects
5 x.bidswitch.net 5 redirects
5 match.adsrvr.org 4 redirects js-sec.indexww.com
5 fem.gprod.postmedia.digital nationalpost.com
fem.gprod.postmedia.digital
4 pubads.g.doubleclick.net imasdk.googleapis.com
4 events.newsroom.bi sdk.mrf.io
4 pixel-sync.sitescout.com 4 redirects
4 px.owneriq.net 3 redirects ap.lijit.com
4 identity.mparticle.com jssdkcdns.mparticle.com
4 sync-tm.everesttech.net 4 redirects
4 idsync.rlcdn.com 1 redirects us-u.openx.net
ads.pubmatic.com
4 postmedia.hub.loginradius.com fem.gprod.postmedia.digital
auth.lrcontent.com
4 config.lrcontent.com auth.lrcontent.com
4 securepubads.g.doubleclick.net nationalpost.com
securepubads.g.doubleclick.net
3 dsum-sec.casalemedia.com 1 redirects googleads.g.doubleclick.net
3 ml314.com 1 redirects nationalpost.com
ml314.com
3 www.google.com tpc.googlesyndication.com
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
3 ce.lijit.com ap.lijit.com
3 eb2.3lift.com 2 redirects
3 as-sec.casalemedia.com js-sec.indexww.com
3 consumer.krxd.net cdn.krxd.net
3 sync.1rx.io 3 redirects
3 c1.adform.net 2 redirects ads.pubmatic.com
3 api.viafoura.co cdn.viafoura.net
3 contextual.media.net hbx.media.net
3 ads.pubmatic.com c.aaxads.com
ads.pubmatic.com
s.amazon-adsystem.com
3 htlb.casalemedia.com js-sec.indexww.com
nationalpost.com
3 smartcdn.gprod.postmedia.digital nationalpost.com
3 js-sec.indexww.com nationalpost.com
c5x8i7c7.ssl.hwcdn.net
2 livecomments.viafoura.co cdn.viafoura.net
2 video-ads.rubiconproject.com imasdk.googleapis.com
2 s3-us-west-2.amazonaws.com c5x8i7c7.ssl.hwcdn.net
s3-us-west-2.amazonaws.com
2 distroscale-d.openx.net nationalpost.com
2 5ew8d-b3mmu.ads.tremorhub.com 1 redirects
2 c2shb.pubgw.yahoo.com nationalpost.com
2 googleads4.g.doubleclick.net googleads.g.doubleclick.net
2 googleads.g.doubleclick.net 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
nationalpost.com
2 ssum-sec.casalemedia.com 2 redirects
2 ps.eyeota.net 1 redirects
2 i.viafoura.co cdn.viafoura.net
2 www.facebook.com
2 www.google.ca
2 analytics.google.com www.googletagmanager.com
2 flowcards.mrf.io
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 sync.search.spotxchange.com 2 redirects
2 pixel.tapad.com 1 redirects u.openx.net
2 rtb.openx.net 1 redirects u.openx.net
2 sync.crwdcntrl.net 1 redirects ap.lijit.com
2 u.openx.net 1 redirects s.amazon-adsystem.com
2 eus.rubiconproject.com s.amazon-adsystem.com
eus.rubiconproject.com
2 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com securepubads.g.doubleclick.net
2 connect.facebook.net nationalpost.com
connect.facebook.net
2 sdk.mrf.io nationalpost.com
sdk.mrf.io
2 pmp.mxptint.net 1 redirects ads.pubmatic.com
2 sync.ipredictive.com 2 redirects
2 pubmatic-match.dotomi.com 2 redirects
2 image4.pubmatic.com ads.pubmatic.com
2 beacon.lynx.cognitivlabs.com 1 redirects ads.pubmatic.com
2 pm.w55c.net 2 redirects
2 sync.srv.stackadapt.com 2 redirects
2 cm.adgrx.com 2 redirects
2 assets.ribn.com www.googletagmanager.com
nationalpost.com
2 creativecdn.com 2 redirects
2 rtb.mfadsrvr.com 2 redirects
2 dis.criteo.com 1 redirects hbx.media.net
2 t.pswec.com 2 redirects
2 pr-bh.ybp.yahoo.com us-u.openx.net
ads.pubmatic.com
2 ad.turn.com 2 redirects
2 pippio.com 2 redirects
2 id.rlcdn.com 2 redirects
2 ups.analytics.yahoo.com 1 redirects us-u.openx.net
2 image6.pubmatic.com ads.pubmatic.com
2 cs.emxdgt.com 2 redirects
2 stags.bluekai.com 1 redirects
2 b1sync.zemanta.com 2 redirects
2 gum.criteo.com 1 redirects static.criteo.net
2 api.sail-personalize.com ak.sail-horizon.com
2 bidder.criteo.com static.criteo.net
2 postmedia-d.openx.net 1 redirects nationalpost.com
2 ap.lijit.com js-sec.indexww.com
s.amazon-adsystem.com
2 auth.lrcontent.com nationalpost.com
cdn.viafoura.net
2 fonts.googleapis.com nationalpost.com
buy.tinypass.com
1 optimized-by.rubiconproject.com video-ads.rubiconproject.com
1 csi.gstatic.com imasdk.googleapis.com
1 prebid-server.rubiconproject.com nationalpost.com
1 hbopenbid.pubmatic.com nationalpost.com
1 tag.1rx.io nationalpost.com
1 search.spotxchange.com nationalpost.com
1 apex.go.sonobi.com nationalpost.com
1 simage4.pubmatic.com ads.pubmatic.com
1 notifications.viafoura.co cdn.viafoura.net
1 www.googletagservices.com 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
1 aa.agkn.com
1 p1.parsely.com
1 pixel-us-east.rubiconproject.com 1 redirects
1 ajax.googleapis.com buy.tinypass.com
1 pxl.qccerttest.com
1 cdn.parsely.com www.googletagmanager.com
1 adservice.google.ca securepubads.g.doubleclick.net
1 rules.quantcount.com secure.quantserve.com
1 c2.piano.io cdn.tinypass.com
1 dsp.nrich.ai 1 redirects
1 rtb.adentifi.com ads.pubmatic.com
1 um.simpli.fi 1 redirects
1 csync.loopme.me 1 redirects
1 s.tribalfusion.com ads.pubmatic.com
1 a.tribalfusion.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 ums.acuityplatform.com 1 redirects
1 match.deepintent.com ads.pubmatic.com
1 sync.technoratimedia.com 1 redirects
1 bh.contextweb.com 1 redirects
1 rtb-csync.smartadserver.com 1 redirects
1 s.jsrdn.com c.jsrdn.com
1 secure.quantserve.com c.jsrdn.com
1 cdn.tinypass.com experience.tinypass.com
1 tags.rd.linksynergy.com 1 redirects
1 c.jsrdn.com fem.gprod.postmedia.digital
1 jssdkcdns.mparticle.com fem.gprod.postmedia.digital
1 experience.tinypass.com fem.gprod.postmedia.digital
1 hbx.media.net c.aaxads.com
1 googlesync.permutive.com
1 mug.criteo.com
1 l3.aaxads.com nationalpost.com
1 pixel.adsafeprotected.com cdn.adsafeprotected.com
1 cdn.permutive.com 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
1 23dc09d6-b664-425a-a76e-0eed6a6cc102.prmutv.co 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
1 secure.cdn.fastclick.net nationalpost.com
1 www.aaxdetect.com nationalpost.com
1 api.rlcdn.com js-sec.indexww.com
1 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app fem.gprod.postmedia.digital
1 ak.sail-horizon.com nationalpost.com
1 www.npttech.com nationalpost.com
1 cdn.adsafeprotected.com nationalpost.com
1 static.criteo.net nationalpost.com
1 nationalpost.com
1 app2.cision.com 1 redirects
1 u12097671.ct.sendgrid.net 1 redirects
511 174
Subject Issuer Validity Valid
nationalpost.com
GTS CA 1D4		 2022-08-25 -
2022-11-23		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-12-12 -
2022-12-13		 a year crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-09-01 -
2022-11-30		 3 months crt.sh
*.aaxads.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-11 -
2023-03-15		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2022-05-09 -
2023-04-18		 a year crt.sh
*.adsafeprotected.com
Amazon		 2022-06-21 -
2023-07-20		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-06 -
2023-06-05		 a year crt.sh
ak.sail-horizon.com
Amazon		 2022-01-06 -
2023-02-02		 a year crt.sh
gprod.postmedia.digital
GTS CA 1D4		 2022-07-21 -
2022-10-19		 3 months crt.sh
smartcdn.gprod.postmedia.digital
GTS CA 1D4		 2022-08-05 -
2022-11-03		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
permutive.app
Cloudflare Inc ECC CA-3		 2022-07-15 -
2022-10-13		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2022-03-31 -
2023-05-02		 a year crt.sh
*.aaxdetect.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-03-11 -
2023-03-15		 a year crt.sh
secure.cdn.fastclick.net
DigiCert SHA2 Secure Server CA		 2022-01-15 -
2023-01-17		 a year crt.sh
*.prmutv.co
R3		 2022-07-04 -
2022-10-02		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
permutive.com
Cloudflare Inc ECC CA-3		 2022-02-26 -
2023-02-25		 a year crt.sh
api.permutive.com
R3		 2022-08-19 -
2022-11-17		 3 months crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-02 -
2023-01-25		 6 months crt.sh
*.sharethrough.com
Amazon		 2022-07-14 -
2023-08-12		 a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-08-27 -
2022-11-22		 3 months crt.sh
fw.adsafeprotected.com
Amazon		 2022-04-28 -
2023-05-27		 a year crt.sh
api.sail-personalize.com
Amazon		 2022-05-25 -
2023-06-23		 a year crt.sh
*.loginradius.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-13 -
2022-12-13		 a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2022-02-04 -
2023-02-03		 a year crt.sh
*.media.net
DigiCert SHA2 Secure Server CA		 2022-02-20 -
2023-02-22		 a year crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
viafoura.com
Amazon		 2021-10-07 -
2022-11-05		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.scorecardresearch.com
Amazon		 2022-01-29 -
2023-02-27		 a year crt.sh
jssdkcdns.mparticle.com
R3		 2022-08-24 -
2022-11-22		 3 months crt.sh
cdn.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-30 -
2022-12-29		 a year crt.sh
*.jsrdn.com
Amazon		 2021-11-16 -
2022-12-14		 a year crt.sh
ups.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-08-24 -
2023-02-15		 6 months crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2022-06-14 -
2022-12-07		 6 months crt.sh
identity.mparticle.com
Go Daddy Secure Certificate Authority - G2		 2022-07-09 -
2023-07-07		 a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-22 -
2022-09-21		 a year crt.sh
s.amazon-adsystem.com
Amazon		 2022-05-09 -
2023-04-21		 a year crt.sh
jssdks.mparticle.com
R3		 2022-08-24 -
2022-11-22		 3 months crt.sh
*.ribn.com
Amazon		 2022-08-21 -
2023-09-19		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-05-02 -
2023-06-03		 a year crt.sh
beacon.lynx.cognitivlabs.com
Amazon		 2022-04-13 -
2023-05-12		 a year crt.sh
adentifi.com
Amazon		 2022-08-05 -
2023-09-03		 a year crt.sh
piano.io
Cloudflare Inc ECC CA-3		 2022-04-27 -
2023-04-26		 a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-03 -
2022-11-02		 a year crt.sh
consumer.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-08 -
2023-06-07		 a year crt.sh
*.ssl.hwcdn.net
Sectigo RSA Domain Validation Secure Server CA		 2021-12-22 -
2023-01-19		 a year crt.sh
a.jsrdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-22 -
2023-03-05		 a year crt.sh
*.google.ca
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
sdk.mrf.io
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-01-19 -
2023-02-20		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-06-15 -
2022-09-13		 3 months crt.sh
*.parsely.com
Amazon		 2022-06-05 -
2023-07-04		 a year crt.sh
qccerttest.com
Amazon		 2022-04-04 -
2023-05-03		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-17 -
2023-04-04		 a year crt.sh
*.cl03.k8s.mrf.io
R3		 2022-08-09 -
2022-11-07		 3 months crt.sh
flowcards.mrf.io
GlobalSign Atlas R3 DV TLS CA 2022 Q1		 2022-01-19 -
2023-02-20		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2022-02-26 -
2023-03-01		 a year crt.sh
ml314.com
GTS CA 1D4		 2022-08-20 -
2022-11-18		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-08-15 -
2022-11-07		 3 months crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2021-12-08 -
2023-01-09		 a year crt.sh
*.spotxchange.com
GeoTrust RSA CA 2018		 2022-03-11 -
2023-03-29		 a year crt.sh
*.1rx.io
Sectigo RSA Domain Validation Secure Server CA		 2022-06-28 -
2023-07-29		 a year crt.sh
*.s3-us-west-2.amazonaws.com
Amazon		 2021-12-17 -
2022-11-29		 a year crt.sh

This page contains 57 frames:

Primary Page: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Frame ID: 55EE801D3C63A2C9104A03C6BFA028C9
Requests: 277 HTTP requests in this frame

Frame: https://fem.gprod.postmedia.digital/v65.0/xd.html
Frame ID: FE7A1BFB48566F046CA36108E688560D
Requests: 2 HTTP requests in this frame

Frame: https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Frame ID: 49D23B735FD952C9A14D328C246C7A75
Requests: 5 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=nationalpost.com
Frame ID: 9CC1B8C147DC5D18E8C24B7FE23DCDB8
Requests: 2 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Frame ID: 6B7CB329FF665792D0644BF1B7611D3E
Requests: 22 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&cid=AAX24X4M7&cmode=1&cv=35&prvid=97,109,175,214,251&gdpr=0&gdprconsent=0&usp_status=0&usp_consent=1&https=1
Frame ID: C02BFAE3EE171C55FDB9160749CC7E0C
Requests: 5 HTTP requests in this frame

Frame: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Frame ID: 9ADE3DE7A2D80AAA1FE1505A6BA684EA
Requests: 11 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&dcc=t
Frame ID: 094A45E34F93C8CA7E4E3C4283A25042
Requests: 1 HTTP requests in this frame

Frame: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Frame ID: D7510EAA3D7A0AAB39C69D532ACBF73D
Requests: 20 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Frame ID: 1F2E70556BC43C45F3DEA1B2F554418D
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YxY-RgAE-bZcqQBN&gdpr=0&gdpr_consent=
Frame ID: 243A83EF19CECB6B20AD8280D5E96B5D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD6807GLH8AAA614xveyA
Frame ID: 993F1B7A46CAF3A70EAA07F78E9141DB
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:df576316-3f46-4a00-aa04-f79bbd66aad7&gdpr=0&gdpr_consent=
Frame ID: 28F720E108C65ABDCB066E0413206F0F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=3975656e-2d48-11ed-b5ba-2ee251714aca
Frame ID: CC3C3433E9959EECEABC4E9FA8E9ACBC
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: D111F0802D17C3A7A9B3285AAD73A4B5
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 0C6729A89DA8EDAC7468B7F056BFE6C7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=AbRAvIwhQax0rZSP3crf7pU4mbQ
Frame ID: C53A6196FEE067E4C06F79D6135305CB
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Tk410fV91OvgNw5&gdpr=0&gdpr_consent=
Frame ID: 09AF99CB51C53F6C7EDD077CDD96874B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=690798747565
Frame ID: 891FCE69753C042D3B39BB5708FFB189
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-092afed4-7c33-48da-ae97-84a34a7748d6-005
Frame ID: 0D27406FE1BC0826667A73D89F245C13
Requests: 1 HTTP requests in this frame

Frame: https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Frame ID: 6E2C180E5C3DAA78A81C087AB3B16223
Requests: 1 HTTP requests in this frame

Frame: https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Frame ID: F296E9C1BB362595E7C36388919025A9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
Frame ID: 7EBB2A1474537392D042EA6C97318E52
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7156887741677165914
Frame ID: D2905E7322A39AA3EA41919A27943C03
Requests: 1 HTTP requests in this frame

Frame: https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=pba&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Frame ID: 42E91603C2F75088909277DAF9A45AAA
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: 80855353B4A8ECBD46222D6C6CEBEAD0
Requests: 1 HTTP requests in this frame

Frame: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Frame ID: 6BB3137555BD3A059F1D0B7CE280B1A5
Requests: 16 HTTP requests in this frame

Frame: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A1FAFAA9C18F9A42ADC25B5175326A62
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Frame ID: FA82210098FDA62488371FE86EE28315
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Frame ID: 3286836FC2046E70C2F612E6AB8E363B
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: B74E3F3318AE8D2FA0C69A15C10DE939
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: 3A7CAEF400103BFB5E43FEBBAD76CB16
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=4032320738726574262&ex=appnexus.com
Frame ID: D49F161AEF1922D4DFB69CC9C1F3690C
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Frame ID: 110C97C3A86B0ECF9B536C8A1D0D2C02
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4314556371279844782841
Frame ID: A8E285D7F0118606A6D6C4A8232F5CD4
Requests: 1 HTTP requests in this frame

Frame: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Frame ID: 85EC8332DB382BA896FB9B3362A7B8A1
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 97874EB33ED2E30C30DA03EFF98CE469
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B24E4196FA43C446C82418DA1A3FEB98
Requests: 2 HTTP requests in this frame

Frame: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4C6C1DFA09F3E468D02594F5E36CDCB2
Requests: 15 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Frame ID: 70D3A342AADB84C710FCD555B173EAB1
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIOCCBC-2rUCGNnD3NABMAE&v=APEucNVRy2VuHSLNAGfqm6WFs9tgJJYZY2DRArhVrIOD3zaFnnQIWtGvMg6hGkgdAEeTMkw7OroSu8nHGrE973iZDNBAOXdh7A
Frame ID: 9B75238A428CDE04953BE37D85ACA1DB
Requests: 5 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 270D853AC9C37C292535CEDCC60D0019
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 104C742D2FCFF721264B0407CEE624F3
Requests: 3 HTTP requests in this frame

Frame: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Frame ID: CFE6530BC7C11288482E4B10C05C8B5E
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Frame ID: 3353D564FFF99DB97A3793A4180C7453
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: E10D9BF737AFB6B3F931F5C26DDE38B7
Requests: 15 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Frame ID: 99897CDE9EED8934E385127408FCDFEF
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Frame ID: BECA8D1737038680EBF7A778E20B542A
Requests: 9 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Frame ID: 991D730DBB69B57AD110BC6863229EE8
Requests: 1 HTTP requests in this frame

Frame: https://c.amazon-adsystem.com/aax2/apstag.js
Frame ID: 5D2DBF8214EBB41187DD3EA6986C84D9
Requests: 7 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Frame ID: 1F9746F0A1713BBA7E0B647E55FE0BFF
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_n-LoopMe_pm-db5_n-simpli.fi_ym_bf_rbd_rx_n-Outbrain
Frame ID: D758016ABC803690216146ED9F7B21BD
Requests: 1 HTTP requests in this frame

Frame: https://s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/index.html
Frame ID: A0373F714AAE2FF607B6A6DA6DF94B91
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Frame ID: 476AB6A6B06C32F3130E548A31CA9FE3
Requests: 2 HTTP requests in this frame

Frame: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Frame ID: 5C2A35FA771A7691895FF7473C02FF3D
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Frame ID: 919CF7AF56114053FD7FE7489082CBAB
Requests: 4 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 584151F233E3C5BA4FAB3C586B85B632
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nearly 13,000 Canadians potentially victims of CERB fraud after hackers accessed CRA accounts in 2020 | National PostNational PostUserFinancial Post

Page URL History Show full URLs

  1. https://u12097671.ct.sendgrid.net/ls/click?upn=9rudYHeevExQpJ5A1h-2BA7d1MAgxAcU8tnD95e0wW2LiVSXuNk0qMXXtW26iHR... HTTP 302
    https://app2.cision.com/redir?s=9500000638272280 HTTP 302
    https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+(?:-?rc[.\d]*)*)/angular(?:\.min)?\.js
  • \bangular.{0,32}\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • \.quantserve\.com/quant\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

511
Requests

86 %
HTTPS

30 %
IPv6

105
Domains

174
Subdomains

125
IPs

7
Countries

9626 kB
Transfer

21717 kB
Size

211
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://u12097671.ct.sendgrid.net/ls/click?upn=9rudYHeevExQpJ5A1h-2BA7d1MAgxAcU8tnD95e0wW2LiVSXuNk0qMXXtW26iHRhhdlLrILHzlDn3l2KnxgpApug-3D-3D0HWC_d7OyPoEP8XqHWqaOM6Daaoeb8sFkC1LMfrHMequSXSs-2B-2FAnfZotGBIwGsaTnW-2BD2S5tjZQ-2BxaLnunhWExLxwVbrFeWvYb-2BVivBhufW2ZQk8bbK7W3odBp6KrBx9Xvj9boBaw1UWDEZpc86fSN4V1RtgbXX65Vys-2F7GWJMktqwpwlTVgVbAb53DRpJDxowh0yXXpDdKwdTLB7GC7pj930a-2BLnffnBGznH-2FBZVnefrTNGR-2FwtI06Lh-2BIp2JDMmL7Jp HTTP 302
    https://app2.cision.com/redir?s=9500000638272280 HTTP 302
    https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103
  • https://postmedia-d.openx.net/w/1.0/arj?auid=541132926%2C541132948%2C541132944%2C541132940%2C541132937%2C541132930%2C541132925&aus=300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90&ju=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&jr=&ch=UTF-8&tz=0&bc=hb_ix_2.1.3&be=1&res=1600x1200&tws=1600x1200&ifr=0&callback=window.headertag.OpenXHtb.adResponseCallbacks._NiDyjLnI&cache=1662402373627&ttduuid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12 HTTP 302
  • https://postmedia-d.openx.net/w/1.0/arj?cc=1&auid=541132926%2C541132948%2C541132944%2C541132940%2C541132937%2C541132930%2C541132925&aus=300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90&ju=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&jr=&ch=UTF-8&tz=0&bc=hb_ix_2.1.3&be=1&res=1600x1200&tws=1600x1200&ifr=0&callback=window.headertag.OpenXHtb.adResponseCallbacks._NiDyjLnI&cache=1662402373627&ttduuid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Request Chain 131
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=nationalpost.com&sn=ChromeSyncframe&so=0&topUrl=nationalpost.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=zOi1wnxzTE5XYTZRY3BwOTlkVXcrM3p6TUo1eDVyMWViTHpSQWdkQ1N2bFRXVGFIWThmYWFFUDdWQU9lNUREcGNDVnBUeVIwWUgybk9hdHV5Yy91ZWFId2hLZkhJWjJzNGw3Ti9mNGVJVVNkZlpaT1dnaG1ibW01RVRQSWdIZENCYmZUZmFST3EySVU0WFhaSDlUK0NFbUVvMlAwZVEycVVjNkkwT3R6YktEUjRsM0tlUzl6VEhPS1lNcWVuTWYvKzM0WUFoWWhHdUdSNWVKZmRVaFJNaDhCUjV4NU5qUkphVnFlSmNESHJNcG5ZLzZsa3ZlZk84aSs4cDJDNXgwMnh0MFRvR2xEY3A3SktjRE4wRzBsVFRBZGozUT09fA&cppv=2
Request Chain 133
  • https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm=&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339&google_tc= HTTP 302
  • https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEOkbLwvKsQVsgkg7f_5Ubbk&error=&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339&google_cver=1
Request Chain 136
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dapx%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fc.aaxads.com%252Faacxc.php%253Ffv%253D1%2526yvlg%253D3054039731454855000V10%2526wbsh%253Dapx%2526uhiXuo%253D%2526ylg%253D24023738973054039731454855000V10%2526ryvlg%253D%2524UID HTTP 302
  • https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=apx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262
Request Chain 137
  • https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fc.aaxads.com%2Faacxc.html%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dopx%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3D HTTP 302
  • https://c.aaxads.com/aacxc.html?fv=1&yvlg=3054039731454855000V10&wbsh=opx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=3cf6f712-b246-0e5c-1076-a418a5a934f9
Request Chain 138
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dzem%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3D__ZUID__ HTTP 302
  • https://stags.bluekai.com/site/23178?id=PLFDKqO-3RxnE7C8itNt&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YZOMFQXQYLEOMXGG33NF5QWCY3YMMXHA2DQH5SXQY3IMFXGOZJ5NVSWI2LBNZSXIJTGOY6TCJTSPF3GYZZ5KBGEMRCLOFHS2M2SPBXEKN2DHBUXITTUEZ2WQ2KYOVXT2JTXMJZWQPL2MVWSM6LMM46TENBQGIZTOMZYHE3TGMBVGQYDGOJXGMYTINJUHA2TKMBQGBLDCMBGPF3GYZZ5GMYDKNBQGM4TOMZRGQ2TIOBVGUYDAMCWGEYA HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YZOMFQXQYLEOMXGG33NF5QWCY3YMMXHA2DQH5SXQY3IMFXGOZJ5NVSWI2LBNZSXIJTGOY6TCJTSPF3GYZZ5KBGEMRCLOFHS2M2SPBXEKN2DHBUXITTUEZ2WQ2KYOVXT2JTXMJZWQPL2MVWSM6LMM46TENBQGIZTOMZYHE3TGMBVGQYDGOJXGMYTINJUHA2TKMBQGBLDCMBGPF3GYZZ5GMYDKNBQGM4TOMZRGQ2TIOBVGUYDAMCWGEYA HTTP 302
  • https://c.aaxads.com/aacxc.php?fv=1&ryvlg=PLFDKqO-3RxnE7C8itNt&uhiXuo=&wbsh=zem&ylg=24023738973054039731454855000V10&yvlg=3054039731454855000V10
Request Chain 139
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Demx%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3D%24UID HTTP 302
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Demx%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3D%24EMXUID&b64_redirect=aHR0cHM6Ly9jLmFheGFkcy5jb20vYWFjeGMucGhwP2Z2PTEmeXZsZz0zMDU0MDM5NzMxNDU0ODU1MDAwVjEwJndic2g9ZW14JnVoaVh1bz0meWxnPTI0MDIzNzM4OTczMDU0MDM5NzMxNDU0ODU1MDAwVjEwJnJ5dmxnPSRFTVhVSUQ= HTTP 302
  • https://cs.emxdgt.com/umcheck?apnxid=4032320738726574262&redirect=https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=emx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=$EMXUID&b64_redirect=aHR0cHM6Ly9jLmFheGFkcy5jb20vYWFjeGMucGhwP2Z2PTEmeXZsZz0zMDU0MDM5NzMxNDU0ODU1MDAwVjEwJndic2g9ZW14JnVoaVh1bz0meWxnPTI0MDIzNzM4OTczMDU0MDM5NzMxNDU0ODU1MDAwVjEwJnJ5dmxnPSRFTVhVSUQ= HTTP 302
  • https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=emx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262brt53591662402374007993a3
Request Chain 152
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D HTTP 302
  • https://id.rlcdn.com/464246.gif?partner_uid=a11ce1eb-d401-02dc-2c40-5a852eddc7fd HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=CPaqHBIvCisIARCUaxokYTExY2UxZWItZDQwMS0wMmRjLTJjNDAtNWE4NTJlZGRjN2ZkEAAaDQjG_tiYBhIFCOgHEABCAEoA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=6c796ab84237bd02425d00c2288db439b86b7dfa3f5768eaa303e75e304c6632791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA2Yzc5NmFiODQyMzdiZDAyNDI1ZDAwYzIyODhkYjQzOWI4NmI3ZGZhM2Y1NzY4ZWFhMzAzZTc1ZTMwNGM2NjMyNzkxNDI2YjU0MTdkY2UyMRAAGgwIxv7YmAYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA2Yzc5NmFiODQyMzdiZDAyNDI1ZDAwYzIyODhkYjQzOWI4NmI3ZGZhM2Y1NzY4ZWFhMzAzZTc1ZTMwNGM2NjMyNzkxNDI2YjU0MTdkY2UyMRAAGgwIxv7YmAYSBAgCEABCAEoA&google_gid=CAESEH_oVaopbqSiBUHcGODtirs&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=8653acb5-d071-498f-9a51-45637a346203
Request Chain 153
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=4032320738726574262
Request Chain 154
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ac0ce2f0-05ec-8f46-b337-58e17f756dc5 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ac0ce2f0-05ec-8f46-b337-58e17f756dc5&dcc=t
Request Chain 155
  • https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 156
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YxY-RgAE-bZcqQBN HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YxY-RgAE-bZcqQBN&_test=YxY-RgAE-bZcqQBN
Request Chain 158
  • https://match.adsrvr.org/track/cmf/openx?oxid=f4da9e8d-1946-34bc-7339-da761746a625&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&ttd_puid=f4da9e8d-1946-34bc-7339-da761746a625&gdpr=0&gdpr_consent=
Request Chain 160
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEPbywIcci5JuPukoWk7tBU&google_cver=1
Request Chain 161
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1 HTTP 302
  • https://t.pswec.com/bsw_sync?ssp=medianet&bsw_user_id=114cb03c-984e-472c-86ef-eff5c043abf4 HTTP 302
  • https://t.pswec.com/ul_cb/bsw_sync?ssp=medianet&bsw_user_id=114cb03c-984e-472c-86ef-eff5c043abf4 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=2&user_id=c66f65b1-dcab-4b0a-9fe6-272db7b54da8&expires=3&user_group=1&ssp=medianet HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 163
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3054039741454857000V10 HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3054039741454857000V10 HTTP 302
  • https://contextual.media.net/cksync.php?type=mf&ovsid=648dfd80-5793-4326-80c2-ef74a1d94944&cs=1
Request Chain 164
  • https://creativecdn.com/cm-notify?pi=medianet HTTP 302
  • https://creativecdn.com/cm-notify?pi=medianet&tc=1 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=jKp84PibmTAX9uA4k7JP&pi=medianet&tc=1
Request Chain 173
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&dcc=t
Request Chain 185
  • https://c1.adform.net/serving/cookie/match?party=14&cid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F HTTP 302
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Request Chain 186
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YxY-RgAE-bZcqQBN&gdpr=0&gdpr_consent=
Request Chain 187
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFENjgwN0dMSDhBQUE2MTR4dmV5QQ&bee_sync_partners=sas%2Cpp%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAD6807GLH8AAA614xveyA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csyn%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID HTTP 302
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csyn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=691582321626813154 HTTP 303
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAD6807GLH8AAA614xveyA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D691582321626813154%26bee_sync_partners%3Dsyn%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3 HTTP 302
  • https://match.prod.bidr.io/cookie-sync?userid=691582321626813154&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAD6807GLH8AAA614xveyA&pid=558502&do=add HTTP 303
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAD6807GLH8AAA614xveyA&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D691582321626813154%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4 HTTP 307
  • https://match.prod.bidr.io/cookie-sync?userid=691582321626813154&bee_sync_partners=pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=4 HTTP 303
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD6807GLH8AAA614xveyA
Request Chain 188
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:df576316-3f46-4a00-aa04-f79bbd66aad7&gdpr=0&gdpr_consent=
Request Chain 189
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=3975656e-2d48-11ed-b5ba-2ee251714aca
Request Chain 191
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Request Chain 192
  • https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=AbRAvIwhQax0rZSP3crf7pU4mbQ
Request Chain 193
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Tk410fV91OvgNw5&gdpr=0&gdpr_consent=
Request Chain 194
  • https://ums.acuityplatform.com/tum?umid=6 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=690798747565
Request Chain 195
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1662402374399 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=697179384 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/a5145ca0-88b0-4e4c-aeb9-c324ab89cd12 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-092afed4-7c33-48da-ae97-84a34a7748d6-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-092afed4-7c33-48da-ae97-84a34a7748d6-005 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-092afed4-7c33-48da-ae97-84a34a7748d6-005
Request Chain 196
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Request Chain 197
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=134a6419-450f-4543-8f4e-e0949ee3912d&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Request Chain 198
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}&gdpr=0&gdpr_consent= HTTP 307
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
Request Chain 199
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7156887741677165914&uid=Q7156887741677165914&ref=%2Fepm HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7156887741677165914
Request Chain 201
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2Tacpbj0TXK7GLm00gYgTw%3D%3D HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Request Chain 202
  • https://idsync.rlcdn.com/420486.gif?partner_uid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F HTTP 307
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D HTTP 302
  • https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a11ce1eb-d401-02dc-2c40-5a852eddc7fd
Request Chain 203
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5d8e6316-3f46-4300-9c36-e08cab2310c1
Request Chain 204
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDkzNjlDQTUtQjhGNC00RDcyLUJCMTgtQjlCNEQyMDYyMDRG&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 205
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGseGz_aAmJizJkrmNQWSGc&google_cver=1
Request Chain 206
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:05EED659B2D148A3817D415113CAFFFA
Request Chain 207
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Request Chain 208
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 210
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-50bw4I1E2uUALci9kIGC3ThSGUWAfms-~A&gdpr=0&gdpr_consent=
Request Chain 211
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&gdpr=0&gdpr_consent= HTTP 302
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=6bb16993b48f0e71&is_secure=true&networkId=17100&version=1&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAE4HKEElTsqQNjDf7VAAAAAAA&expiration=1662488774&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&is_secure=true&gdpr_consent=&gdpr=0
Request Chain 212
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5e5d81cf-122b-4a9c-9108-7114f8719535&gdpr=0&gdpr_consent=
Request Chain 213
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4032320738726574262&gdpr=0&gdpr_consent=
Request Chain 214
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4
Request Chain 215
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
Request Chain 217
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=283&user_id=470ca248-9f37-4938-bef6-321cf2e74cb8&expires=1&user_group=5&ssp=pubmatic&bsw_param=114cb03c-984e-472c-86ef-eff5c043abf4 HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 218
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B331_F5BEBE1A_3BDBEA52&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
  • https://pmp.mxptint.net/sn.ashx?ak=1
Request Chain 219
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=273704926017452642
Request Chain 259
  • https://sb.scorecardresearch.com/b?c1=2&c2=10276888&ns__t=1662402374728&ns_c=UTF-8&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&c7=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1662402374728&ns_c=UTF-8&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&c7=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&c9=
Request Chain 264
  • https://sb.scorecardresearch.com/c2/10276888/cs.js HTTP 302
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
Request Chain 272
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=4032320738726574262&ex=appnexus.com
Request Chain 274
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4314556371279844782841
Request Chain 301
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=6lb1rO8D8KzxUaCsuAHpquxT8P_xXPyiv1amiIXk
Request Chain 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%2526gdpr%253D0%2526gdpr_consent%253D&ct=y
Request Chain 303
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=80&3pid=L7P3GA77-14-DC4F&gdpr=0
Request Chain 304
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent= HTTP 302
  • https://px.owneriq.net/fr/epx.gif
Request Chain 305
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=FRESbBZH1ezf_uvkQiiWfS6Y&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=3&3pid=5d8e6316-3f46-4300-9c36-e08cab2310c1&gdpr=0&gdpr_consent=
Request Chain 307
  • https://rtb.openx.net/sync/dds HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=K4wUsbDAjZKVTZbBxF-cnw==&ox_sc=1&ox_init=1 HTTP 302
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Request Chain 308
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=536872786&val=5d8e6316-3f46-4300-9c36-e08cab2310c1
Request Chain 309
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID} HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537073028&val=5e5d81cf-122b-4a9c-9108-7114f8719535
Request Chain 310
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072977&val=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
Request Chain 311
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=f2a4ed71-4241-093b-39d8-42a024ca6729 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=f2a4ed71-4241-093b-39d8-42a024ca6729
Request Chain 314
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=3a1c2413-2d48-11ed-903d-170bbb690503 HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=3a1c23db-2d48-11ed-903d-170bbb690503
Request Chain 315
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
  • https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=4032320738726574262
Request Chain 316
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=7ead435e-a2cd-4cbf-8876-adb66822613f&ph=c6b01e12-aa62-4ae6-9e10-71346e597c31&r=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DF2Stothm3wg5g6opTuaPadz9%26source_user_id%3D HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=3ab96bb0-ab02-0951-3692-fc3c1d8d044d
Request Chain 317
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&gdpr=0&gdpr_consent=
Request Chain 357
  • https://usermatch.krxd.net/um/v2?partner=google HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=UEQ3QjAydkQ HTTP 302
  • https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
Request Chain 358
  • https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=UEQ3QjAydkQ HTTP 302
  • https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
Request Chain 362
  • https://sync-tm.everesttech.net/upi/pid/NC4WTmcy?redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner_id%3Dcb276571-e0d9-4438-9fd4-80a1ff034b01%26puid%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YxY-RgAE-bZcqQBN
Request Chain 363
  • https://ps.eyeota.net/match?bid=i0r4o4v&uid=PD7B02vD HTTP 302
  • https://ps.eyeota.net/match/bounce/?bid=i0r4o4v&uid=PD7B02vD
Request Chain 364
  • https://usermatch.krxd.net/um/v2?partner=beeswax HTTP 302
  • https://match.prod.bidr.io/cookie-sync/krux?partner_user_id=PD7B02vD
Request Chain 365
  • https://usermatch.krxd.net/um/v2?partner=mediamath HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10031&mt_exuid=PD7B02vD&redirect=https://beacon.krxd.net/usermatch.gif?partner%3Dmediamath%26partner_id%3D%5BMM_UUID%5D HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=5d8e6316-3f46-4300-9c36-e08cab2310c1
Request Chain 367
  • https://usermatch.krxd.net/um/v2?partner=neustar HTTP 302
  • https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=PD7B02vD
Request Chain 368
  • https://ssum-sec.casalemedia.com/usermatchredir?s=183716&cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__ HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__&s=183716&C=1 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YxY-R-sDvI8TTtYUEMh6VAAA%26026
Request Chain 369
  • https://sync.srv.stackadapt.com/sync?nid=salesforce HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=AbRAvIwhQax0rZSP3crf7pU4mbQ
Request Chain 370
  • https://usermatch.krxd.net/um/v2?partner=triplelift&gdpr=0&cmp_cs=&us_privacy=undefined HTTP 302
  • https://eb2.3lift.com/xuid?mid=3587&xuid=PD7B02vD&dongle=13b2&gdpr=0&cmp_cs=&us_privacy=undefined
Request Chain 392
  • https://ml314.com/csync.ashx?fp=PD7B02vD&person_id=3629847580089778247&eid=748&return=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dmadisonlogic%26partner_uid%3D3629847580089778247 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3629847580089778247
Request Chain 398
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
Request Chain 399
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY-R-sDvI8TTtYUEMh6VAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
Request Chain 400
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJWEppLbzg-HhLhBp52CPso&google_cver=1
Request Chain 401
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzMjMyMDczODcyNjU3NDI2Mg%3D%3D
Request Chain 435
  • https://5ew8d-b3mmu.ads.tremorhub.com/ad/tag?adCode=5ew8d-hg1g0&playerWidth=640&playerHeight=480&srcPageUrl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&supplyCode=5ew8d-b3mmu&skip=0&delivery=1&placement=1&schain=1.0,1!distroscale.com,6243197009,1,,,&transactionId=49ad21bd-0e06-4a33-bd73-b370fd8251d5&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&hb=1&fmt=json HTTP 302
  • https://5ew8d-b3mmu.ads.tremorhub.com/ad/tag?adCode=5ew8d-hg1g0&playerWidth=640&playerHeight=480&srcPageUrl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&supplyCode=5ew8d-b3mmu&skip=0&delivery=1&placement=1&schain=1.0,1!distroscale.com,6243197009,1,,,&transactionId=49ad21bd-0e06-4a33-bd73-b370fd8251d5&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&hb=1&fmt=json&_tur=T

511 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
nationalpost.com/news/politics/
Redirect Chain
  • https://u12097671.ct.sendgrid.net/ls/click?upn=9rudYHeevExQpJ5A1h-2BA7d1MAgxAcU8tnD95e0wW2LiVSXuNk0qMXXtW26iHRhhdlLrILHzlDn3l2KnxgpApug-3D-3D0HWC_d7OyPoEP8XqHWqaOM6Daaoeb8sFkC1LMfrHMequSXSs-2B-2FAn...
  • https://app2.cision.com/redir?s=9500000638272280
  • https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
470 KB
91 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.249.109 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
109.249.111.34.bc.googleusercontent.com
Software
nginx/1.14.2 /
Resource Hash
974e6ec4ca8356d74ab0e4b2b53e852db9f890e2ab241cf5a3a657d7cbe6f2eb
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-dynamic' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
max-age=300
content-encoding
gzip
content-security-policy
default-src * 'unsafe-eval' 'unsafe-dynamic' 'unsafe-inline' data: blob:
content-type
text/html; charset=utf-8
date
Mon, 05 Sep 2022 18:26:12 GMT
expires
Mon, 05 Sep 2022 18:31:12 GMT
permissions-policy
autoplay=(*), camera=(*), display-capture=(*), encrypted-media=(*), fullscreen=(*), geolocation=(*), microphone=(*), payment=(*)
referrer-policy
strict-origin-when-cross-origin
server
nginx/1.14.2
strict-transport-security
max-age=31536000
vary
Accept-Encoding Accept-Encoding user-agent
via
1.1 google
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-pmd-backend
cheetah-nginx pmd-nginx-proxy-6f99888d5c-n62r5
x-pmd-cache
MISS

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
74610300ec2d4bb9-YUL
content-length
0
date
Mon, 05 Sep 2022 18:26:11 GMT
location
https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
server
cloudflare
server-timing
intid;desc=d878ec343ad2a497
x-application-context
application:production
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
837a36a83a7b0b74bb97e024a71398237be9ea134574460ef337d0ed99d3d9e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28554
x-xss-protection
0
server
sffe
etag
"1325 / 393 of 1000 / last-modified: 1662156382"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 05 Sep 2022 18:26:13 GMT
184635-225789216445563.js
js-sec.indexww.com/ht/p/ 		180 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3c74ef042bfcf702752741a8c0fd1e1f8c691dc3b270a2c2f1739365596dc71c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:13 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Sep 2022 18:01:37 GMT
Server
Apache
ETag
"da1b26-2d156-5e7f1def67fd8"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2200
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
46162
Expires
Mon, 05 Sep 2022 19:02:53 GMT
publishertag.js
static.criteo.net/js/ld/ 		119 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
11b360963cee2563b6f93fc397a436c1c5b8ace543f35a9bb76095bd40ceccb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
last-modified
Tue, 23 Aug 2022 00:22:12 GMT
server
nginx
etag
W/"63041db4-1ddab"
strict-transport-security
max-age=31536000; preload;
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Tue, 06 Sep 2022 18:26:13 GMT
aax.js
c.aaxads.com/ 		392 KB
111 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.aaxads.com/aax.js?pub=AAX24X4M7&hst=nationalpost.com&ver=1.2
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2e8c01b60beeee6e8cd9d8eacb279ca992f4528dcf3562e76b48d6abb743819f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=604800
content-encoding
gzip
server
Apache
date
Mon, 05 Sep 2022 18:26:13 GMT
vary
Accept-Encoding
x-mnet-h
E
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=1800
content-type
text/javascript; charset=utf-8
expires
Mon, 05 Sep 2022 18:56:13 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		166 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8efa950be6d28aa1103053638a776ab8f2dcda011254bab316bc409018714e33

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 05 Sep 2022 17:36:23 GMT
via
1.1 368146333bf1a1071e8432a7d4e41e1a.cloudfront.net (CloudFront), 1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
last-modified
Thu, 01 Sep 2022 20:50:54 GMT
server
AmazonS3
age
2991
etag
W/"350e165fc9b88312c43a9ba90eba4e3d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-pop
IAD89-C3, JFK50-P1
content-encoding
gzip
x-amz-cf-id
Jh4_M3ZmjEDbpij6D8qef0KVNGkrpPFoCGUIRcM9huei6b9-yKna5w==
iasPET.1.js
cdn.adsafeprotected.com/ 		22 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adsafeprotected.com/iasPET.1.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-51.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Wed, 31 Aug 2022 09:25:55 GMT
Via
1.1 afb1814e7bfe68bf09d94722db50d432.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Wed, 02 Jun 2021 17:38:57 GMT
Server
AmazonS3
Age
464419
ETag
"51636de3ce868a2172f9e6996c2934e0"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Cache-Control
max-age=604800
X-Amz-Cf-Pop
EWR50-C1
Accept-Ranges
bytes
Content-Length
22521
X-Amz-Cf-Id
VROF2Xrb-X0JWXtpKgCyJPY5kD93M4dnTr7mghNdlowvgv1KW4_9Hg==
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=PT+Sans:700%7CPT+Serif:400,700%7CRoboto:400,700&display=swap
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f6188add36e8cf36585300840eade35fea02cbcd9a512cce7db22fe89f8e14eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 17:44:17 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 05 Sep 2022 18:26:13 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Sep 2022 18:26:13 GMT
advertising.js
www.npttech.com/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.npttech.com/advertising.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bf95 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3880
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
JNMEQGQ9NJ9E6X1S
x-amz-id-2
fxImh/8M8kos4PfArLZQ66EMsMP9XUBIudAFPFkNaHH9tQrUf3+tzsmbOphXS4daZ7ig6eUbrKc=
last-modified
Wed, 19 Jun 2019 08:25:01 GMT
server
cloudflare
etag
W/"3d6f80c860866175f58a84bbbc9217c6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7Mh5gfce9Gcz6iyVJBbTapl1c83206%2FolkAT1wx1BRPbVbDisSFaqKMjafWFdDDst2%2FB2sACOKh%2FbHc%2FXHjn1ADXGmec5ip94oYFkTPjAlMpMOskPV0Wv371XJviLU7LnUSYckCCRw7vgACWNM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=28800
x-amz-version-id
hXQWgdpwSBM26VgKOeTSlm.4VT89.h9w
cf-ray
746103104ee37145-YUL
LoginRadiusV2.js
auth.lrcontent.com/v2/js/ 		199 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.lrcontent.com/v2/js/LoginRadiusV2.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:835 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c
Security Headers
Name Value
Strict-Transport-Security max-age= 63072000; includeSubdomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
via
1.1 c1c976b1b60b605adb44f62da9e0bb8a.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
age
4624
cf-polished
origSize=1238069
x-cache
Miss from cloudfront
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 05:19:58 GMT
server
cloudflare
etag
W/"ae3463c4a59ae100b160ed4dd5dbf4b8"
strict-transport-security
max-age= 63072000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=14400
x-amz-cf-pop
EWR52-C3
cf-ray
7461030fdfb34bd6-YUL
x-amz-cf-id
UKx_SLTr25mJR9OxZ3Jl1iZpjZMyCaPjbVBPFMpyn7yVrNt_E6CAIg==
cf-bgj
minify
spm.v1.min.js
ak.sail-horizon.com/spm/ 		121 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.163.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-163-28.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3021dbc38c2dfd3da4cda6c72c24bc160cfc2ff37cb8acb9b2d16ba5da750274

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:22:26 GMT
content-encoding
gzip
last-modified
Tue, 23 Aug 2022 19:28:34 GMT
server
AmazonS3
age
228
etag
W/"5ac321f76860c47cd57c582425e76274"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1390ccfba3b832e28ba659d704aa57ba.cloudfront.net (CloudFront)
cache-control
max-age=600; must-revalidate
x-amz-cf-pop
EWR53-C3
x-amz-cf-id
9lCPGIlLfzGxAIg7D9dB7l6fOhxCo8zB6o1TDnqdx9kPMk0c3gY-Sw==
fem.js
fem.gprod.postmedia.digital/v65.0/ 		286 KB
287 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fem.gprod.postmedia.digital/v65.0/fem.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
39b6a19464f16eb6efa94935d0ab5a0c86bf1e8916aeb19d568598c547122842

Request headers

Referer
https://nationalpost.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:14:12 GMT
x-goog-meta-goog-reserved-file-mtime
1660594674
age
721
x-guploader-uploadid
ADPycdsUCLx4RUtDXf4B15bE68usca204x9z8j9iaoLKGyPoGKR0hiDYyHHNKx_WOLMAhKhMXyfP7C_kuCRbmQ2KpEgJ8xZkLhtn
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
293080
last-modified
Mon, 15 Aug 2022 20:19:19 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"bf33b9adc465c8827a270cd67f5753fd"
x-goog-hash
crc32c=Qpom2Q==, md5=vzO5rcRlyIJ6JwzWf1dT/Q==
x-goog-generation
1660594759679380
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-cache-hit
hit
x-goog-stored-content-length
293080
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:14:12 GMT
icon-close-black.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/common-icon/ 		378 B
656 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/common-icon/icon-close-black.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
15b54a90686829d59ef0c2bc6a9e2e82b6a11536be56acf2b4ff414b081c891d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:02:57 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
1396
x-guploader-uploadid
ADPycduhU3Jbgf_HiU2LP0_n_ZGOYx5bigZWs_2zz4nZn-Q_2AcxmUBl77FcqLwUwySnA71OLpFD2ZW0HOGN2BoudNX1NQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
378
last-modified
Mon, 29 Aug 2022 15:07:04 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"6b517647b75beac7cede4e634ea51094"
x-goog-hash
crc32c=wbQwCg==, md5=a1F2R7db6sfO3k5jTqUQlA==
x-goog-generation
1661785624088010
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
378
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:02:57 GMT
icon-circle-email.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		976 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-circle-email.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2a647bbfb5c6723ca10f9833ae08d3381b0061f982959571e56a55d7768cb7a5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:51:25 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
2088
x-guploader-uploadid
ADPycdumTXgzLNw41Rsfr4m-KmXUrxYUW5SXc55DI46BBkgYBQa4h1lY2RKdfYLrJl1fYAE1Yle3Y8tlA8W3SEpRyrerzg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
976
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"bef02ad8b1f137bbb303cefe8614b69f"
x-goog-hash
crc32c=ZVCajw==, md5=vvAq2LHxN7uzA87+hhS2nw==
x-goog-generation
1661785636778146
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
976
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:51:25 GMT
icon-soc-fb.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		775 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-fb.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
40e562e806ce113ae7879d0dd76db82797b5c274794751c260381f2c8b283641

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:42:42 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
2611
x-guploader-uploadid
ADPycdtEYTuqw8qXFsg2PQiLa6TvJeCHJ6G1t2F5C50i8NepxeFnbz3PX9cJsMh2FOjHnhgybls_W3H2kVrCzOILhEzrjw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
775
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"993353c51244defcc16154eac23ff88d"
x-goog-hash
crc32c=Z/aKUg==, md5=mTNTxRJE3vzBYVTqwj/4jQ==
x-goog-generation
1661785636757836
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
775
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:42:42 GMT
icon-soc-tw.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-tw.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
975a64dc9bbc5e1884ba8ca2e76d9b2791d16d5c9f3619bf30477cd21a8636d2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:12:06 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
847
x-guploader-uploadid
ADPycdvx5820hOWVx2sKMt25WNvycpzzNu11h0bS-K4c2exgSSK1O2vBmU7QRm2pqU7Mimd5ZySMkLV3Q3V43ETqbgIDWg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1698
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"df82c342c1176b84253c53e6e10eed05"
x-goog-hash
crc32c=cbPk0w==, md5=34LDQsEXa4QlPFPm4Q7tBQ==
x-goog-generation
1661785636989996
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
1698
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:12:06 GMT
icon-soc-rdit.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-rdit.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1fb82c9bb456f6d5336430ebb3d5b1e596ceb303ee99690f0c9187aa13a0cd43

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:49:28 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
2205
x-guploader-uploadid
ADPycdsf3QkcVY3bsNHaH4MhyvqBxB7Omw9jFLytO96YVbZqe-Bw-27298eBWz5tSumZoii-tSH-tPoqCLnVR9w1ohXIJg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2135
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"0304b8d3870cc1f4f888574a14022da4"
x-goog-hash
crc32c=GJubKw==, md5=AwS404cMwfT4iFdKFAItpA==
x-goog-generation
1661785636991134
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
2135
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:49:28 GMT
icon-soc-pin.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-pin.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
73ce21104cbd5c5d38a7f58633f41f6aaf3cf9bb58d2166935871115df10086f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:33:41 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
3152
x-guploader-uploadid
ADPycdtft6Xbm_tS354El9L8p1K5MZIW4wQ-nS4OzTne_98mqozNlPr-EKnAa46uFV3M0VApKwErqmpRACC_tikVGEFv6g
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1904
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"7dbe30e1f3c16e83b217e86f8fe87986"
x-goog-hash
crc32c=CmGx6w==, md5=fb4w4fPBboOyF+hvj+h5hg==
x-goog-generation
1661785636888365
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
1904
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:33:41 GMT
icon-soc-li.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		739 B
1012 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-li.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
73f5cb8f7a137847e41aeb849588174535651b6e140d8b13575f46fff0c496a2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:41:49 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
2664
x-guploader-uploadid
ADPycduo9MLtjU1jKRyQ6OobpTmC17C8oqTcoJcW4VJx38CCFmyeioQv5xWNAVhHvQnNDR26MAdd_57aAg1w7ZQUWufHOQNxvupE
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
739
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"071e5c7f2df5f3dc2b856b2576752f1c"
x-goog-hash
crc32c=PfZM8A==, md5=Bx5cfy3189wrhWsldnUvHA==
x-goog-generation
1661785636871904
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
739
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:41:49 GMT
icon-soc-tblr.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		479 B
741 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-tblr.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
bd42ab1e963caae23b78541c50e8b5d8146d0c6b2151fcfcfa938c17c417f68e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:19:19 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
414
x-guploader-uploadid
ADPycdv97bd8-B-nUsIWB-KEbJHHPrtyywQuIvRM-HBrKj84nAN7xNTF2f_mQbi_z-bpx1zaLPkHl2vFXYWxM3_6aEgY3LiXzrax
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
479
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"1ace9edc1bbac746d584a7270d791ff9"
x-goog-hash
crc32c=08+Lmg==, md5=Gs6e3Bu6x0bVhKcnDXkf+Q==
x-goog-generation
1661785636965633
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
479
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:19:19 GMT
icon-circle-share.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		561 B
832 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-circle-share.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4bef0d2ce9ddd3dcd15889345ea8e4ae1eb38c2bcf50bcd76daed2dc63f0a424

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:27:10 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
3543
x-guploader-uploadid
ADPycdtVTUeY1u2F8TsodKtWg26GJiemzUEDQMkb8YzUcEWWWRCx6_e3avDApf_W4wh1C3VANveBBVUids_JVJp-u4YSaLq8cxzG
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
561
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"cbc289873c015f5baae7e9e8d4876ea9"
x-goog-hash
crc32c=9Je3tg==, md5=y8KJhzwBX1uq5+no1IduqQ==
x-goog-generation
1661785636723509
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
561
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:27:10 GMT
CERB-1.jpg
smartcdn.gprod.postmedia.digital/nationalpost/wp-content/uploads/2022/08/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smartcdn.gprod.postmedia.digital/nationalpost/wp-content/uploads/2022/08/CERB-1.jpg?quality=90&strip=all&w=564&h=423&type=webp
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
221.157.149.34.bc.googleusercontent.com
Software
nginx/1.19.10 /
Resource Hash
8314def528e4754680a52208233bae39f52790f2614e4fdcd718c21d0154a171

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-pmd-smartcdn-requester
nationalpost
date
Mon, 05 Sep 2022 18:13:54 GMT
via
1.1 google
server
nginx/1.19.10
cache-control
max-age=2592000,public
age
739
etag
"f53a27cdede132c8a0d1f7a08037899a02a681dc"
vary
Accept
content-type
image/webp
x-cache-hit
hit
x-pmd-smart-cdn-proxy
thumbor-proxy-6564f6b646-82rbh
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48822
icon-soc-ig-mono-rev.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-ig-mono-rev.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
71f27f30bcea1929b2e4fb409abe0baf4029759e1deb3ee316e21016463dff61

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:45:14 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
2459
x-guploader-uploadid
ADPycdsxqxgB2cRiKkvh4j_PpRJnVF4hih3kKdsN-NVPP2iZqhUv439Ex_PhqKQpNRQEc5s9zeme8i3Qnt4VV15Gh5gghg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1353
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"b9c985784130791835a08cc12884a71e"
x-goog-hash
crc32c=FM0Iow==, md5=ucmFeEEweRg1oIzBKISnHg==
x-goog-generation
1661785636757087
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
1353
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:45:14 GMT
icon-soc-fb-mono-rev.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		335 B
596 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-fb-mono-rev.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b969062e9d8f77e55dfc37bb35728e3401c636595aaf97e4e68ce300bfa2b293

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:54:42 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
1891
x-guploader-uploadid
ADPycduUnGNq6Z1m8QYloPOAmFe43jith9uCYQKPcNtG6Y0Q8GgHyGmRqqG-QRKqoTH_c65h46tPG5YsAThCXdaHDuuUBuW2M6Dk
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
335
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"12b149c777edf566e286ab1d5090c085"
x-goog-hash
crc32c=c3M8/A==, md5=ErFJx3ft9WbihqsdUJDAhQ==
x-goog-generation
1661785636816443
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
335
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 18:54:42 GMT
icon-soc-yt-mono-rev.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		473 B
763 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-yt-mono-rev.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
8693aa2d6442bba7224236e021765c95fe40f7cfc6b6c9afd8c717c665f8a365

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:06:13 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
1200
x-guploader-uploadid
ADPycdv7Q08nM0su4tYkR2L6fwPcDMJCkWvXQK9KdAffR3fwFuLBPe5xp3DqEM39fv_PCm5YG1NO4w2MpM-QOL6d62f-nw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
473
last-modified
Mon, 29 Aug 2022 15:07:17 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"3fabf226ea91f1c5450a49fad2d66448"
x-goog-hash
crc32c=rjmEhA==, md5=P6vyJuqR8cVFCkn60tZkSA==
x-goog-generation
1661785637094089
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
473
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:06:13 GMT
icon-soc-tw-mono-rev.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/ 		898 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/share-icons/icon-soc-tw-mono-rev.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ca7bce9264a3918442d3e653b968361223ede24753232c713ead830aa5446722

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:05:50 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
1223
x-guploader-uploadid
ADPycdspBt9GUN3io932gk01In9CdZXfwkRNNt2aAEfI3I4C8VjTKZl8J46M76LP0f7hrllanPzVu5E7d5pd9OQoq-buBg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
898
last-modified
Mon, 29 Aug 2022 15:07:16 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"2a492f7362f1cb5f70d4561bc1e89353"
x-goog-hash
crc32c=GNX3Cw==, md5=Kkkvc2Lxy19w1FYbweiTUw==
x-goog-generation
1661785636971429
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
898
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:05:50 GMT
shared.1997875d49d6.js
dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/ 		24 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
becabc47bfe658f4ca9806acd04c1c50c7eae97bab13e3f0f0b2b72084190fdb

Request headers

Referer
https://nationalpost.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:14:21 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
712
x-guploader-uploadid
ADPycdsnc7oDQa4ezJj8umNAVz5AoFuAhu_z391qlxBE_559MOH0zK9jWet-rhcuK859lcuDZUf2FmTJVBdYiBieay-5Tw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24106
last-modified
Mon, 29 Aug 2022 15:06:50 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"407fab81cb23b34f11ee9aa37e509ba6"
x-goog-hash
crc32c=fbsiSw==, md5=QH+rgcsjs08R7pqjflCbpg==
x-goog-generation
1661785610127248
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-cache-hit
hit
x-goog-stored-content-length
24106
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:14:21 GMT
main.ea896e2d9d40.js
dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/ 		107 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/main.ea896e2d9d40.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ea896e2d9d40ccdd7043192c7b1516e369a47df43f1863e3044f4e9aa73a6f31

Request headers

Referer
https://nationalpost.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:41:32 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
2681
x-guploader-uploadid
ADPycdsVXk6vxES0O9YWo-6z_PlnMMI8NKa0mkn8XbjwoAO3z1ZbIkJqPTt3BNDcu0NYz2WuSEi4L37IXC22yujSZgamtfsfUwzA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
109204
last-modified
Mon, 29 Aug 2022 15:06:50 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"1b312de25eaa475b77c7437f9aad2689"
x-goog-hash
crc32c=zBB5gw==, md5=GzEt4l6qR1t3x0N/mq0miQ==
x-goog-generation
1661785610377363
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
x-cache-hit
hit
x-goog-stored-content-length
109204
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:41:32 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:700%7CPT+Serif:400,700%7CRoboto:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 10:24:38 GMT
x-content-type-options
nosniff
age
288095
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 10:24:38 GMT
jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v17/ 		46 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v17/jizfRExUiTo99u79B_mh0O6tLQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:700%7CPT+Serif:400,700%7CRoboto:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Tue, 30 Aug 2022 08:37:20 GMT
x-content-type-options
nosniff
age
553733
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47048
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:55:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Aug 2023 08:37:20 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:700%7CPT+Serif:400,700%7CRoboto:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:32:04 GMT
x-content-type-options
nosniff
age
428049
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 31 Aug 2023 19:32:04 GMT
carousel-previous.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/common-icon/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/common-icon/carousel-previous.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e5bab9427ec1d36c811e3ca40b2a1014b330dea0fc48b787041c572e1fdc4f28

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:05:17 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
1256
x-guploader-uploadid
ADPycduUjCGf4A7pjyiU55K8HgTfaav1CRBYCsIYScnTvc7BwVUmzx9CrQHRRQzqIU2lOZNcv3e7mVH_zzkCXVcfwLfDYogAC1XZ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1204
last-modified
Mon, 29 Aug 2022 15:07:03 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"23fbd7cd311279a2b6eb68d8f6059047"
x-goog-hash
crc32c=RxdKhw==, md5=I/vXzTESeaK262jY9gWQRw==
x-goog-generation
1661785623764720
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
1204
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:05:17 GMT
carousel-next.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/common-icon/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/common-icon/carousel-next.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b510ee91066f77f938f78422378a73f44818d0ee661c0ccb5ad398cc7dd6b080

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:00:26 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
1547
x-guploader-uploadid
ADPycdu4yjNLuA2owO_VAbNM--0wIry3I_l89warDl4QmaA5C1AsX_gOJrUR4dFAYoxPRArhXYAaSG_WkNQbv3UF8MIHCgTk2nEs
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1204
last-modified
Mon, 29 Aug 2022 15:07:03 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"735fdba5ead6fce3777e91bf3fee8dd6"
x-goog-hash
crc32c=8FG2nQ==, md5=c1/bperW/ON3fpG/P+6N1g==
x-goog-generation
1661785623734597
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
1204
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:00:26 GMT
EJRVQgYoZZY2vCFuvAFWzr8.woff2
fonts.gstatic.com/s/ptserif/v17/ 		32 KB
32 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptserif/v17/EJRVQgYoZZY2vCFuvAFWzr8.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:700%7CPT+Serif:400,700%7CRoboto:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d355afb9705c3f8651f6a1f813b4670b758d59a17783830f534e7a8839c5b666
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 23:44:34 GMT
x-content-type-options
nosniff
age
240099
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32900
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 15:44:11 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 23:44:34 GMT
EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
fonts.gstatic.com/s/ptserif/v17/ 		29 KB
29 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptserif/v17/EJRSQgYoZZY2vCFuvAnt66qSVys.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:700%7CPT+Serif:400,700%7CRoboto:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7f9694a5641741d04e1c98eb1011059826aa5feb34e47d2b2f95bdb47cb0c2f5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 23:29:27 GMT
x-content-type-options
nosniff
age
241006
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29492
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:29:15 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 23:29:27 GMT
NP_HeadlineNews.svg
dcs-static.gprod.postmedia.digital/11.4.5/websites/images/newsletters/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/images/newsletters/NP_HeadlineNews.svg
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
972e3f1f6fcaf89d68e9b9b42c05ce6740d4abf4a095bb27d119917ba844a19c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:20:20 GMT
x-goog-meta-goog-reserved-file-mtime
1661530548
age
353
x-guploader-uploadid
ADPycdszm5uKYJlUjHW3c4-0hgoYWgJg32mhjAfAya4OnH6eTMFyvjBNILu9FXewZawWmoPLsZeO94g0OpcUHT_Ikd8goQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15367
last-modified
Mon, 29 Aug 2022 15:07:14 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"1a0ef92a43ce80a792be6cc7f6886e66"
x-goog-hash
crc32c=Oixf/w==, md5=Gg75KkPOgKeSvmzH9ohuZg==
x-goog-generation
1661785634312339
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
15367
accept-ranges
bytes
content-type
image/svg+xml
expires
Mon, 05 Sep 2022 19:20:20 GMT
Cyberattack_CRA_20200817-scaled-e1597682735359.jpg
smartcdn.gprod.postmedia.digital/nationalpost/wp-content/uploads/2020/08/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smartcdn.gprod.postmedia.digital/nationalpost/wp-content/uploads/2020/08/Cyberattack_CRA_20200817-scaled-e1597682735359.jpg?h=96&strip=all&quality=80
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
221.157.149.34.bc.googleusercontent.com
Software
nginx/1.19.10 /
Resource Hash
dd0ee9d51ca2c512e266d55defce610c5f871636964ce9225c81bfc01005c7a3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-pmd-smartcdn-requester
nationalpost
date
Mon, 05 Sep 2022 18:22:28 GMT
via
1.1 google
server
nginx/1.19.10
cache-control
max-age=2592000,public
age
225
etag
"bae9dc5d957fb6f71bf5c1924addab92d46ee42c"
vary
Accept
content-type
image/webp
x-cache-hit
hit
x-pmd-smart-cdn-proxy
thumbor-proxy-6564f6b646-2qn7b
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3510
Daniel-Therrien.jpg
smartcdn.gprod.postmedia.digital/nationalpost/wp-content/uploads/2022/05/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://smartcdn.gprod.postmedia.digital/nationalpost/wp-content/uploads/2022/05/Daniel-Therrien.jpg?h=96&strip=all&quality=80
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
221.157.149.34.bc.googleusercontent.com
Software
nginx/1.19.10 /
Resource Hash
541cfb7b64391ec90ea061be62a9e35b0c05c279c42afa79dac13d292ab71d6e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-pmd-smartcdn-requester
nationalpost
date
Mon, 05 Sep 2022 18:22:29 GMT
via
1.1 google
server
nginx/1.19.10
cache-control
max-age=2592000,public
age
224
etag
"28856440a2e3ed26be3a32740c585cf68c24e49c"
vary
Accept
content-type
image/webp
x-cache-hit
hit
x-pmd-smart-cdn-proxy
thumbor-proxy-6564f6b646-szt4x
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3140
xd.html
fem.gprod.postmedia.digital/v65.0/ Frame FE7A 		165 B
195 B 		Document
General
Check archive.org
Download Go to
Full URL
https://fem.gprod.postmedia.digital/v65.0/xd.html
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d457d35d10a7a69cd98dbcf77dc115ca88966b41b69df6afeed15ced4603ca5e

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1581
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-length
165
content-type
text/html
date
Mon, 05 Sep 2022 17:59:52 GMT
etag
"5d59183f5720a57fd7588d9e0eba2200"
expires
Mon, 05 Sep 2022 18:59:52 GMT
last-modified
Mon, 15 Aug 2022 20:19:21 GMT
server
UploadServer
x-cache-hit
hit
x-goog-generation
1660594761393943
x-goog-hash
crc32c=lpEijw== md5=XVkYP1cgpX/XWI2eDroiAA==
x-goog-meta-goog-reserved-file-mtime
1660594674
x-goog-metageneration
1
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
165
x-guploader-uploadid
ADPycdvupOJNCUrqnIE5QZtMipITQHif6vZeaoU6m5yaA3YeTPxkPBJrq3ck-Syr5S6IeOjba60uuiNsmUnZ2LEbcufT8A
23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/ 		325 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:451 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db09be9f62f5bbe15eebcf8e9f3d5e69943108ecc54302628e002932317f56b2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
br
cf-cache-status
HIT
x-goog-meta-oid
23dc09d6-b664-425a-a76e-0eed6a6cc102
age
2381
x-guploader-uploadid
ADPycducwIJcPpJ73QaQBMFylGiwc08lqWsIn7ehQeiNfLueD6P-KAgnZ5zf6mj7HEWz5e1_43MyaYU2i--L-uK6wOErNg
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-type
application/javascript
last-modified
Fri, 02 Sep 2022 19:43:39 GMT
server
cloudflare
etag
W/"f52493f66a3436efcef802469726440c"
vary
Accept-Encoding
x-goog-hash
crc32c=KC+B5w==, md5=9SST9mo0Nu/O+AJGlyZEDA==
x-goog-generation
1662147819154500
cache-control
public, max-age=900
x-goog-stored-content-length
96816
cf-ray
74610311cd097133-YUL
expires
Mon, 05 Sep 2022 18:41:13 GMT
pubads_impl_2022083001.js
securepubads.g.doubleclick.net/gpt/ 		379 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4baa280c316f80216c7d9dcb64f308726f23cfe4fd4ada8d36aee7c3ea101108
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Sat, 03 Sep 2022 16:22:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
180237
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
131975
x-xss-protection
0
last-modified
Tue, 30 Aug 2022 08:35:16 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 03 Sep 2023 16:22:16 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		279 B
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=nationalpost.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
719cad5bbadf88b575216439c854bdf2fda467462bf20782794cfd1bf2272d37
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
151
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:13 GMT
identity
api.rlcdn.com/api/ 		0
253 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.155.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.155.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
rid
match.adsrvr.org/track/ 		109 B
543 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=184635
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
dc326385f91e0481b086edfbc7c95d483be92ff2a96b7167328171baa94d0b3d

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://nationalpost.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
109
expires
Wed, 05 Oct 2022 18:26:13 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		248 B
597 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3528&u=https%3A%2F%2Fnationalpost.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
7beb96ef759b267b4159270a64ca009646a2e9a725882896b3dd431198b92058

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 14:42:39 GMT
via
1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
server
Server
age
13413
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://nationalpost.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
JFK50-P1
content-length
248
x-amz-cf-id
EV_942_2dutZvKbrPrjQbIZolTyvUFzWBlWltGYx9mhZGfWL-ngonw==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id
tKimXuvhjexkvOlm5D.ynBWfUtiJgbbH
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
58946
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Wed, 24 Aug 2022 19:06:24 GMT
server
AmazonS3
date
Mon, 05 Sep 2022 02:03:48 GMT
vary
Accept-Encoding,Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 fa2a1404411f25eb7c3c4def0c2864e6.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
JFK50-P1
x-amz-cf-id
HM8PeOStjAr82tbzpucpYx2zIco-P1ZEFlUnSfEUFDojkruv-cNjZw==
44fadb2e016752bbc2bd0.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		7 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/44fadb2e016752bbc2bd0.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
8512a94c30dc7fda4931ae11fc195ee3f2cbad5dff1dc2567cf3725c33093b2d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:53:44 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
1949
x-guploader-uploadid
ADPycduZd8gAvrs2DJKBoiJaqkzyU1HQ_eF3kbClcvTrCO6SPTYZ_PcIvzCt8aC_C9-Pv_CKN0DOJfYgTmb6wmiDuwjeeQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7123
last-modified
Mon, 29 Aug 2022 15:07:25 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"17eaf306b1554c518adf25a681d7b0f2"
x-goog-hash
crc32c=WGhHWA==, md5=F+rzBrFVTFGK3yWmgdew8g==
x-goog-generation
1661785645344561
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
7123
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:53:44 GMT
a2ab544ae6c48636370816.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/a2ab544ae6c48636370816.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
d47f317138ec8083450b63c742957db8398eb19bae70913819b81dda472b6283

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:27:40 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
3513
x-guploader-uploadid
ADPycdum1AiugiR0gwoGHcQtW7sUHWytCxPj25hCxkOhkh8dOTDvyKWi0tCnrL9b39J1geUTg4pLmmlkYrlbhATCbUMgiQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10244
last-modified
Mon, 29 Aug 2022 15:07:30 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"865d805f405db9b3e24e2e196b221c77"
x-goog-hash
crc32c=ghE54w==, md5=hl2AX0BdubPiTi4ZayIcdw==
x-goog-generation
1661785650624935
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
10244
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:27:40 GMT
561b213e953ede0e5aca1.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		16 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/561b213e953ede0e5aca1.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3eb0f6e4f509e0bbf9aa348aa5cb22e08095ea1bf8730eb407b39ed39f07c3c7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:22:49 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
204
x-guploader-uploadid
ADPycdtR3lZioTQkucoH0cFBgCIGevElKKu91-T8udJIWb2g8vrnypPmWMT-h5GMyiCNzI5sBy-m3B39JTkA_RaO5gpstTpClJES
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16481
last-modified
Mon, 29 Aug 2022 15:07:26 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"6b6d2a7ffc1527c5e18a055c70fc812a"
x-goog-hash
crc32c=7JAhsg==, md5=a20qf/wVJ8XhigVccPyBKg==
x-goog-generation
1661785646578728
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
16481
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:22:49 GMT
b1afc1e626b5e50689de2.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		51 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/b1afc1e626b5e50689de2.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
c6b0566df39e9011007c8dd2ad2ea4b06bd883422e422fcc9ddccab47b4ddeee

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:55:12 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
1861
x-guploader-uploadid
ADPycdsIqkcunT4MWIAQEYUlu2eM5e5uzzsCikJJVKnfIwfkJqLnmgggHAk80SivUS62jXy0P7yz4uTp7U9rpb9d2eRfvg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52260
last-modified
Mon, 29 Aug 2022 15:07:31 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"58de1b25d4e215474f3446a447498adb"
x-goog-hash
crc32c=AkH3QA==, md5=WN4bJdTiFUdPNEakR0mK2w==
x-goog-generation
1661785651052194
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
52260
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:55:12 GMT
5f54a515a11c045d21db9.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		12 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/5f54a515a11c045d21db9.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
0b5bcd5e455fe140dfa582f1f66284a5af4f1de829a3341cca1720cc6b02d8ad

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:58:08 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
1685
x-guploader-uploadid
ADPycdv_H-a7ODbiAXmKw1V4pRcIK8N4T0i5HvxYjSpmcMuajr5KV8gAmf7616HU3mQd8U3NuyKAzF1SaJSzPjgFM06APg
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11948
last-modified
Mon, 29 Aug 2022 15:07:26 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"573821eee93af18fd784db707425fab0"
x-goog-hash
crc32c=Pbs9ng==, md5=Vzgh7uk68Y/XhNtwdCX6sA==
x-goog-generation
1661785646988508
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
11948
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:58:08 GMT
c2a48fed442a0877888932.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/c2a48fed442a0877888932.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6e3717c11e421a2267e1ab728461aeed493cbfdfe18e0448895effd0ec2454c2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:00:58 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
1515
x-guploader-uploadid
ADPycdsM9hC_lXD_T6d90Kw-VT4frZhtchco-WV9R0NgSVkJP7URGyqLuDAMMjkoAlRGUf6ga9t3aJw3ZS4kcvqK5pmrRkWjzfjP
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4731
last-modified
Mon, 29 Aug 2022 15:07:31 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"dc3bc4a484961daf4f3c08f808b24994"
x-goog-hash
crc32c=7fNu8A==, md5=3DvEpISWHa9PPAj4CLJJlA==
x-goog-generation
1661785651995288
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
4731
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:00:58 GMT
a794ac88a3de4568b4f27.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		20 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/a794ac88a3de4568b4f27.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
447eb00b6d62951a05e29ecab51b29122c21d4e6b59dd3d69952bfe6f5741220

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:12:52 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
801
x-guploader-uploadid
ADPycdsqPYgvddhiVPrjNi04wdLiFL7GAC4fv4BIYNJk8SZrnk1F0JeJq9YFeIhOvh6aXppYoPYJbBWUfZ4M-ZCP0dn_WQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20946
last-modified
Mon, 29 Aug 2022 15:07:30 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"5e9255a2f419a4de3182296246af5e62"
x-goog-hash
crc32c=Zud6XQ==, md5=XpJVovQZpN4xgiliRq9eYg==
x-goog-generation
1661785650832659
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
20946
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:12:52 GMT
5e81cf34a56e01b32cd817.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		54 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/5e81cf34a56e01b32cd817.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
6bde9c925714f94fdaf6c4047379535fee158807108bcc53b8a40489fd627a05

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:16:20 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
593
x-guploader-uploadid
ADPycdvOlIa0TyMdAzYzOFJRoi8Bfue4uYNwIPXlxuRKma3bUzkPcBKm0zmagt31eHQWKkgQ1EE9Wbgk_JokE-1j6XOc-w
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54909
last-modified
Mon, 29 Aug 2022 15:07:26 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"882721eeba9f551ef4500d07181a43a5"
x-goog-hash
crc32c=IvSajA==, md5=iCch7rqfVR70UA0HGBpDpQ==
x-goog-generation
1661785646929556
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
54909
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:16:20 GMT
7a8c62b980a55481fce15.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		16 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/7a8c62b980a55481fce15.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
54d22e3cfe61d7d3c91a2b45d4e0bf68f444e4ee4cd875cee9a5084dd13af0db

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:39:19 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
2814
x-guploader-uploadid
ADPycdsh3dRN2or-hpL9Vjf1uQBhW9kX5ZPc37bmHff_M8FEw5hzoQGugIxTP1rxtqFrugeSNAIO49MvQwZhZ2pe2AdGdw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16766
last-modified
Mon, 29 Aug 2022 15:07:28 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"a0eafe00f4b14b1551806e2cd15efc2b"
x-goog-hash
crc32c=MmOX9A==, md5=oOr+APSxSxVRgG4s0V78Kw==
x-goog-generation
1661785648628180
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
16766
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:39:19 GMT
630b966834c6cfc064fe6.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		15 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/630b966834c6cfc064fe6.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
dc37d5357099d1475d55c28ddcdc1c218ca37890be4a4b33e8e9413114c5ae0f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:13:25 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
768
x-guploader-uploadid
ADPycdt3Sw6NTkp6BljFFrf3nf3HgH7G8WBR5C1OkZ6aYBu98CwKmcv3M3EPYNV_WewvfCPWaXwKLINffukpCq_MSoWfpw
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14919
last-modified
Mon, 29 Aug 2022 15:07:27 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"590d4e6307cc8c08c0f4e14c66747e81"
x-goog-hash
crc32c=4EF2nA==, md5=WQ1OYwfMjAjA9OFMZnR+gQ==
x-goog-generation
1661785647380196
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
14919
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:13:25 GMT
2492a8a9cc03230157398.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		14 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/2492a8a9cc03230157398.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
90e125c512e72bee59bf8c3e6fd8233830709d4bb22c5791aa626ef2653a2127

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:49:58 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
2175
x-guploader-uploadid
ADPycdvbXNgYK44ncSlIkDEMUUKpAh4OZAMr8NaVqwZjxGsr9EDAnYth72BhPwwl7sKVVijIBTgIrBCINAaqd3edsXUNDmvr-XTt
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14321
last-modified
Mon, 29 Aug 2022 15:07:23 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"d4b80c4db8188442ea6036dd3eabdec5"
x-goog-hash
crc32c=h/lTYA==, md5=1LgMTbgYhELqYDbdPqvexQ==
x-goog-generation
1661785643851993
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
14321
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:49:58 GMT
e16e1c5be88692aaebea21.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		10 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/e16e1c5be88692aaebea21.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
79ac0a4f29873d7d66aa02765ae1c687af9685330ebe55210ab474058277668a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:39:36 GMT
x-goog-meta-goog-reserved-file-mtime
1661530550
age
2797
x-guploader-uploadid
ADPycdtaFYBIkNSPa6XmXdemUGVCqHd64cqfTsAQB09U7Mv-RO0CjmI8A2P2l8XjFbLs6y8YpOglhkTWrroNJM9WpfzSIkcR64Uj
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10370
last-modified
Mon, 29 Aug 2022 15:07:33 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"2fa88f3d7c6fdf8423f9399f0e81c53d"
x-goog-hash
crc32c=cnSO3A==, md5=L6iPPXxv34Qj+TmfDoHFPQ==
x-goog-generation
1661785653093574
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
10370
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:39:36 GMT
c4fa95310ed9a04e4e1210.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		22 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/c4fa95310ed9a04e4e1210.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
24fb15a65abfb973ff2004f5eaaf6661720869a7cc4837df7dfb54a45eb7751c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:57:50 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
1703
x-guploader-uploadid
ADPycdvHQ_zE1rNLA0vzjPiZ9sIFXtky0we8rHeUbUAUoxfyalIiA2EPEQrDflAdMJMUAZVDjiT35kZqXvWrVJM-r_Ok9cEVHLrJ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22425
last-modified
Mon, 29 Aug 2022 15:07:32 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"429d650255f345f290d730009350149f"
x-goog-hash
crc32c=k5pznQ==, md5=Qp1lAlXzRfKQ1zAAk1AUnw==
x-goog-generation
1661785652155201
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
22425
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:57:50 GMT
63dd8b15cddfa217569419.js
dcs-static.gprod.postmedia.digital/11.4.5/websites/js/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dcs-static.gprod.postmedia.digital/11.4.5/websites/js/63dd8b15cddfa217569419.js
Requested by
Host: dcs-static.gprod.postmedia.digital
URL: https://dcs-static.gprod.postmedia.digital/11.4.5/CACHE/js/shared.1997875d49d6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
e8fc7f1624adcfdcb70b286ee9e5c09fb3befa7258352d75f9544b55d89b8c37

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:16:28 GMT
x-goog-meta-goog-reserved-file-mtime
1661530549
age
585
x-guploader-uploadid
ADPycdtLGKoVuY2UrJi67ysTPKMAbUCrvT-yTKtfHu6oVhFc0TFyJST56c2GmXvlsM2-uuELWfxxmfDrtoDWmTVIRHEuVQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4096
last-modified
Mon, 29 Aug 2022 15:07:27 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"e48024026b430134fbb21128014eaaee"
x-goog-hash
crc32c=t34CUA==, md5=5IAkAmtDATT7shEoAU6q7g==
x-goog-generation
1661785647407367
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
4096
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:16:28 GMT
pxusr.gif
c.aaxads.com/ 		43 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.aaxads.com/pxusr.gif
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
last-modified
Mon, 26 Feb 2018 13:29:58 GMT
server
Apache
strict-transport-security
max-age=604800
content-type
image/gif
cache-control
max-age=382633
accept-ranges
bytes
content-length
43
expires
Sat, 10 Sep 2022 04:43:26 GMT
pxext.gif
www.aaxdetect.com/ 		43 B
323 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aaxdetect.com/pxext.gif
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.217.29.148 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-29-148.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:13 GMT
Last-Modified
Mon, 26 Feb 2018 13:29:58 GMT
Server
Apache
Content-Type
image/gif
Cache-Control
max-age=360311
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
Expires
Fri, 09 Sep 2022 22:31:24 GMT
xd.js
fem.gprod.postmedia.digital/v65.0/ Frame FE7A 		36 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fem.gprod.postmedia.digital/v65.0/xd.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/xd.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3ffa6d54106feb1bc10c78fe010acccbc13eee047bbec19d4d3a635a025048ed

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://fem.gprod.postmedia.digital/v65.0/xd.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:50:15 GMT
x-goog-meta-goog-reserved-file-mtime
1660594674
age
2158
x-guploader-uploadid
ADPycdulK1YFaB-G0--S_MxeaYj26dvIv0SDO96IMnaggC2HDnLc0NYl-PVOtZkdTkNhoVhB6yrHYSD8QglhLTt204ta3w
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
37361
last-modified
Mon, 15 Aug 2022 20:19:21 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"9d4ff26c45d304f316808c1109e72d0e"
x-goog-hash
crc32c=w+hNlA==, md5=nU/ybEXTBPMWgIwRCectDg==
x-goog-generation
1660594761382135
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
37361
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:50:15 GMT
pubcid.min.js
secure.cdn.fastclick.net/js/pubcid/latest/ 		53 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.217.43.215 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-43-215.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
last-modified
Tue, 01 Jun 2021 17:06:57 GMT
server
Apache
etag
"d398-5c3b75e9ebb41-gzip"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=900
accept-ranges
bytes
content-length
17087
expires
Mon, 05 Sep 2022 18:41:13 GMT
pxid
23dc09d6-b664-425a-a76e-0eed6a6cc102.prmutv.co/v2.0/ 		46 B
393 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://23dc09d6-b664-425a-a76e-0eed6a6cc102.prmutv.co/v2.0/pxid?k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.9.241.35.bc.googleusercontent.com
Software
Permutive /
Resource Hash
55a73cf3fb80e00430807e11f2eea59f28ab090e87a96fbeea2d5bbde2f8fc4e

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66
via
1.1 google
getuidj
ib.adnxs.com/ 		11 B
704 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
f2d754bf-a9d6-49b8-b03b-fe6c6743f880
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
23dc09d6-b664-425a-a76e-0eed6a6cc102-models.bin
cdn.permutive.com/models/v2/ 		15 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.permutive.com/models/v2/23dc09d6-b664-425a-a76e-0eed6a6cc102-models.bin
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.150.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cb29040edfd7b02c034e5711b5ec5312a40b7788d8ae6e971977d3ec564b216

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
cf-cache-status
HIT
x-goog-meta-oid
23dc09d6-b664-425a-a76e-0eed6a6cc102
age
2629
x-guploader-uploadid
ADPycdsbmWiXtRuRKN6Wce1ZbkW63xnOQaRC1d3iRoQ3vwxPTSWOxWB-_mpEuXaXQkCrzpzk9GqRHKSGE_Uo8dSvwEMQTFglPtYb
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-type
application/x-binary
content-length
10455
last-modified
Mon, 05 Sep 2022 06:02:41 GMT
server
cloudflare
etag
"f9c8f5035a4ad14a1e3b800bd44dcf67"
vary
Accept-Encoding
x-goog-hash
crc32c=EYFUBw==, md5=+cj1A1pK0UoeO4AL1E3PZw==
x-goog-generation
1662357761233932
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=900, no-transform
x-goog-stored-content-length
10455
accept-ranges
bytes
cf-ray
74610312e8bba21c-YYZ
expires
Mon, 05 Sep 2022 17:42:24 GMT
geoip
api.permutive.com/v2.0/ 		249 B
374 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
478e6af52fb68e56ea81b5b785d63530428644c5f656abef360da891644c3243

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
179
via
1.1 google
watson
api.permutive.com/v2.0/ 		442 B
369 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/watson?k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
068a5938941f955fa3d722412552496ecd26b823c764e81c9fa97500ccca5e08

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
303
via
1.1 google
aef0ce06-9c6e-49bb-b764-b0938da47ee3
https://nationalpost.com/ 		107 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://nationalpost.com/aef0ce06-9c6e-49bb-b764-b0938da47ee3
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ecb5989b209f16e77692f8b74270af5b4df0f9dddf0c486c6631fb45d12bdb7d

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Length
109927
861aa752-738f-4341-a5fe-ec9a4db6a2bf
https://nationalpost.com/ 		20 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://nationalpost.com/861aa752-738f-4341-a5fe-ec9a4db6a2bf
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5b3b28d63eca9bcfd4072c253336a581ec36b9a6c8752247623509a4b9a4972

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Length
20393
appInfo
config.lrcontent.com/ciam/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
x-requested-with
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://nationalpost.com
allow
GET, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
746103138ed97157-YUL
date
Mon, 05 Sep 2022 18:26:13 GMT
server
cloudflare
vary
Origin
bid
c.amazon-adsystem.com/e/dtb/ 		187 B
627 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=3528&u=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&pid=Tu3bM6suwrubY&cb=0&ws=1600x1200&v=22.8.252032&t=2000&slots=%5B%7B%22sd%22%3A%22ad-1%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-2%22%2C%22s%22%3A%5B%226x6%22%2C%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-3%22%2C%22s%22%3A%5B%227x7%22%2C%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-4%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-5%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-6%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-7%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-acceptable%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-1%22%2C%22s%22%3A%5B%225x5%22%5D%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
ba5b291d1beefc87ceee1a1f2d7169cab742c7d472d6937d6e2e457376c0e892
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P1
x-amz-rid
NDV74CQH3DTCB4FJKE4A
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
187
x-amz-cf-id
F02G1iWAX6Yq6eViWdwOIWRR0lhjvYRf55Kt1PxbWIc_OUOLIuTpVA==
bid
ap.lijit.com/rtb/ 		5 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/rtb/bid?callback=window.headertag.SovrnHtb.adResponseCallback&br=%7B%22id%22%3A%22_YehMPWWJ%22%2C%22site%22%3A%7B%22domain%22%3A%22nationalpost.com%22%2C%22page%22%3A%22%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020%22%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22Qr4xIDWU%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739643%22%7D%2C%7B%22id%22%3A%22AijaPntW%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739644%22%7D%2C%7B%22id%22%3A%22mQT2soIg%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739645%22%7D%2C%7B%22id%22%3A%22ASDF7bO9%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739646%22%7D%2C%7B%22id%22%3A%2249hZSvS4%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739703%22%7D%2C%7B%22id%22%3A%22GFCssksk%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739704%22%7D%2C%7B%22id%22%3A%22Sj5UAbob%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739705%22%7D%2C%7B%22id%22%3A%22ihsZHdQB%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739706%22%7D%2C%7B%22id%22%3A%22QerEqMog%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739699%22%7D%2C%7B%22id%22%3A%22TfNUe0xJ%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739700%22%7D%2C%7B%22id%22%3A%22En05GlgU%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739701%22%7D%2C%7B%22id%22%3A%22wNU3x8Tv%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739702%22%7D%2C%7B%22id%22%3A%22lc7d4ABi%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739695%22%7D%2C%7B%22id%22%3A%226Cinm9cq%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739696%22%7D%2C%7B%22id%22%3A%220fbr0EhF%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739697%22%7D%2C%7B%22id%22%3A%22dCXj7CuL%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739698%22%7D%2C%7B%22id%22%3A%22muFUgCTH%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739691%22%7D%2C%7B%22id%22%3A%22Z56rWF7X%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739692%22%7D%2C%7B%22id%22%3A%22UjB49Kvn%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739693%22%7D%2C%7B%22id%22%3A%22YuUtl43Y%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739694%22%7D%2C%7B%22id%22%3A%22EriygQFS%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739683%22%7D%2C%7B%22id%22%3A%22erV44lhJ%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739684%22%7D%2C%7B%22id%22%3A%22YQ1gke5Q%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739685%22%7D%2C%7B%22id%22%3A%22j8fSljvi%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739686%22%7D%2C%7B%22id%22%3A%22ZQWWNhos%22%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739639%22%7D%2C%7B%22id%22%3A%22IyxBW4bq%22%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739640%22%7D%2C%7B%22id%22%3A%22IetJKaff%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%2C%22tagid%22%3A%22739641%22%7D%2C%7B%22id%22%3A%22QR39EZ6w%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%7D%2C%22tagid%22%3A%22739642%22%7D%5D%7D
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.69 Katy, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
e33e8dbb70116e525d2735623c7ba33377c84e4edf973af889b76eb522b7d0f7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:13 GMT
Content-Encoding
gzip
Vary
Accept-Encoding, User-Agent
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://nationalpost.com
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ewr1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
2303
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f702d014e&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
c4489e1a8bf30763b0cd218bfeebb12a642a63518c8afbaf34793032ffd60657

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f6f0c014d&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
9e1d9f6798d15664d962b766aae6544109f67703a61824d67c13deec359b809c

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f7154014f&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
41a79bd8e8df7d819d0c9c77e35aca49d229400992a97a136ef57d6768307d52

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f728c0150&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
3923294932c548e1b567b0ac489bcc851a67789a470bc100ecf6760dcb4e7ff0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fc6ed0030&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
996c0c2e6691c26dfa2703541f6bad3134cda09a55536bd70bf41fde5501ff43

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
462 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fc552002f&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
43475f06474226d187c62dae8ece3fc5d425487c06e8ccd8f5706c095bc038cc

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
261 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fca440032&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
325f52363629bbbffc2a15baea39bd8b41d961fde9ed579c7246d2466a67594e

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fc89a0031&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
f4828ba3976b70d890fb3f6c2d7a117d71b57fa0bb5b7ca5239b1e4ddc81c479

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fbecb002b&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
1403aa4c8bf4ff7f9c70c5caf1f901e20358352c4480b0012c583db01aea8e5b

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fc213002d&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
89eaf9fe3a76b7ac4b5ce4663db06d9a9c4ee560adac393068ae3d044371d887

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fc06c002c&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
7f4d33761cc0ddac9571bb77e972978376bf6776d0ca072c2660a374e09453ff

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fc3bb002e&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
ab798a2b9d9af3f73b2ddd9b393e845bbba955c0d16badf2e86b6c2f8154a145

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fb9b40028&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
e7bf408b843ca7aa804181c498f63c058475d0e4b2baca867ed8c63616145cca

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fbb910029&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
c2d469baa886cea25fd133ff11c745fadaede424400670c5132c58428597e1f4

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
261 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9699ea0174749851ce9c7fbd2a002a&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
b05a93021da761b1bea15409ad1f43a3fc15b39186b3871d9b7dd4dc0c9135ef

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fb833017f&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
66dfe2ea916a284ce1824a074a9801d236fc375d3c3b7b59b660a22d252d0e11

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fb696017e&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
9381b0e8f1f70b87fc2e0866144a623037b946a0e830a8e7b1a545078c827320

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fb4fd017d&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
515717e02c9cb8921544241462fa5fc4d6527e9b38bcc9b434d536a50329057b

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fb356017c&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
1f15676ee75f87fd704916039b36f7bdb125cedca7f8f14987c9d34a6beebfdf

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fb1bc017b&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
b67c0df70996e39d38d10a35c8397ed7d1af28e391daeaed63551f711e81ef41

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
261 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fa6b10175&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
977abdea1124eea9afbb2114e08e99a30022e7d08b538dc4481e7a64a7e6555b

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fa8600176&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
59a2e53b65cc36c0668ccbbb3198f71fff616a016cb44981fa5d82727aefd04a

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fa9eb0177&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
848304b19734ea306b7d88fb7628d9b748077e13ed4b951eb1385238d55378d1

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7fa5160174&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
106b200355126d8985af1cf084f580e2a2c31760b1bb0695c61cd1841ccc3ac6

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
259 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f69fb0149&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
7681b74a0284c422ae2c92a9f63996d28e60a1c7afea7604f7e3ec1b36600b34

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f6b14014a&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
b2f5d76dff8d61897d454f56b16b76dac58461493014a94b05b97d017a6af0ff

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f6cab014b&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
d18fa36a3ece055c565786bbe35e4803eed28dcd504e2d344625430d23a64b4f

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/ 		62 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?cmd=bid&dcn=8a9694c0017474985ad89c702f9d0100&pos=8a9690030174749856249c7f6dec014c&secure=1
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
fa682cc7087c31e8c5515ea514077e7b55113767968f984bf84a8bd54107ff10

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
content-length
62
cygnus
htlb.casalemedia.com/ 		98 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=191262
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4305ee3720747e1631b4966ec20feefc21bfe8dc9ce0c3f92e5d2ffc16846596

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ej53PSQg4KFGVZfj5ytXm7jhntUQsYoz86drJtIp9TIvwKofiS4YS1GwgQzyxl6Mwsn37CF%2BfqWU%2BJdwEHCJytg%2Bo3%2FcfSmXoTjV4ZVMGtxrDykhfDG8X9HU%2FlvIM0Goejg7FVah"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
746103138cb4a211-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
0
prebid
ib.adnxs.com/ut/v3/ 		828 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
db767a462a27b61a3eb028e6ffbdfe4a90c8bff7e33df4fc68096e37c93f44f5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 05 Sep 2022 18:26:13 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
23084ee7-81eb-4694-b820-00eefedb3b44
Server
nginx/1.21.3
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
arj
postmedia-d.openx.net/w/1.0/
Redirect Chain
  • https://postmedia-d.openx.net/w/1.0/arj?auid=541132926%2C541132948%2C541132944%2C541132940%2C541132937%2C541132930%2C541132925&aus=300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2...
  • https://postmedia-d.openx.net/w/1.0/arj?cc=1&auid=541132926%2C541132948%2C541132944%2C541132940%2C541132937%2C541132930%2C541132925&aus=300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x...
233 B
244 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://postmedia-d.openx.net/w/1.0/arj?cc=1&auid=541132926%2C541132948%2C541132944%2C541132940%2C541132937%2C541132930%2C541132925&aus=300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90&ju=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&jr=&ch=UTF-8&tz=0&bc=hb_ix_2.1.3&be=1&res=1600x1200&tws=1600x1200&ifr=0&callback=window.headertag.OpenXHtb.adResponseCallbacks._NiDyjLnI&cache=1662402373627&ttduuid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
388e958dd7973a01f0392a2bdb6e5433b6f243488c479af17178eee4590714c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://nationalpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
221
via
1.1 google
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date
Mon, 05 Sep 2022 18:26:13 GMT
via
1.1 google
server
OXGW/0.0.0
location
https://postmedia-d.openx.net/w/1.0/arj?cc=1&auid=541132926%2C541132948%2C541132944%2C541132940%2C541132937%2C541132930%2C541132925&aus=300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90%7C300x250%2C728x90%2C970x250%2C970x90&ju=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&jr=&ch=UTF-8&tz=0&bc=hb_ix_2.1.3&be=1&res=1600x1200&tws=1600x1200&ifr=0&callback=window.headertag.OpenXHtb.adResponseCallbacks._NiDyjLnI&cache=1662402373627&ttduuid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
jpt
secure.adnxs.com/ 		0
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11579321&size=300x250&callback=headertag.DistrictMHtb.adResponseCallback&callback_uid=JTUzF9tz&psa=0&promo_sizes=728x90%2C970x250%2C970x90&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
f7bd596d-8145-4e52-a790-c4e3b9a16612
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=19512311&size=300x250&callback=headertag.DistrictMHtb.adResponseCallback&callback_uid=4drzEq8J&psa=0&promo_sizes=728x90%2C970x250%2C970x90&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
a6a01ef1-68dc-43d4-a130-13ab49fab7d0
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=19512312&size=300x250&callback=headertag.DistrictMHtb.adResponseCallback&callback_uid=ybFmhO4P&psa=0&promo_sizes=728x90%2C970x250%2C970x90&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
591a7c76-df06-4e2c-aaa0-8855afb97d7f
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=19512314&size=300x250&callback=headertag.DistrictMHtb.adResponseCallback&callback_uid=zxoiperm&psa=0&promo_sizes=728x90%2C970x250%2C970x90&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
98c4e400-8f92-4a51-b070-ada262c9cf5a
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11579362&size=300x250&callback=headertag.DistrictMHtb.adResponseCallback&callback_uid=Vl0j3PgH&psa=0&promo_sizes=728x90%2C970x250%2C970x90&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
1e4d78a8-25a5-4e55-b512-68c8b01f98dc
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=19008834&size=300x250&callback=headertag.DistrictMHtb.adResponseCallback&callback_uid=wm8snLaz&psa=0&promo_sizes=728x90%2C970x250%2C970x90&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
e2ac50a7-3a29-4af7-bd14-177c894fe387
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
jpt
secure.adnxs.com/ 		0
685 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/jpt?id=11579320&size=300x250&callback=headertag.DistrictMHtb.adResponseCallback&callback_uid=KFJmHvsS&psa=0&promo_sizes=728x90%2C970x250%2C970x90&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.153 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:13 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
de906417-0ab3-4701-97c4-75cbc94e1f07
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
btlr.sharethrough.com/t6oivhQt/ 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/t6oivhQt/v1?placement_key=oBaSLJjXFm48VQfV0C5aacNF&bidId=_irAno66g&instant_play_capable=true&hbSource=indexExchange&hbVersion=2.3.0&cbust=1662402373630&secure=true&ttduid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.176.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-176-232.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://nationalpost.com
Date
Mon, 05 Sep 2022 18:26:13 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/t6oivhQt/ 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/t6oivhQt/v1?placement_key=suwzlwrAIUaAiXnryuiag1eW&bidId=_svmLgtSL&instant_play_capable=true&hbSource=indexExchange&hbVersion=2.3.0&cbust=1662402373631&secure=true&ttduid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.176.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-176-232.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://nationalpost.com
Date
Mon, 05 Sep 2022 18:26:13 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/t6oivhQt/ 		0
0
v1
btlr.sharethrough.com/t6oivhQt/ 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/t6oivhQt/v1?placement_key=kjwlRSRwxS3hUFeSYiL6jI98&bidId=_ZRNlct8T&instant_play_capable=true&hbSource=indexExchange&hbVersion=2.3.0&cbust=1662402373631&secure=true&ttduid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.176.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-176-232.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://nationalpost.com
Date
Mon, 05 Sep 2022 18:26:13 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/t6oivhQt/ 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/t6oivhQt/v1?placement_key=lCJdf8N4ge08RF6J5oWoGwQ0&bidId=_0wXQXqDd&instant_play_capable=true&hbSource=indexExchange&hbVersion=2.3.0&cbust=1662402373631&secure=true&ttduid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.176.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-176-232.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://nationalpost.com
Date
Mon, 05 Sep 2022 18:26:13 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/t6oivhQt/ 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/t6oivhQt/v1?placement_key=jlV02mmpkG0erdChoVVJKbxT&bidId=_3VYUWdxB&instant_play_capable=true&hbSource=indexExchange&hbVersion=2.3.0&cbust=1662402373632&secure=true&ttduid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.176.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-176-232.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://nationalpost.com
Date
Mon, 05 Sep 2022 18:26:13 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
v1
btlr.sharethrough.com/t6oivhQt/ 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://btlr.sharethrough.com/t6oivhQt/v1?placement_key=vGpkkT7H3vBra0Z1fhaoh8m8&bidId=_iv5az7ws&instant_play_capable=true&hbSource=indexExchange&hbVersion=2.3.0&cbust=1662402373632&secure=true&ttduid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.206.176.232 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-206-176-232.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://nationalpost.com
Date
Mon, 05 Sep 2022 18:26:13 GMT
Access-Control-Allow-Credentials
true
Connection
keep-alive
Vary
Origin
appInfo
config.lrcontent.com/ciam/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Requested by
Host: auth.lrcontent.com
URL: https://auth.lrcontent.com/v2/js/LoginRadiusV2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbe74c62945bca0d7d29f9784c7462326fb4f8100313f320468c67a947a267ad

Request headers

Referer
https://nationalpost.com/
X-Requested-With
XMLHttpRequest
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
access-control-allow-origin
https://nationalpost.com
cache-control
max-age=86400
cf-ray
74610313df457157-YUL
16f9410cb230493a6684.js
fem.gprod.postmedia.digital/v65.0/chunks/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fem.gprod.postmedia.digital/v65.0/chunks/16f9410cb230493a6684.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
390db02cdedc7d3edfb67a21ec3d19bc735a70c55f773273d26a2549925efa67

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:48:16 GMT
x-goog-meta-goog-reserved-file-mtime
1660594674
age
2277
x-guploader-uploadid
ADPycdvKANXeUDdmu4KRSwspP4ND-KDpR7fVL7q2undpU9DpG5t20u1S-SMXTQibzt9gCDLCOVkunQ8YkAhFzC_PM4JDBQ
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3199
last-modified
Mon, 15 Aug 2022 20:19:18 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"b38342b60f33eb6bed56117812491e36"
x-goog-hash
crc32c=AYclhg==, md5=s4NCtg8z62vtVhF4EkkeNg==
x-goog-generation
1660594758456832
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
3199
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 18:48:16 GMT
cdb
bidder.criteo.com/ 		1 KB
634 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?ptv=128&profileId=154&cb=36175790314
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.129 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
bidder.va1.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e630144de5164d63c4edd05a2539b27aca7dbcff4b2674dea434d2c485613525
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
content-length
363
pub
pixel.adsafeprotected.com/services/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.adsafeprotected.com/services/pub?anId=928934&slot=%7Bid:ad-1,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-2,ss:%5B6.6,1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-3,ss:%5B7.7,1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-4,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-5,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-6,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-7,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-acceptable,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/npo.com/news/politics/story,t:display%7D&slot=%7Bid:ad-native-1,ss:%5B5.5%5D,p:/3081/npo.com/news/politics/story,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=5d8ae5d9-862e-bf4d-ed06-9cb72af330ef&url=https%253A%252F%252Fnationalpost.com%252Fnews%252Fpolitics%252Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Requested by
Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.199.168.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-199-168-235.compute-1.amazonaws.com
Software
nginx /
Resource Hash
67372d9e5e23d711951cbfb5f8096954bfdc0d8866a48f233035af7ecc6b4f34

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
x-server-name
app09.va.303net.net
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://nationalpost.com
access-control-expose-headers
X-Server-Name
access-control-allow-credentials
true
timing-allow-origin
*
server
nginx
log
l3.aaxads.com/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://l3.aaxads.com/log?___stu13p=aveoaamactga5dnnuee25ti2rm86bcrodqacb&lwbsh=AAX&wHos=221&dgw=desktop&flg=AAX24X4M7&fw=MONTREAL&ff=CA&xjg=4&dss=0&skw=1200&slg=8PR6YK195&gq=nationalpost.com&vhuyqdph=ssp-serving-56684bd497-7nf6r&vyu=090511_438_090512_390_ssp&vf=QC&yhuvlrq=4&yk=1200&yz=1600&yvlg=&ylg=00001662402373476025035145483982&vvsDeExfnhw=CONTROL&oz=1&gdss=green&lwbshlg=6&vg=1&dgeg=0&qsd=0&jgsu_hqi=1&fvha=0&jgivwu=&jgsu=0&fvvwu=&wfi_fps=&wfi_vwdwxv=&wfi_sus=&vxf=0&wfi_dsl=0&xvs_hqi=1&xvs_vwdwxv=0&xvs_ogi=&xvs_vwulqj=&xifd=-1&frssd_vwdwxv=&frssd_dssolhg=&lg_ghwdlov=&dewh=SSP_CLIENT_control&deg=2&fdeg=0&gdeg=2&ghqg=219&fhqg=29&hqg=48&gvwduw=30&fvwduw=29&vwduw=29&uhtxuo=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&nzui=
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Jetty(9.4.35.v20201120) /
Resource Hash
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
server
Jetty(9.4.35.v20201120)
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
35
expires
Mon, 05 Sep 2022 18:26:13 GMT
simple
api.sail-personalize.com/v1/personalize/ 		288 B
497 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by
Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aa7557bb34ea5624b.awsglobalaccelerator.com
Software
/
Resource Hash
7edc2145499b5a0f0e46cc2359d2f89e799518b959058a27b683183a64f056dc

Request headers

x-lib-version
v1.0.1
accept-language
en-CA,en;q=0.9
authorization
Bearer b9d3df2fccd108b5eff3c44f573b2cd6
content-type
application/json
accept
application/json
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
x-referring-url
https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
allowedorigins
*
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-store
access-control-allow-credentials
true
allowedheaders
Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length
196
allowedmethods
GET,OPTIONS
expires
-1
simple
api.sail-personalize.com/v1/personalize/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
aa7557bb34ea5624b.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method
GET
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods
OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin
https://nationalpost.com
access-control-max-age
1800
allow
HEAD,GET,OPTIONS
content-length
18
content-type
text/plain
date
Mon, 05 Sep 2022 18:26:13 GMT
identify
api.permutive.com/v2.0/ 		50 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/identify?k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
0e8f14055778572523749dac4a91cca0326c88bfac607ac705a57f1aae91d83d

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
via
1.1 google
login
postmedia.hub.loginradius.com/ssologin/ 		38 B
550 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://postmedia.hub.loginradius.com/ssologin/login
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.169.125.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-169-125-112.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f7a4a046540cd7b682afc0d129cbbdea16081d1a54dfd3385115725f960c54c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
application/json

Response headers

Date
Mon, 05 Sep 2022 18:26:13 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods
HEAD,GET,POST,PUT,DELETE,OPTIONS, POST, GET, PUT, OPTIONS, DELETE
Content-Type
application/json
Access-Control-Allow-Origin
https://nationalpost.com
X-LoginRadius-Server
Primary - IDX - AWS
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Server
ms_idx_primary
Content-Length
38
login
postmedia.hub.loginradius.com/ssologin/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://postmedia.hub.loginradius.com/ssologin/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.169.125.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-169-125-112.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
HEAD,GET,POST,PUT,DELETE,OPTIONS POST, GET, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin
https://nationalpost.com
Connection
keep-alive
Date
Mon, 05 Sep 2022 18:26:13 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-LoginRadius-Server
Primary - IDX - AWS
X-Server
ms_idx_primary
aacxs.php
c.aaxads.com/ Frame 49D2 		25 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Requested by
Host: c.aaxads.com
URL: https://c.aaxads.com/aax.js?pub=AAX24X4M7&hst=nationalpost.com&ver=1.2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
70c53858886ce263e568de278e69566d76dff86b588700f10ebbce73e5a3ce51
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
9501
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 18:26:13 GMT
expires
Wed, 07 Sep 2022 18:26:13 GMT
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
syncframe
gum.criteo.com/ Frame 9CC1 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=nationalpost.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
17b6c419a7f65afd0e75266dcace486b79ceae9242177feaa960dda92816c4cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 18:26:13 GMT
server
Kestrel
server-processing-duration-in-ticks
627523
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
events
bidder.criteo.com/csm/ 		0
217 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/csm/events
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.129 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
bidder.va1.vip.prod.criteo.com
Software
Finatra /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
server
Finatra
vary
Origin
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; preload;
timing-allow-origin
*
sid
mug.criteo.com/ Frame 9CC1
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=nationalpost.com&sn=ChromeSyncframe&so=0&topUrl=nationalpost.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=zOi1wnxzTE5XYTZRY3BwOTlkVXcrM3p6TUo1eDVyMWViTHpSQWdkQ1N2bFRXVGFIWThmYWFFUDdWQU9lNUREcGNDVnBUeVIwWUgybk9hdHV5Yy91ZWFId2hLZkhJWjJzNGw3Ti9mNGVJVVNkZlpaT1dnaG1ibW01RVRQSW...
462 B
675 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=zOi1wnxzTE5XYTZRY3BwOTlkVXcrM3p6TUo1eDVyMWViTHpSQWdkQ1N2bFRXVGFIWThmYWFFUDdWQU9lNUREcGNDVnBUeVIwWUgybk9hdHV5Yy91ZWFId2hLZkhJWjJzNGw3Ti9mNGVJVVNkZlpaT1dnaG1ibW01RVRQSWdIZENCYmZUZmFST3EySVU0WFhaSDlUK0NFbUVvMlAwZVEycVVjNkkwT3R6YktEUjRsM0tlUzl6VEhPS1lNcWVuTWYvKzM0WUFoWWhHdUdSNWVKZmRVaFJNaDhCUjV4NU5qUkphVnFlSmNESHJNcG5ZLzZsa3ZlZk84aSs4cDJDNXgwMnh0MFRvR2xEY3A3SktjRE4wRzBsVFRBZGozUT09fA&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
bc81b04f27e11aa58c1eda13a7bbc0a0ee81dfe47e962ff0f82a25d428c80a41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
4305731
strict-transport-security
max-age=31536000; preload;
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
server
Kestrel
strict-transport-security
max-age=31536000; preload;
location
https://mug.criteo.com/sid?cpp=zOi1wnxzTE5XYTZRY3BwOTlkVXcrM3p6TUo1eDVyMWViTHpSQWdkQ1N2bFRXVGFIWThmYWFFUDdWQU9lNUREcGNDVnBUeVIwWUgybk9hdHV5Yy91ZWFId2hLZkhJWjJzNGw3Ti9mNGVJVVNkZlpaT1dnaG1ibW01RVRQSWdIZENCYmZUZmFST3EySVU0WFhaSDlUK0NFbUVvMlAwZVEycVVjNkkwT3R6YktEUjRsM0tlUzl6VEhPS1lNcWVuTWYvKzM0WUFoWWhHdUdSNWVKZmRVaFJNaDhCUjV4NU5qUkphVnFlSmNESHJNcG5ZLzZsa3ZlZk84aSs4cDJDNXgwMnh0MFRvR2xEY3A3SktjRE4wRzBsVFRBZGozUT09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
574581
content-length
0
expires
0
segment
api.permutive.com/adv/v2/ 		14 B
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/adv/v2/segment?new-session=true&k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Mon, 05 Sep 2022 18:26:13 GMT
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14
content-type
application/json
sync
googlesync.permutive.com/v2.0/px/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339
  • https://cm.g.doubleclick.net/pixel?google_nid=permutive_dmp&google_cm=&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339&google_tc=
  • https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEOkbLwvKsQVsgkg7f_5Ubbk&error=&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339&google_cver=1
35 B
176 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEOkbLwvKsQVsgkg7f_5Ubbk&error=&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339&google_cver=1
Protocol
H2
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
vary
Origin
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://googlesync.permutive.com/v2.0/px/sync?alias=CAESEOkbLwvKsQVsgkg7f_5Ubbk&error=&type=ddp&k=21ec23a2-b38a-456e-b801-e5877a041482&u=a161c2b3-1387-440f-b59f-da9c85d45339&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
404
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6B7C 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Requested by
Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://c.aaxads.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=91502
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 18:26:13 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 06 Sep 2022 19:51:15 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
checksync.php
hbx.media.net/ Frame C02B 		26 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hbx.media.net/checksync.php?&vsSync=1&cs=1&cid=AAX24X4M7&cmode=1&cv=35&prvid=97,109,175,214,251&gdpr=0&gdprconsent=0&usp_status=0&usp_consent=1&https=1
Requested by
Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.34.248.177 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-34-248-177.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a04c0b06b152b513b151c413bef83373f47bf11d36290d5d0b49e4ebfb2c299f
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://c.aaxads.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=172800
content-encoding
gzip
content-length
9619
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Wed, 07 Sep 2022 18:26:14 GMT
p3p
CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server
Apache
strict-transport-security
max-age=604800
vary
Accept-Encoding
x-mnet-hl2
E
aacxc.php
c.aaxads.com/ Frame 49D2
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dapx%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fc.aaxads.com%252Faacxc.php%253Ffv%253D1%2526yvlg%253D3054039731454855000V10%2526wbsh%253Dapx%2526uhiXuo%253D%2526ylg%253D2402373897305403...
  • https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=apx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262
69 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=apx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262
Requested by
Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol
H2
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2425b660230bb48d5acfa6dc31dc7d417c427523544e605e23272bb135c6b658
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c.aaxads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
69
x-mnet-hl2
E
expires
Mon, 05 Sep 2022 18:26:14 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:14 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
75c296ff-16d2-4678-878c-276a72878271
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=apx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
aacxc.html
c.aaxads.com/ Frame 49D2
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=78e2dffc-bb89-4bb2-ae92-f592d006518b&ph=6a16560a-f6c6-4851-b7b5-0b2c0190166a&r=https%3A%2F%2Fc.aaxads.com%2Faacxc.html%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26...
  • https://c.aaxads.com/aacxc.html?fv=1&yvlg=3054039731454855000V10&wbsh=opx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=3cf6f712-b246-0e5c-1076-a418a5a934f9
243 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.aaxads.com/aacxc.html?fv=1&yvlg=3054039731454855000V10&wbsh=opx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=3cf6f712-b246-0e5c-1076-a418a5a934f9
Requested by
Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol
H2
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c.aaxads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 05 Sep 2022 18:26:14 GMT
vary
Accept-Encoding
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
text/html;charset=UTF-8
content-length
243
x-mnet-hl2
E
expires
Mon, 05 Sep 2022 18:26:14 GMT

Redirect headers

date
Mon, 05 Sep 2022 18:26:13 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://c.aaxads.com/aacxc.html?fv=1&yvlg=3054039731454855000V10&wbsh=opx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=3cf6f712-b246-0e5c-1076-a418a5a934f9
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
aacxc.php
c.aaxads.com/ Frame 49D2
Redirect Chain
  • https://b1sync.zemanta.com/usersync/medianet/?cb=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dzem%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26...
  • https://stags.bluekai.com/site/23178?id=PLFDKqO-3RxnE7C8itNt&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6YZOMFQXQYLEOMXGG33NF5QWCY3YMMXHA2DQH5SXQY3I...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6YZOMFQXQYLEOMXGG33NF5QWCY3YMMXHA2DQH5SXQY3IMFXGOZJ5NVSWI2LBNZSXIJTGOY6TCJTSPF3GYZZ5KBGEMRCLOFHS2M2SPBXEKN2DHBUXITTUEZ2WQ2KYOVXT2...
  • https://c.aaxads.com/aacxc.php?fv=1&ryvlg=PLFDKqO-3RxnE7C8itNt&uhiXuo=&wbsh=zem&ylg=24023738973054039731454855000V10&yvlg=3054039731454855000V10
69 B
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.aaxads.com/aacxc.php?fv=1&ryvlg=PLFDKqO-3RxnE7C8itNt&uhiXuo=&wbsh=zem&ylg=24023738973054039731454855000V10&yvlg=3054039731454855000V10
Requested by
Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol
H2
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2425b660230bb48d5acfa6dc31dc7d417c427523544e605e23272bb135c6b658
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c.aaxads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
69
x-mnet-hl2
E
expires
Mon, 05 Sep 2022 18:26:14 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:14 GMT
P3p
CP="We do not support P3P header."
Location
https://c.aaxads.com/aacxc.php?fv=1&ryvlg=PLFDKqO-3RxnE7C8itNt&uhiXuo=&wbsh=zem&ylg=24023738973054039731454855000V10&yvlg=3054039731454855000V10
Cache-Control
no-cache, no-store, must-revalidate
Content-Type
text/html; charset=utf-8
Content-Length
187
Expires
Thu, 01 Dec 1994 16:00:00 GMT
aacxc.php
c.aaxads.com/ Frame 49D2
Redirect Chain
  • https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Demx%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3D%24UID
  • https://ib.adnxs.com/getuid?https://cs.emxdgt.com/umcheck?apnxid=$UID&redirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Demx%26uhiXuo%3D%26ylg%3D24023...
  • https://cs.emxdgt.com/umcheck?apnxid=4032320738726574262&redirect=https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=emx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=$EMXUID...
  • https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=emx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262brt53591662402374007993a3
69 B
493 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=emx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262brt53591662402374007993a3
Requested by
Host: c.aaxads.com
URL: https://c.aaxads.com/aacxs.php?flg=AAX24X4M7&fv=1&fy=37&ke=1&suylg=172%2C295%2C241%2C159%2C214%2C3012%2C267%2C229%2C310%2C222%2C271%2C272%2C251%2C356%2C3007%2C108%2C292%2C175%2C141%2C195%2C97%2C265%2C203%2C209%2C274%2C51%2C55%2C282&yvVbqf=1&uhiXuo=&gdpr=0&gdprconsent=0&gdprstring=&usp_status=0&usp_consent=1&coppa=0
Protocol
H2
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2425b660230bb48d5acfa6dc31dc7d417c427523544e605e23272bb135c6b658
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c.aaxads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
69
x-mnet-hl2
E
expires
Mon, 05 Sep 2022 18:26:14 GMT

Redirect headers

location
https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=emx&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=4032320738726574262brt53591662402374007993a3
date
Mon, 05 Sep 2022 18:26:13 GMT
content-length
0
content-type
text/html
pd
us-u.openx.net/w/1.0/ Frame 9ADE 		1 KB
974 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
fd68be38c91e82a7cda9ce4ee58bcbcc645d65e95b2892763394f9633a396d2e

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
656
content-type
text/html
date
Mon, 05 Sep 2022 18:26:13 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
load
experience.tinypass.com/xbuilder/experience/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://experience.tinypass.com/xbuilder/experience/load?aid=SE0WzqlbUG
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
574ee49322b85bbad4ad7717b04996355985fa03bb32fa98f3a6e15866a794ad
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
accept-encoding
cf-cache-status
HIT
age
299
p3p
CP="NON DSP COR OUR IND"
x-forwarded-https
on
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id
Mvl1rhrh0iW
wn
prod-exp-10-0-132-165
last-modified
Mon, 05 Sep 2022 18:20:19 GMT
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=1800
cf-ray
746103156a0decf2-YUL
expires
Mon, 05 Sep 2022 18:56:14 GMT
vf-v2.js
cdn.viafoura.net/ 		739 KB
168 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/vf-v2.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a8491eef7a148fe6f54a2231e2fb6f99da356b7b81f7104c73a7621aa44a3087

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id
uq7GeiauyCnUnHw_763D_b2e9mbvJZ9p
content-encoding
br
etag
W/"a3047bc7a8220d5ddb1b34076f15dd63"
age
28
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:36 GMT
server
AmazonS3
date
Mon, 05 Sep 2022 18:25:47 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
via
1.1 2755a65ada03bcb40dcec9e77a7c9160.cloudfront.net (CloudFront)
cache-control
max-age=300
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
0-0rwkVLCDODrE43ypdF06c3YT9VtOvieRC3JOJGSbsfEqXLLIM7rA==
54fffcc433094821bea2.js
fem.gprod.postmedia.digital/v65.0/chunks/ 		958 B
1004 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fem.gprod.postmedia.digital/v65.0/chunks/54fffcc433094821bea2.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.54.29 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
29.54.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
15ce85c85762492a8b5f07665999d854af04470347c9698d9f186e0849b3f05c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:18:11 GMT
x-goog-meta-goog-reserved-file-mtime
1660594674
age
482
x-guploader-uploadid
ADPycdsQObZUEnwtWWGt3NXv8deRsn58fcJqfi1NYVGQqVOcIwtI7H6qU177qdqbQUvEgZuF-hSguXpAijF5Qmy5VrXhHuaw6KtT
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
958
last-modified
Mon, 15 Aug 2022 20:19:18 GMT
server
UploadServer
cache-control
public, max-age=3600
etag
"d0e06872ca5c0bceb0325c02973b68d7"
x-goog-hash
crc32c=DJuKIA==, md5=0OBocspcC86wMlwClzto1w==
x-goog-generation
1660594758636403
access-control-allow-origin
*
x-cache-hit
hit
x-goog-stored-content-length
958
accept-ranges
bytes
content-type
application/javascript
expires
Mon, 05 Sep 2022 19:18:11 GMT
gtm.js
www.googletagmanager.com/ 		320 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3cd4a7897ee87950e5a3dacdc72cd2f78b03bfbd0de2573d742af2851aa83ef6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
84955
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Sep 2022 18:26:14 GMT
beacon.js
sb.scorecardresearch.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 05 Sep 2022 04:00:30 GMT
content-encoding
gzip
last-modified
Tue, 28 Jun 2022 13:19:23 GMT
server
AmazonS3
age
51945
etag
W/"eaf85c1c6758e84acfe134efd70e9373"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
JFK50-P4
x-amz-cf-id
GExdjcBGD1vOx1nvOcTKZyjZmuHpb5_xNoU5Mo5D0nep9urvFdmqQQ==
mparticle.js
jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/ 		221 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
694e6a3916a4091669a4d51c0f386163410c72315c5894ffa56456488a7117ce

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish, 1.1 varnish
server
Kestrel
age
21
x-origin-name
fastlyshield--shield_ssl_cache_iad_kiad7000101_IAD
x-served-by
cache-iad-kiad7000101-IAD, cache-yul12832-YUL
vary
Accept, Accept-Encoding
x-cache
HIT, HIT
content-type
application/javascript
content-encoding
gzip
cache-control
public, max-age=3600
accept-ranges
bytes
x-timer
S1662402374.001703,VS0,VE0
content-length
54989
x-cache-hits
1, 2
uepn18565.js
cdn.krxd.net/controltag/ 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/controltag/uepn18565.js
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d04f867c0d2fc8341972332239452b47758a664391fcbea84ea2a0832ef94b12

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish, 1.1 varnish
age
60
x-cache
MISS, HIT, HIT
x-app-cache
HIT
x-age
0
content-encoding
gzip
content-length
6579
x-served-by
config-service-a005-ash-prod.krxd.net, cache-iad-kcgs7200097-IAD, cache-yul12830-YUL
x-response-time
1
x-do-esi
esi
x-timer
S1662402374.021253,VS0,VE0
etag
"d19f236e6361fdec9f9b47b26ea8cf3f937bfe15"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=1200
accept-ranges
bytes
x-cache-hits
0, 1, 501
gtm.js
www.googletagmanager.com/ 		127 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f1c72c8e63b81ff94a28ac894b7f584530ba9b23017426cd1244dd278f6486df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40634
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Sep 2022 18:26:14 GMT
cs.js
c.jsrdn.com/s/ 		70 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.jsrdn.com/s/cs.js?p=22507
Requested by
Host: fem.gprod.postmedia.digital
URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.47.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-47-129.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3dbf60ceccdb53078aafba7c52593670b5dd6d9257817e7f5387ff882cfab6a6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id
n1BtgSmUZwM6YJUS9jzIBGZa_shYlN1x
content-encoding
gzip
etag
"c6ba12f002082951dd59aec8331594e8"
age
41800
x-cache
Hit from cloudfront
content-length
22984
last-modified
Fri, 29 Apr 2022 17:21:07 GMT
server
AmazonS3
date
Mon, 05 Sep 2022 09:56:26 GMT
vary
Accept-Encoding
content-type
text/javascript
via
1.1 2c6a244ba6cf015578de7d0a0b6908d4.cloudfront.net (CloudFront)
cache-control
no-cache
x-amz-cf-pop
JFK50-P1
accept-ranges
bytes
x-amz-cf-id
8iI9czS4vkex3m5wfbwbWaeF6IO0RoS4b8RZgpStXOrWFlY22YU4YQ==
PugMaster
image6.pubmatic.com/AdServer/ Frame 6B7C 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=78706943&p=158984&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
ccd1149b55756840bd2d81d09562a1afaa2ae87108a457ac59a75ab1661e9797

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:12 GMT
content-type
text/html; charset=UTF-8
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
sync
ups.analytics.yahoo.com/ups/58294/ Frame 9ADE 		0
398 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/58294/sync?_origin=1&uid=da1e1d04-c12c-0ef5-201e-1b7c80e5524c
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.45.33.138 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-33-138.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
server
ATS/9.1.10.25
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
458249.gif
idsync.rlcdn.com/ Frame 9ADE
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fid.rlcdn.com%2F464246.gif%3Fpartner_uid%3D
  • https://id.rlcdn.com/464246.gif?partner_uid=a11ce1eb-d401-02dc-2c40-5a852eddc7fd
  • https://id.rlcdn.com/1000.gif?memo=CPaqHBIvCisIARCUaxokYTExY2UxZWItZDQwMS0wMmRjLTJjNDAtNWE4NTJlZGRjN2ZkEAAaDQjG_tiYBhIFCOgHEABCAEoA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=6c796ab84237bd02425d00c2288db439b86b7dfa3f5768eaa303e75e304c6632791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA2Yzc5NmFiODQyMzdiZDAyNDI1ZDAwYzIyODhkYjQzOWI4NmI3ZGZhM2Y1NzY4ZWFhMzAzZTc1ZTMwNGM2NjMyNzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA2Yzc5NmFiODQyMzdiZDAyNDI1ZDAwYzIyODhkYjQzOWI4NmI3ZGZhM2Y1NzY4ZWFhMzAzZTc1ZTMwNGM2NjMyNzkxNDI2YjU0MTdkY2UyMRAAGgwIxv7YmAYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=8653acb5-d071-498f-9a51-45637a346203
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=8653acb5-d071-498f-9a51-45637a346203
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=8653acb5-d071-498f-9a51-45637a346203
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
x-samesite
secure
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111
content-type
text/html; charset=utf-8
sd
us-u.openx.net/w/1.0/ Frame 9ADE
Redirect Chain
  • https://ib.adnxs.com/getuid?https://us-u.openx.net/w/1.0/sd?id=537072399&val=$UID
  • https://us-u.openx.net/w/1.0/sd?id=537072399&val=4032320738726574262
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072399&val=4032320738726574262
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:14 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
226d7fa3-f04b-40e5-8653-f92fd5d58b58
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://us-u.openx.net/w/1.0/sd?id=537072399&val=4032320738726574262
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame 9ADE
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ac0ce2f0-05ec-8f46-b337-58e17f756dc5
  • https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ac0ce2f0-05ec-8f46-b337-58e17f756dc5&dcc=t
43 B
892 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ac0ce2f0-05ec-8f46-b337-58e17f756dc5&dcc=t
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
C59W9BTHTFRAXSVACMYX
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:14 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
5307J9HJTNWKEWSCMN1P
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=ac0ce2f0-05ec-8f46-b337-58e17f756dc5&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9ADE
Redirect Chain
  • https://ad.turn.com/r/cs?pid=9&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537073061&val=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073061&val=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?id=537073061&val=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
sd
us-u.openx.net/w/1.0/ Frame 9ADE
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D&_test=YxY-RgAE-bZcqQBN
  • https://us-u.openx.net/w/1.0/sd?id=537148856&val=YxY-RgAE-bZcqQBN&_test=YxY-RgAE-bZcqQBN
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YxY-RgAE-bZcqQBN&_test=YxY-RgAE-bZcqQBN
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
server
Varnish
x-timer
S1662402374.087060,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://us-u.openx.net/w/1.0/sd?id=537148856&val=YxY-RgAE-bZcqQBN&_test=YxY-RgAE-bZcqQBN
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
601df8c9-89ea-a6f5-42ee-cc83e8116b6c
pr-bh.ybp.yahoo.com/sync/openx/ Frame 9ADE 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/601df8c9-89ea-a6f5-42ee-cc83e8116b6c?gdpr=0
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:19f8:d00:d1ab:5f75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security
max-age=31536000
content-length
43
x-content-type-options
nosniff
sd
us-u.openx.net/w/1.0/ Frame 9ADE
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=f4da9e8d-1946-34bc-7339-da761746a625&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&ttd_puid=f4da9e8d-1946-34bc-7339-da761746a625&gdpr=0&gdpr_consent=
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&ttd_puid=f4da9e8d-1946-34bc-7339-da761746a625&gdpr=0&gdpr_consent=
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&ttd_puid=f4da9e8d-1946-34bc-7339-da761746a625&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
335
pixel
cm.g.doubleclick.net/ Frame 9ADE 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZDhiNTRkNDctZDAzMS02YTE4LTY2ZDktODBjZmRkYTQ2ODQ1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9ADE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEPbywIcci5JuPukoWk7tBU&google_cver=1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEPbywIcci5JuPukoWk7tBU&google_cver=1
Requested by
Host: us-u.openx.net
URL: https://us-u.openx.net/w/1.0/pd?plm=10&ph=eda0710e-2847-4e25-9f9c-d56d6d9d553e&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://us-u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEEPbywIcci5JuPukoWk7tBU&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cksync.php
contextual.media.net/ Frame C02B
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=0&gdpr_consent=&gdpr_pd=1
  • https://t.pswec.com/bsw_sync?ssp=medianet&bsw_user_id=114cb03c-984e-472c-86ef-eff5c043abf4
  • https://t.pswec.com/ul_cb/bsw_sync?ssp=medianet&bsw_user_id=114cb03c-984e-472c-86ef-eff5c043abf4
  • https://x.bidswitch.net/sync?dsp_id=2&user_id=c66f65b1-dcab-4b0a-9fe6-272db7b54da8&expires=3&user_group=1&ssp=medianet
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
45 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: hbx.media.net
URL: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&cid=AAX24X4M7&cmode=1&cv=35&prvid=97,109,175,214,251&gdpr=0&gdprconsent=0&usp_status=0&usp_consent=1&https=1
Protocol
H2
Server
184.29.128.24 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-24.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://hbx.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
server
Apache
date
Mon, 05 Sep 2022 18:26:15 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 05 Sep 2022 18:26:15 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 05 Sep 2022 18:26:14 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
usersync.aspx
dis.criteo.com/dis/ Frame C02B 		43 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
Requested by
Host: hbx.media.net
URL: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&cid=AAX24X4M7&cmode=1&cv=35&prvid=97,109,175,214,251&gdpr=0&gdprconsent=0&usp_status=0&usp_consent=1&https=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.150 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://hbx.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
server
Kestrel
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
307949
content-type
image/gif
expires
Mon, 05 Sep 2022 00:00:00 GMT
cksync.php
contextual.media.net/ Frame C02B
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=medianet&ssp_user_id=3054039741454857000V10
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=medianet&ssp_user_id=3054039741454857000V10
  • https://contextual.media.net/cksync.php?type=mf&ovsid=648dfd80-5793-4326-80c2-ef74a1d94944&cs=1
45 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?type=mf&ovsid=648dfd80-5793-4326-80c2-ef74a1d94944&cs=1
Requested by
Host: hbx.media.net
URL: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&cid=AAX24X4M7&cmode=1&cv=35&prvid=97,109,175,214,251&gdpr=0&gdprconsent=0&usp_status=0&usp_consent=1&https=1
Protocol
H2
Server
184.29.128.24 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-24.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://hbx.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
server
Apache
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 05 Sep 2022 18:26:14 GMT

Redirect headers

location
//contextual.media.net/cksync.php?type=mf&ovsid=648dfd80-5793-4326-80c2-ef74a1d94944&cs=1
date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
cksync.php
contextual.media.net/ Frame C02B
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=medianet
  • https://creativecdn.com/cm-notify?pi=medianet&tc=1
  • https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=jKp84PibmTAX9uA4k7JP&pi=medianet&tc=1
45 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=jKp84PibmTAX9uA4k7JP&pi=medianet&tc=1
Requested by
Host: hbx.media.net
URL: https://hbx.media.net/checksync.php?&vsSync=1&cs=1&cid=AAX24X4M7&cmode=1&cv=35&prvid=97,109,175,214,251&gdpr=0&gdprconsent=0&usp_status=0&usp_consent=1&https=1
Protocol
H2
Server
184.29.128.24 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-24.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://hbx.media.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
server
Apache
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Mon, 05 Sep 2022 18:26:14 GMT

Redirect headers

location
https://contextual.media.net/cksync.php?cs=1&vsid=%7BMedia.net_User_id%7D&type=rbh&ovsid=jKp84PibmTAX9uA4k7JP&pi=medianet&tc=1
pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT, Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-cache, no-store, must-revalidate, private, max-age=0
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
identify
identity.mparticle.com/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://identity.mparticle.com/v1/identify
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-mp-key
Access-Control-Request-Method
POST
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-mp-key
access-control-allow-methods
POST
access-control-allow-origin
*
age
2324
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Kestrel
strict-transport-security
max-age=900
via
1.1 varnish
x-cache
HIT
x-cache-hits
2294
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by
cache-yul12823-YUL
x-timer
S1662402374.096845,VS0,VE0
gtm.js
www.googletagmanager.com/ 		133 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TR7GVNJ&l=dl_mparticle
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d85f14c7c6e7b5d4958cee60d4d39f4f12f37e0102920a7962e0e49bc2cadd17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46203
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Sep 2022 18:26:14 GMT
gtm.js
www.googletagmanager.com/ 		141 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MW2G74V&l=mp_data_layer
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
02f0f55e9b67dc13c26475a6d285dd13febd09128f48cb59bbd7d62073669a7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
46915
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Sep 2022 18:26:14 GMT
identify
identity.mparticle.com/v1/ 		175 B
268 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://identity.mparticle.com/v1/identify
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
37da4b71617ed7bac9f388a0b8f1334b8f3c6fbadc1510cb9ce5bab13de9e5ed
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

x-mp-key
us1-99b65fde89a1a145894d2d51d283cc83
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
Kestrel
x-timer
S1662402374.109233,VS0,VE31
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by
cache-yul12823-YUL
vary
Accept-Encoding
x-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=900
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
tinypass.min.js
cdn.tinypass.com/api/ 		324 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.tinypass.com/api/tinypass.min.js?version=2
Requested by
Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=SE0WzqlbUG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6b10e6c3a812d3cb7081fa6014bc5aa6f8fbee831adbddc5df3bb5da8e1ac05
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
7555
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id
5TAZKJT4EXEEF8M0
x-amz-id-2
R0QOtJBfU+OBQVBJqgJglg6PJN7VrML11XUj8fg6CU9jdBk1wWz7d3FsoBn/Hf5L9NC0xpRX4SY=
last-modified
Mon, 05 Sep 2022 08:19:40 GMT
server
cloudflare
etag
W/"799d3dd9a4843df3fe80c8bbaa685990"
strict-transport-security
max-age=86400; includeSubDomains
content-type
application/javascript
cache-control
public, max-age=14400
x-amz-version-id
iTF4N7Ez6s3srL2g2fa0GHN8xp7UIlFP
cf-ray
746103160ac5ecf2-YUL
expires
Mon, 05 Sep 2022 22:26:14 GMT
controltag.js.387e8802bbd0d9fbfa52c1546d7297df
cdn.krxd.net/ctjs/ 		259 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/uepn18565.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d1872ace7c3af8a214bec239d58ad3d4f3e0d5eee7a18bb416aa9cd28fff233d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
age
11278423
x-amz-server-side-encryption
AES256
x-cache
HIT
x-cache-hits
1079650
content-length
84742
x-served-by
cache-yul12830-YUL
last-modified
Thu, 28 Apr 2022 05:17:05 GMT
x-timer
S1662402374.077372,VS0,VE0
etag
"387e8802bbd0d9fbfa52c1546d7297df"
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=315360000
accept-ranges
bytes
expires
Sun, 25 Apr 2032 05:17:04 GMT
quant.js
secure.quantserve.com/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: c.jsrdn.com
URL: https://c.jsrdn.com/s/cs.js?p=22507
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:b08a:1dc5:659b:4055 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
32cf0a8fe53899cf276cb12df8c8f5f1558bfb49a803502eda8296818dafef6f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
etag
"3K3nn1ChiYCKxJYFUmbsHw=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 12 Sep 2022 18:26:14 GMT
1.js
s.jsrdn.com/s/ 		72 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.jsrdn.com/s/1.js?p=22507&r=ijsl&k=dmMJMjAyMjA0MjkJdQllNmVkYTgyMi0wZTFmLTQ1ZTAtYTRhOS1lZjIyMzU3MTA3YTQJdW4JMQl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl0Zwljcy5qcwlidAkyMDIyLTA5LTA1VDE4OjI2OjE0KzAwOjAwCWRjCXV0Zi04CWJsCWVuLXVzCWJmCTMJZHcJMTYwMAlkaAkxMjAwCWJjCTEJYnAJMQliZAkyNAlidwkxNjAwCWJoCTEyMDAJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAl1ZAkJcGIJMAlwdgkwCXBxCTAJY3cJCWFjcgl1bmRlZmluZWQJZHIJCWt3CW5lYXJseSAxMyAwMDAgY2FuYWRpYW5zIHBvdGVudGlhbGx5IHZpY3RpbXMgY2VyYiBmcmF1ZCBoYWNrZXJzIGFjY2Vzc2VkIGNyYSBhY2NvdW50cyAyMDIwCXByZgl1bmRlZmluZWQ
Requested by
Host: c.jsrdn.com
URL: https://c.jsrdn.com/s/cs.js?p=22507
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
be39f7c8d9e0ecb9341608717214dd699a781be039aa3b02c30bb5ce5161217b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
Apache
vary
Accept-Encoding
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
text/javascript
content-length
19357
expires
Mon, 26 Jul 1997 05:00:00 GMT
iu3
s.amazon-adsystem.com/ Frame 094A
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&dcc=t
298 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
d27a268d63e4a18800c7d12e7f9e73ed496c8f265fcd92913a0f6566727ece35
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
298
Content-Type
text/html;charset=ISO-8859-1
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
VEJNSQV95Z2FRJRQBX6E

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
Y1B65980SKZP6W2VJTCM
v2
api.viafoura.co/v2/nationalpost.com/bootstrap/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viafoura.co/v2/nationalpost.com/bootstrap/v2
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:44f0:4864:b609:1375:60a5:e0dc Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
52b74d98ab88a9aa9b379755c7850c63be30b6a23e56742a238c4a06db5d5e92

Request headers

Accept
application/json, text/plain, */*
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
x-instance-id
i-0d5371b8b8094eb15
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://nationalpost.com
cache-control
max-age=0
access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires
Mon, 05 Sep 2022 18:26:14 GMT
v2
api.viafoura.co/v2/nationalpost.com/bootstrap/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.viafoura.co/v2/nationalpost.com/bootstrap/v2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:44f0:4864:b609:1375:60a5:e0dc Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
access-control-allow-origin
https://nationalpost.com
access-control-max-age
1728000
cache-control
max-age=0
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Mon, 05 Sep 2022 18:26:14 GMT
server
nginx/1.18.0 (Ubuntu)
Forwarding
jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/ 		0
198 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1662402374.231219,VS0,VE15
x-served-by
cache-yul12828-YUL
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
Forwarding
jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1662402374.230986,VS0,VE15
x-served-by
cache-yul12828-YUL
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
Forwarding
jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1662402374.231007,VS0,VE17
x-served-by
cache-yul12828-YUL
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
Forwarding
jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1662402374.231312,VS0,VE15
x-served-by
cache-yul12828-YUL
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
gtm.js
www.googletagmanager.com/ 		120 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NFGNKKG&l=gtm_data_layer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dafb664b5a843f25925218894253be4adedce11b5b3a23728558d43e3f5437ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45067
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Sep 2022 18:26:14 GMT
gtm.js
www.googletagmanager.com/ 		268 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P3Q4QHW&l=gtm_data_layer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3c2f71bfe1e4fbf520bbc1081f5addbfd8f6afd3491cf0eb284975e128fa5b3c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
81299
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 05 Sep 2022 18:26:14 GMT
ribn.min.js
assets.ribn.com/production/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.ribn.com/production/ribn.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:3000:7:75d4:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d22c2b457592d1f744afe93fdca6657e1985e47f0fade89674ae45ebce1d6428

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:15:02 GMT
content-encoding
br
last-modified
Wed, 28 Oct 2020 14:49:59 GMT
server
AmazonS3
age
18679
etag
W/"6b213f30955b664fd78dc9e388b17e54"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 10a23502057a5449ee9e08eab6e9c0d4.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
x-amz-cf-id
-v7Td7GtidVOHD764bucJF1aGhcQ0Bq7qNKOnL7dKRlvD_k3QWtj2w==
ribn-postmedia.min.js
assets.ribn.com/v2/production/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.ribn.com/v2/production/ribn-postmedia.min.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:3000:7:75d4:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c81cab8c63d469329c0e0724770c6c8622f0d5d1fb8b6f919b6d7dddfadba190

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 11:11:30 GMT
content-encoding
br
last-modified
Wed, 01 Sep 2021 18:06:03 GMT
server
AmazonS3
age
26086
etag
W/"baaa6497dd2dea88d8fdb6d6cca08cf2"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 10a23502057a5449ee9e08eab6e9c0d4.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P2
x-amz-cf-id
E3SYSV8P9LOaR9q-xwWMqK0ssq-hnBCez8nKzJypMZoL_v_RUGTQHw==
proxy.3d2100fd7107262ecb55ce6847f01fa5.html
cdn.krxd.net/partnerjs/xdi/ Frame D751 		805 B
827 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
39252895
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
525
content-type
text/html
date
Mon, 05 Sep 2022 18:26:14 GMT
etag
"3d2100fd7107262ecb55ce6847f01fa5"
expires
Fri, 19 Feb 2027 17:50:50 GMT
last-modified
Tue, 21 Feb 2017 17:50:54 GMT
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
336546
x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
x-served-by
cache-yul12830-YUL
x-timer
S1662402374.269256,VS0,VE0
match
c1.adform.net/serving/cookie/ Frame 1F2E
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&cid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
  • https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
35 B
467 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.167.164.43 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
image/gif
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
-1
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-max-age
86400
cache-control
no-cache, no-store, must-revalidate, no-transform
content-length
0
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
-1
location
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 243A
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YxY-RgAE-bZcqQBN&gdpr=0&gdpr_consent=
1 B
452 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YxY-RgAE-bZcqQBN&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
1
content-type
text/html; charset=utf-8
date
Mon, 05 Sep 2022 05:32:32 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

accept-ranges
bytes
cache-control
no-cache
content-length
0
date
Mon, 05 Sep 2022 18:26:14 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YxY-RgAE-bZcqQBN&gdpr=0&gdpr_consent=
pragma
no-cache
retry-after
0
server
Varnish
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-yul12832-YUL
x-timer
S1662402374.275091,VS0,VE0
Pug
image2.pubmatic.com/AdServer/ Frame 993F
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFENjgwN0dMSDhBQUE2MTR4dmV5QQ&bee_sync_partners=sas%2Cpp%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&...
  • https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Csyn%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAD6807GLH8AAA614xveyA&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Csyn%252Cpm%26bee_sy...
  • https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pp%2Csyn%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=2&userid=691582321626813154
  • https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AAD6807GLH8AAA614xveyA&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D691582321626813154%26bee_sync_partners%3Dsyn%252Cpm%26b...
  • https://match.prod.bidr.io/cookie-sync?userid=691582321626813154&bee_sync_partners=syn%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=3&ev=AAD6807GLH8AAA614xveyA&pid=558...
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AAD6807GLH8AAA614xveyA&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fuserid%3D691582321626813154%26bee_sync_partners%3Dpm%26bee_syn...
  • https://match.prod.bidr.io/cookie-sync?userid=691582321626813154&bee_sync_partners=pm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=4
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD6807GLH8AAA614xveyA
42 B
278 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD6807GLH8AAA614xveyA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 18:26:15 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
nginx
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD6807GLH8AAA614xveyA
strict-transport-security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 28F7
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:df576316-3f46-4a00-aa04-f79bbd66aad7&gdpr=0&gdpr_consent=
42 B
406 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:df576316-3f46-4a00-aa04-f79bbd66aad7&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 04:51:01 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Mon, 05 Sep 2022 18:26:13 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 4505 5b23575 master ord-pixel-x49 config:1.0.0
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:df576316-3f46-4a00-aa04-f79bbd66aad7&gdpr=0&gdpr_consent=
Pug
simage2.pubmatic.com/AdServer/ Frame CC3C
Redirect Chain
  • https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
  • https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=3975656e-2d48-11ed-b5ba-2ee251714aca
42 B
322 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=3975656e-2d48-11ed-b5ba-2ee251714aca
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 04:51:55 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Thu, 23 Sep 2004 17:42:04 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=3975656e-2d48-11ed-b5ba-2ee251714aca
P3P
CP="NOI OTC OTP OUR NOR"
Pragma
no-cache
X-RealServer-NX
lga-delivery-1
server
Cowboy
141
match.deepintent.com/usersync/ Frame D111 		0
222 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS
g.deepintent.com
Software
b /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-length
0
content-type
image/gif
date
Mon, 05 Sep 2022 18:26:13 GMT
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
server
b
Pug
simage2.pubmatic.com/AdServer/ Frame 0C67
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
42 B
113 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

cache-control
no-cache
content-length
0
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Mon, 05 Sep 2022 00:00:00 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
3105007
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
Pug
simage2.pubmatic.com/AdServer/ Frame C53A
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=11
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=AbRAvIwhQax0rZSP3crf7pU4mbQ
42 B
203 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=AbRAvIwhQax0rZSP3crf7pU4mbQ
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Length
159
Content-Type
text/html; charset=utf-8
Date
Mon, 05 Sep 2022 18:26:14 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=AbRAvIwhQax0rZSP3crf7pU4mbQ
Pug
simage2.pubmatic.com/AdServer/ Frame 09AF
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Tk410fV91OvgNw5&gdpr=0&gdpr_consent=
42 B
196 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Tk410fV91OvgNw5&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Date
Mon, 05 Sep 2022 18:26:13 GMT
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:Tk410fV91OvgNw5&gdpr=0&gdpr_consent=
Pragma
no-cache
Server
PingMatch/5cd8a5d#5cd8a5dae4649c563ed7e6eb1dd90a4f2423ff29 i-02a5df5b40c1492de@us-east-1d@dxedge-app-us-east-1-prod-asg
Strict-Transport-Security
max-age=2592000; includeSubDomains
Pug
simage2.pubmatic.com/AdServer/ Frame 891F
Redirect Chain
  • https://ums.acuityplatform.com/tum?umid=6
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=690798747565
42 B
269 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=690798747565
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 09:39:11 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Content-Length
0
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=690798747565
Pug
simage2.pubmatic.com/AdServer/ Frame 0D27
Redirect Chain
  • https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1662402374399
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=697179384
  • https://sync.1rx.io/usersync/tradedesk/a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
  • https://sync.targeting.unrulymedia.com/csync/RX-092afed4-7c33-48da-ae97-84a34a7748d6-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-092afed4-7c33-48da-ae97-84a34a7748d6-005
42 B
373 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-092afed4-7c33-48da-ae97-84a34a7748d6-005
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Connection
keep-alive
Content-Type
text/html
Date
Mon, 05 Sep 2022 18:26:14 GMT
ETag
RX092afed47c3348daae9784a34a7748d6005
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-092afed4-7c33-48da-ae97-84a34a7748d6-005
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Transfer-Encoding
chunked
i.match
s.tribalfusion.com/z/ Frame 6E2C
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATI...
  • https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMA...
43 B
416 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:230b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
746103182a707154-YUL
content-length
43
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
302

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache private
cf-cache-status
DYNAMIC
cf-ray
74610317890b7154-YUL
content-type
text/html
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}
p3p
CP="NOI DEVo TAIa OUR BUS"
pragma
no-cache
server
cloudflare
x-function
206
x-reuse-index
1848
pbmtc.gif
beacon.lynx.cognitivlabs.com/ Frame F296
Redirect Chain
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=134a6419-450f-4543-8f4e-e0949ee3912d&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=$...
  • https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
42 B
491 B 		Document
General
Check archive.org
Download Go to
Full URL
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
72.44.36.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-72-44-36-54.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Connection
keep-alive
Content-Length
42
Content-Type
image/gif
Date
Mon, 05 Sep 2022 18:26:14 GMT
Server
Kestrel

Redirect headers

cache-control
no-store, no-cache, private
date
Mon, 05 Sep 2022 18:26:14 GMT
location
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx
Pug
simage2.pubmatic.com/AdServer/ Frame 7EBB
Redirect Chain
  • https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
0
93 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
74610317895d4bd1-YUL
content-length
0
date
Mon, 05 Sep 2022 18:26:14 GMT
location
https://simage2.pubmatic.com/AdServer/Pug?vcode&gdpr_consent=null&piggybackCookie={viewer_token}&gdpr=0
server
cloudflare
Pug
simage2.pubmatic.com/AdServer/ Frame D290
Redirect Chain
  • https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7156887741677165914&uid=Q715688774167716...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7156887741677165914
42 B
220 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7156887741677165914
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Cache-Control
max-age=74526
Connection
keep-alive
Content-Length
154
Content-Type
text/html
Date
Mon, 05 Sep 2022 18:26:14 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7156887741677165914
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
Apache/2.4.6 (CentOS)
Vary
Accept-Encoding
X-Powered-By
PHP/7.3.33
aacxc.php
c.aaxads.com/ Frame 42E9 		69 B
489 B 		Document
General
Check archive.org
Download Go to
Full URL
https://c.aaxads.com/aacxc.php?fv=1&yvlg=3054039731454855000V10&wbsh=pba&uhiXuo=&ylg=24023738973054039731454855000V10&ryvlg=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.217.30.202 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-30-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
2425b660230bb48d5acfa6dc31dc7d417c427523544e605e23272bb135c6b658
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-length
69
content-type
image/gif
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA" CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
pragma
no-cache
server
Apache
strict-transport-security
max-age=604800
x-mnet-hl2
E
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6B7C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=2Tacpbj0TXK7GLm00gYgTw%3D%3D
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
server
Apache/2.2.15 (CentOS)
etag
"1300708-3de4-5d6ef246ef4cf"
vary
Accept-Encoding
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=91501
accept-ranges
bytes
content-type
text/html; charset=UTF-8
content-length
5549
expires
Tue, 06 Sep 2022 19:51:15 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
272
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
396846.gif
idsync.rlcdn.com/ Frame 6B7C
Redirect Chain
  • https://idsync.rlcdn.com/420486.gif?partner_uid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F
  • https://us-u.openx.net/w/1.0/cm?id=e508c905-ddce-4732-92a4-0b0f5b72a28f&r=https%3A%2F%2Fidsync.rlcdn.com%2F396846.gif%3Fserved_by%3Devergreen%26partner_uid%3D
  • https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a11ce1eb-d401-02dc-2c40-5a852eddc7fd
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a11ce1eb-d401-02dc-2c40-5a852eddc7fd
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://idsync.rlcdn.com/396846.gif?served_by=evergreen&partner_uid=a11ce1eb-d401-02dc-2c40-5a852eddc7fd
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
SPug
image4.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5d8e6316-3f46-4300-9c36-e08cab2310c1
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5d8e6316-3f46-4300-9c36-e08cab2310c1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date
Mon, 05 Sep 2022 18:26:14 GMT
Server
MT3 4505 5b23575 master ord-pixel-x48 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5d8e6316-3f46-4300-9c36-e08cab2310c1
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 05 Sep 2022 18:26:13 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RDkzNjlDQTUtQjhGNC00RDcyLUJCMTgtQjlCNEQyMDYyMDRG&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGseGz_aAmJizJkrmNQWSGc&google_cver=1
42 B
527 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGseGz_aAmJizJkrmNQWSGc&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGseGz_aAmJizJkrmNQWSGc&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:05EED659B2D148A3817D415113CAFFFA
42 B
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:05EED659B2D148A3817D415113CAFFFA
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:13 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date
Mon, 05 Sep 2022 18:26:14 GMT
x-content-type-options
nosniff
server
openresty
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:05EED659B2D148A3817D415113CAFFFA
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Sun, 04 Sep 2022 18:26:14 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
42 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 04:33:15 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
313
Pug
simage2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
1 B
255 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 05:36:44 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2758493619497113667&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
D9369CA5-B8F4-4D72-BB18-B9B4D206204F
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 6B7C 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/D9369CA5-B8F4-4D72-BB18-B9B4D206204F?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a01:19f8:d00:d1ab:5f75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
strict-transport-security
max-age=31536000
content-length
43
x-content-type-options
nosniff
SPug
image4.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-50bw4I1E2uUALci9kIGC3ThSGUWAfms-~A&gdpr=0&gdpr_consent=
0
128 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-50bw4I1E2uUALci9kIGC3ThSGUWAfms-~A&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.114 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-50bw4I1E2uUALci9kIGC3ThSGUWAfms-~A&gdpr=0&gdpr_consent=
date
Mon, 05 Sep 2022 18:26:14 GMT
server
ATS/9.1.10.25
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pug
simage2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&gdpr=0&gdpr_consent=
  • https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=6bb16993b48f0e71&is_secure=true&networkId=17100&version=1&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAE4HKEElTsqQNjDf7VAAAAAAA&expiration=1662488774&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&...
42 B
366 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAE4HKEElTsqQNjDf7VAAAAAAA&expiration=1662488774&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&is_secure=true&gdpr_consent=&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
nginx
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAE4HKEElTsqQNjDf7VAAAAAAA&expiration=1662488774&nuid=D9369CA5-B8F4-4D72-BB18-B9B4D206204F&is_secure=true&gdpr_consent=&gdpr=0
cache-control
no-cache, private, max-age=0, no-store
content-length
0
expires
0
Pug
simage2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_cons...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5e5d81cf-122b-4a9c-9108-7114f8719535&gdpr=0&gdpr_consent=
1 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5e5d81cf-122b-4a9c-9108-7114f8719535&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=5e5d81cf-122b-4a9c-9108-7114f8719535&gdpr=0&gdpr_consent=
Date
Mon, 05 Sep 2022 18:26:14 GMT
X-CI-RTID
2159ebd5-ea10-45d1-b465-26ca54376a20
Connection
keep-alive
Content-Length
205
Content-Type
text/html; charset=utf-8
Pug
image2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4032320738726574262&gdpr=0&gdpr_consent=
42 B
218 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4032320738726574262&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:14 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
194c7858-e330-4173-a8cd-06462c03a889
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=4032320738726574262&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4
42 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
42 B
217 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:13 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame 6B7C 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.243.198.75 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-243-198-75.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
  • https://x.bidswitch.net/sync?dsp_id=283&user_id=470ca248-9f37-4938-bef6-321cf2e74cb8&expires=1&user_group=5&ssp=pubmatic&bsw_param=114cb03c-984e-472c-86ef-eff5c043abf4
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
1 B
363 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
text/html; charset=utf-8
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=114cb03c-984e-472c-86ef-eff5c043abf4&gdpr=&gdpr_consent=&gdpr_pd=
Date
Mon, 05 Sep 2022 18:26:15 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
sn.ashx
pmp.mxptint.net/ Frame 6B7C
Redirect Chain
  • https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R1B331_F5BEBE1A_3BDBEA52&r=https://pmp.mxptint.net/sn.ashx?ak=1
  • https://pmp.mxptint.net/sn.ashx?ak=1
43 B
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pmp.mxptint.net/sn.ashx?ak=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
HTTP/1.1
Server
204.2.255.233 Bear, United States, ASN2914 (NTT-LTD-2914, US),
Reverse DNS
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=-345389174; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:14 GMT
Cache-Control
no-cache
Expires
-1
Content-Length
43
Strict-Transport-Security
max-age=-345389174; includeSubDomains
Content-Type
image/gif

Redirect headers

location
https://pmp.mxptint.net/sn.ashx?ak=1
date
Mon, 05 Sep 2022 04:51:56 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Pug
simage2.pubmatic.com/AdServer/ Frame 6B7C
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=273704926017452642
42 B
221 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=273704926017452642
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
no-store, no-cache, private
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
nginx
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=273704926017452642
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
get.js
buy.tinypass.com/api/v3/anon/captcha/ 		153 B
309 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buy.tinypass.com/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=SE0WzqlbUG
Requested by
Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e176f0cb3b3de1abda11f417b24482f2ebe28ff88c90c5d4e8f8ec5dc6b34858
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
87
p3p
CP="NON DSP COR OUR IND"
x-forwarded-https
on
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id
Mwl1rhrWYMJ
pragma
wn
prod-dash-10-0-139-251
last-modified
Mon, 05 Sep 2022 18:20:20 GMT
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains
content-type
application/javascript
server-time
0.003
cache-control
public, max-age=1200
cf-ray
74610317fdd4ecf2-YUL
expires
Mon, 05 Sep 2022 18:46:14 GMT
execute
c2.piano.io/xbuilder/experience/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2.piano.io/xbuilder/experience/execute?aid=SE0WzqlbUG
Requested by
Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81258da3ba59ff849aa0e0cd526b5b947667e44879de7d0f83fb1e53c27fcba8
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Accept
application/json
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding, Origin
cf-cache-status
DYNAMIC
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id
wtz3j0wmno
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://nationalpost.com
access-control-expose-headers
Composer-Request-Control-Policy
cache-control
no-cache, no-store
access-control-allow-credentials
true
cf-ray
746103183a867154-YUL
identify
identity.mparticle.com/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://identity.mparticle.com/v1/identify
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-mp-key
Access-Control-Request-Method
POST
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
content-type,x-mp-key
access-control-allow-methods
POST
access-control-allow-origin
*
age
2325
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Kestrel
strict-transport-security
max-age=900
via
1.1 varnish
x-cache
HIT
x-cache-hits
2295
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by
cache-yul12823-YUL
x-timer
S1662402374.406298,VS0,VE0
identify
identity.mparticle.com/v1/ 		175 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://identity.mparticle.com/v1/identify
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
f04ce2a5a12a869d71d84af1de91f022ec292ff70b479144cc63966642b60c3a
Security Headers
Name Value
Strict-Transport-Security max-age=900

Request headers

x-mp-key
us1-99b65fde89a1a145894d2d51d283cc83
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
Kestrel
x-timer
S1662402374.420566,VS0,VE91
x-origin-name
4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by
cache-yul12823-YUL
vary
Accept-Encoding
x-cache
MISS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=900
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
identify
api.permutive.com/v2.0/ 		50 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/identify?k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
0e8f14055778572523749dac4a91cca0326c88bfac607ac705a57f1aae91d83d

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
via
1.1 google
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TR7GVNJ&l=dl_mparticle
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
1111
date
Mon, 05 Sep 2022 18:07:43 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Mon, 05 Sep 2022 20:07:43 GMT
Forwarding
jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1662402374.421961,VS0,VE25
x-served-by
cache-yul12828-YUL
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
js
www.googletagmanager.com/gtag/ 		206 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-7GC5VRWDF9&l=mp_data_layer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MW2G74V&l=mp_data_layer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9f09cb53c823d609859ec739d0d7e059688900803f428ec2fd07f790ed72f809
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
74539
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:14 GMT
Forwarding
jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/ 		0
59 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v1/JS/us1-99b65fde89a1a145894d2d51d283cc83/Forwarding
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
server
Kestrel
x-timer
S1662402375.556738,VS0,VE16
x-served-by
cache-yul12828-YUL
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache
MISS
access-control-allow-origin
*
accept-ranges
bytes
content-length
0
x-cache-hits
0
optout_check
beacon.krxd.net/ 		63 B
223 B 		Script
General
Check archive.org
Download Go to
Full URL
https://beacon.krxd.net/optout_check?callback=Krux.ns.postmedia.kxjsonp_optOutCheck
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
68910a4e5f85bcaf85782e3e6779e311e94ebff60a39fc8df48c5b1b071e05ea

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
private, max-age=0, s-max-age=0
x-request-time
D=25 t=1662402374
x-served-by
beacon-n015-ash-prod.krxd.net
content-type
text/javascript
rules-p-w9vzu-sGKCA0U.js
rules.quantcount.com/ 		209 B
681 B 		Script
General
Check archive.org
Download Go to
Full URL
https://rules.quantcount.com/rules-p-w9vzu-sGKCA0U.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:400:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cdee55a0f2c8717df6ca320512ab57001f4f9c30e6c6738b244c681bf8ec8e85

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 17:34:44 GMT
via
1.1 b1cccfee199a18a4097165436eb291a8.cloudfront.net (CloudFront)
age
3090
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
209
last-modified
Tue, 23 Aug 2022 14:05:55 GMT
server
AmazonS3
etag
"8ae7975745d11995771b72ad73395e5e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
x-amz-cf-id
kQU82uSN-2Hm5oNUpvFMGRqUXdt-nVwcxSpdTP4XfKmfDEj-_8Utrg==
thirdpartycookie
api.viafoura.co/v2/nationalpost.com/ 		45 B
648 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.viafoura.co/v2/nationalpost.com/thirdpartycookie?section=
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:44f0:4864:b609:1375:60a5:e0dc Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
61a2b2588acde0ccae626edbff25bbe32c1ff43cc0d89859c4ef48af507cd356

Request headers

Accept
application/json, text/plain, */*
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
x-instance-id
i-0e5a31363c11b8b26
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://nationalpost.com
cache-control
max-age=0
access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires
Mon, 05 Sep 2022 18:26:14 GMT
42fb57ac-2013-45a6-8dad-332d53e17c1b
consumer.krxd.net/consent/get/ 		239 B
432 B 		Script
General
Check archive.org
Download Go to
Full URL
https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_0
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8ddf9e8fa96d1bbbeaf292ca94fc082dde61e4a6be90c87f8b2609fd88edbd4d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
age
1264
x-served-by
consumer-a016-ash-prod.krxd.net, cache-yul12834-YUL
vary
Accept-Encoding
x-cache
MISS, HIT
content-type
text/javascript; charset=UTF-8
content-encoding
gzip
cache-control
max-age=1800
x-age
0
accept-ranges
bytes
x-timer
S1662402375.508822,VS0,VE1
content-length
193
x-cache-hits
0, 1
pr
s.amazon-adsystem.com/v3/ Frame 8085 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
619a9c51ba467534bf3f9591f20ccca11a846dcb623c3e83a27363d16aad7911
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
1881
Content-Type
text/html;charset=ISO-8859-1
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
1D3XJG5XE6GTP23W3YTX
events
api.permutive.com/v2.0/batch/ 		101 B
129 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
a19191270ce5a7955e94f0bbe46e8c783943630af611659eb0de9fa2e5056fbc

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111
via
1.1 google
loadTemplateContext
buy.tinypass.com/api/v3/anon/template/ 		588 B
779 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://buy.tinypass.com/api/v3/anon/template/loadTemplateContext?aid=SE0WzqlbUG
Requested by
Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d16d95885d5401bc5249bf643ab9db38f48d82c8756810c466b18ef7ab3a2360
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

Accept
application/json
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
p3p
CP="NON DSP COR OUR IND"
x-forwarded-https
on
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id
Mqv1rhrbiox
pragma
no-cache
wn
prod-dash-10-0-117-130
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
server-time
0.002
cf-ray
746103196c674bd1-YUL
expires
0
cacheableShow
buy.tinypass.com/checkout/template/ Frame 6BB3 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Requested by
Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ecca70c597dd7dc67f362e2aa4ab68f99741ad38169333e83f69fd74e8621a78
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-methods
*
access-control-allow-origin
https://dashboard.piano.io
age
157
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
public, max-age=743
cf-cache-status
HIT
cf-ray
746103196c5a713e-YUL
content-encoding
br
content-type
text/html;charset=UTF-8
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Mon, 05 Sep 2022 18:38:37 GMT
last-modified
Mon, 05 Sep 2022 18:23:37 GMT
p3p
CP="NON DSP COR OUR IND"
pragma
server
cloudflare
server-time
0.001
strict-transport-security
max-age=86400; includeSubDomains
vary
accept-encoding
wn
prod-dash-10-0-95-168
x-forwarded-https
on
x-request-id
Mdr1rhrnhCi
x-xss-protection
0
uepn18565.js
cdn.krxd.net/controltag/ Frame D751 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/controltag/uepn18565.js
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d04f867c0d2fc8341972332239452b47758a664391fcbea84ea2a0832ef94b12

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish, 1.1 varnish
age
60
x-cache
MISS, HIT, HIT
x-app-cache
HIT
x-age
0
content-encoding
gzip
content-length
6579
x-served-by
config-service-a005-ash-prod.krxd.net, cache-iad-kcgs7200097-IAD, cache-yul12830-YUL
x-response-time
1
x-do-esi
esi
x-timer
S1662402375.647193,VS0,VE0
etag
"d19f236e6361fdec9f9b47b26ea8cf3f937bfe15"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=1200
accept-ranges
bytes
x-cache-hits
0, 1, 502
ds_vplayer_detached.min.js
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ 		628 KB
217 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Requested by
Host: c.jsrdn.com
URL: https://c.jsrdn.com/s/cs.js?p=22507
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
3d698e31208d0183fe977949e81a884f2f71ff20d92ae8c3832768a9ff037ad4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
last-modified
Fri, 17 Dec 2021 08:10:04 GMT
etag
"1639728604"
x-hw
1662402374.dop074.dc2.t,1662402374.cds101.dc2.hn,1662402374.cds043.dc2.c
content-type
application/javascript
cache-control
max-age=3913
accept-ranges
bytes
content-length
222041
comscore.streaming.5.4.0.161011.min.js
c5x8i7c7.ssl.hwcdn.net/comscore/ 		104 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/comscore/comscore.streaming.5.4.0.161011.min.js
Requested by
Host: c.jsrdn.com
URL: https://c.jsrdn.com/s/cs.js?p=22507
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
b1b74ea07c463aedbea9edda89204250207897ec3622ebef4786cc81edae4f23

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
last-modified
Fri, 23 Dec 2016 19:23:14 GMT
etag
"1482520994"
x-hw
1662402374.dop074.dc2.t,1662402374.cds101.dc2.hn,1662402374.cds203.dc2.c
content-type
application/javascript
cache-control
max-age=86400
accept-ranges
bytes
content-length
19733
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=0wze&k=ZQlpbQlhCTU3NwlkCXVzLWVhc3QtMWUJaAlpLTA2YzY4ZTg2ZGEwNGI3NDZiCXUJZTZlZGE4MjItMGUxZi00NWUwLWE0YTktZWYyMjM1NzEwN2E0CXYJYmZjMzI0ZTYtNzEzNy00YTJlLWFjZjgtNjEzNDcyNzcxMjFjCXZsCTIwMjIwOTA1LjE4MDAJdnQJMjAyMjA5MDUuMTgwMAl2cwkyMDIxMDUwNQl2YwkyMDIyMDQyOQlzdAkyMDIyMDkwNS4xODI2MTQJaQllOGQ0NTlhNy0zOTlhLTQ4ZTctOWQzOC04ZDExYmIwY2U3YWUJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAlxCWYzNmFjODI4LTYwODctNDI5OC05OTAyLWE5ZWJlY2Q1MjBiYgltCTIyMzQyCWIJNDMzCWcJOTQzCXQJNTMyMQljCTUzNzYJbAkxOTg2Ngl6CTE4OTQxCXMJNjY5NglwCTIyNTA3CXcJbmV3cwljcwlJQUIxMgljegkJZ2MJQ0EJZ3IJUUMJZ2QJZmFsc2UJZ24JQ29ycG9yYXRlCW5lCWltCW4JMAluZAlpbQlubgkwCXNkCW5hdGlvbmFscG9zdC5jb20Jc2UJNjI0MzE5NzAwOQltYwkzMDgxCW5mCWl2CXFwCTUwCXF0CTI1MDAJcG4JMzkyOQl2bgkxODMzOTU3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
dslogo_sm.png
a.jsrdn.com/creatives/site_logos/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.jsrdn.com/creatives/site_logos/dslogo_sm.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
5ea71bd07e560ea69f4bf12e5e48de530ce4a977ee361ed45ddcb581b060fd6c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
last-modified
Tue, 11 Apr 2017 20:07:40 GMT
etag
"1491941260"
x-hw
1662402374.dop207.dc2.t,1662402374.cds078.dc2.hn,1662402374.cds181.dc2.c
content-type
image/png
cache-control
max-age=9466
accept-ranges
bytes
content-length
2119
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=7ivh&k=ZQlyZAlhCTU4MAlkCXVzLWVhc3QtMWUJaAlpLTA2YzY4ZTg2ZGEwNGI3NDZiCXUJZTZlZGE4MjItMGUxZi00NWUwLWE0YTktZWYyMjM1NzEwN2E0CXYJYmZjMzI0ZTYtNzEzNy00YTJlLWFjZjgtNjEzNDcyNzcxMjFjCXZsCTIwMjIwOTA1LjE4MDAJdnQJMjAyMjA5MDUuMTgwMAl2cwkyMDIxMDUwNQl2YwkyMDIyMDQyOQlzdAkyMDIyMDkwNS4xODI2MTQJaQllOGQ0NTlhNy0zOTlhLTQ4ZTctOWQzOC04ZDExYmIwY2U3YWUJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAlxCWYzNmFjODI4LTYwODctNDI5OC05OTAyLWE5ZWJlY2Q1MjBiYgltCTIyMzQyCWIJNDMzCWcJOTQzCXQJNTMyMQljCTUzNzYJbAkxOTg2Ngl6CTE4OTQxCXMJNjY5NglwCTIyNTA3CXcJbmV3cwljcwlJQUIxMgljegkJZ2MJQ0EJZ3IJUUMJZ2QJZmFsc2UJZ24JQ29ycG9yYXRlCW5lCWltCW5kCWltCXNkCW5hdGlvbmFscG9zdC5jb20Jc2UJNjI0MzE5NzAwOQltYwkzMDgxCW5mCWl2CXFwCTUwCXF0CTI1MDAJcG4JMzkyOQl2bgkxODMzOTU3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=93fq&k=ZQlodglhCTU4MQlkCXVzLWVhc3QtMWUJaAlpLTA2YzY4ZTg2ZGEwNGI3NDZiCXUJZTZlZGE4MjItMGUxZi00NWUwLWE0YTktZWYyMjM1NzEwN2E0CXYJYmZjMzI0ZTYtNzEzNy00YTJlLWFjZjgtNjEzNDcyNzcxMjFjCXZsCTIwMjIwOTA1LjE4MDAJdnQJMjAyMjA5MDUuMTgwMAl2cwkyMDIxMDUwNQl2YwkyMDIyMDQyOQlzdAkyMDIyMDkwNS4xODI2MTQJaQllOGQ0NTlhNy0zOTlhLTQ4ZTctOWQzOC04ZDExYmIwY2U3YWUJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAlxCWYzNmFjODI4LTYwODctNDI5OC05OTAyLWE5ZWJlY2Q1MjBiYgltCTIyMzQyCWIJNDMzCWcJOTQzCXQJNTMyMQljCTUzNzYJbAkxOTg2Ngl6CTE4OTQxCXMJNjY5NglwCTIyNTA3CXcJbmV3cwljcwlJQUIxMgljegkJZ2MJQ0EJZ3IJUUMJZ2QJZmFsc2UJZ24JQ29ycG9yYXRlCW5lCWltCW5kCWltCXNkCW5hdGlvbmFscG9zdC5jb20Jc2UJNjI0MzE5NzAwOQltYwkzMDgxCW5mCWl2CXFwCTUwCXF0CTI1MDAJcG4JMzkyOQl2bgkxODMzOTU3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=f5q4&k=ZQl3cwlhCTU5MQlkCXVzLWVhc3QtMWUJaAlpLTA2YzY4ZTg2ZGEwNGI3NDZiCXUJZTZlZGE4MjItMGUxZi00NWUwLWE0YTktZWYyMjM1NzEwN2E0CXYJYmZjMzI0ZTYtNzEzNy00YTJlLWFjZjgtNjEzNDcyNzcxMjFjCXZsCTIwMjIwOTA1LjE4MDAJdnQJMjAyMjA5MDUuMTgwMAl2cwkyMDIxMDUwNQl2YwkyMDIyMDQyOQlzdAkyMDIyMDkwNS4xODI2MTQJaQllOGQ0NTlhNy0zOTlhLTQ4ZTctOWQzOC04ZDExYmIwY2U3YWUJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAlxCWYzNmFjODI4LTYwODctNDI5OC05OTAyLWE5ZWJlY2Q1MjBiYgltCTIyMzQyCWIJNDMzCWcJOTQzCXQJNTMyMQljCTUzNzYJbAkxOTg2Ngl6CTE4OTQxCXMJNjY5NglwCTIyNTA3CXcJbmV3cwljcwlJQUIxMgljegkJZ2MJQ0EJZ3IJUUMJZ2QJZmFsc2UJZ24JQ29ycG9yYXRlCW5lCWltCW5kCWltCXNkCW5hdGlvbmFscG9zdC5jb20Jc2UJNjI0MzE5NzAwOQltYwkzMDgxCW5mCWl2CXFwCTUwCXF0CTI1MDAJcG4JMzkyOQl2bgkxODMzOTU3CXdzCTAwOiBzaXplIDU2NCwzMTc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=96gf&k=ZQl3dwlhCTU5MglkCXVzLWVhc3QtMWUJaAlpLTA2YzY4ZTg2ZGEwNGI3NDZiCXUJZTZlZGE4MjItMGUxZi00NWUwLWE0YTktZWYyMjM1NzEwN2E0CXYJYmZjMzI0ZTYtNzEzNy00YTJlLWFjZjgtNjEzNDcyNzcxMjFjCXZsCTIwMjIwOTA1LjE4MDAJdnQJMjAyMjA5MDUuMTgwMAl2cwkyMDIxMDUwNQl2YwkyMDIyMDQyOQlzdAkyMDIyMDkwNS4xODI2MTQJaQllOGQ0NTlhNy0zOTlhLTQ4ZTctOWQzOC04ZDExYmIwY2U3YWUJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAlxCWYzNmFjODI4LTYwODctNDI5OC05OTAyLWE5ZWJlY2Q1MjBiYgltCTIyMzQyCWIJNDMzCWcJOTQzCXQJNTMyMQljCTUzNzYJbAkxOTg2Ngl6CTE4OTQxCXMJNjY5NglwCTIyNTA3CXcJbmV3cwljcwlJQUIxMgljegkJZ2MJQ0EJZ3IJUUMJZ2QJZmFsc2UJZ24JQ29ycG9yYXRlCW5lCWltCW5kCWltCXNkCW5hdGlvbmFscG9zdC5jb20Jc2UJNjI0MzE5NzAwOQltYwkzMDgxCW5mCWl2CXFwCTUwCXF0CTI1MDAJcG4JMzkyOQl2bgkxODMzOTU3CXd3CUdEUFI6MDo6OkNDUEE6MDo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=nc8s&k=ZQltYwlhCTU5MglkCXVzLWVhc3QtMWUJaAlpLTA2YzY4ZTg2ZGEwNGI3NDZiCXUJZTZlZGE4MjItMGUxZi00NWUwLWE0YTktZWYyMjM1NzEwN2E0CXYJYmZjMzI0ZTYtNzEzNy00YTJlLWFjZjgtNjEzNDcyNzcxMjFjCXZsCTIwMjIwOTA1LjE4MDAJdnQJMjAyMjA5MDUuMTgwMAl2cwkyMDIxMDUwNQl2YwkyMDIyMDQyOQlzdAkyMDIyMDkwNS4xODI2MTQJaQllOGQ0NTlhNy0zOTlhLTQ4ZTctOWQzOC04ZDExYmIwY2U3YWUJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAlxCWYzNmFjODI4LTYwODctNDI5OC05OTAyLWE5ZWJlY2Q1MjBiYgltCTIyMzQyCWIJNDMzCWcJOTQzCXQJNTMyMQljCTUzNzYJbAkxOTg2Ngl6CTE4OTQxCXMJNjY5NglwCTIyNTA3CXcJbmV3cwljcwlJQUIxMgljegkJZ2MJQ0EJZ3IJUUMJZ2QJZmFsc2UJZ24JQ29ycG9yYXRlCW5lCWltCW5kCWltCXNkCW5hdGlvbmFscG9zdC5jb20Jc2UJNjI0MzE5NzAwOQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1NwltYwlhbHJlYWR5LC8vcHViYWRzLmcuZG91YmxlY2xpY2submV0L2dhbXBhZC9hZHM_aXU9LzIxODc0MTU1MTMzLDMwODEvMjI1MDdfNDk1MzAzNjcwOSZkZXNjcmlwdGlvbl91cmw9aHR0cHMlM0ElMkYlMkZuYXRpb25hbHBvc3QuY29tJTJGbmV3cyUyRnBvbGl0aWNzJTJGbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAmdGZjZD0wJm5wYT0wJnN6PTY0MHg0ODAlN0MxMjgweDcyMCU3QzE5MjB4MTA4MCU3QzQwMHgzMDAmY3VzdF9wYXJhbXM9ZHNtY20lM0QxJTI2ZHNkJTNEbmF0aW9uYWxwb3N0LmNvbSZnZGZwX3JlcT0xJm91dHB1dD12YXN0JnVudmlld2VkX3Bvc2l0aW9uX3N0YXJ0PTEmZW52PXZwJmltcGw9cyZjb3JyZWxhdG9yPTgwOTgyNyZnZHByPTAmZ2Rwcl9jb25zZW50PSZ1c19wcml2YWN5PQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=6vi6&k=ZQltYwlhCTU5MwlkCXVzLWVhc3QtMWUJaAlpLTA2YzY4ZTg2ZGEwNGI3NDZiCXUJZTZlZGE4MjItMGUxZi00NWUwLWE0YTktZWYyMjM1NzEwN2E0CXYJYmZjMzI0ZTYtNzEzNy00YTJlLWFjZjgtNjEzNDcyNzcxMjFjCXZsCTIwMjIwOTA1LjE4MDAJdnQJMjAyMjA5MDUuMTgwMAl2cwkyMDIxMDUwNQl2YwkyMDIyMDQyOQlzdAkyMDIyMDkwNS4xODI2MTQJaQllOGQ0NTlhNy0zOTlhLTQ4ZTctOWQzOC04ZDExYmIwY2U3YWUJZglodHRwczovL25hdGlvbmFscG9zdC5jb20vbmV3cy9wb2xpdGljcy9uZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMAlxCWYzNmFjODI4LTYwODctNDI5OC05OTAyLWE5ZWJlY2Q1MjBiYgltCTIyMzQyCWIJNDMzCWcJOTQzCXQJNTMyMQljCTUzNzYJbAkxOTg2Ngl6CTE4OTQxCXMJNjY5NglwCTIyNTA3CXcJbmV3cwljcwlJQUIxMgljegkJZ2MJQ0EJZ3IJUUMJZ2QJZmFsc2UJZ24JQ29ycG9yYXRlCW5lCWltCW5kCWltCXNkCW5hdGlvbmFscG9zdC5jb20Jc2UJNjI0MzE5NzAwOQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1NwltYwlkZnBfbWNtXywvL3B1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldC9nYW1wYWQvYWRzP2l1PS8zNDIzMDEwOSwzMDgxLzIyNTA3Xzg4NTgwNjk4OTcmZGVzY3JpcHRpb25fdXJsPWh0dHBzJTNBJTJGJTJGbmF0aW9uYWxwb3N0LmNvbSUyRm5ld3MlMkZwb2xpdGljcyUyRm5lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwJnRmY2Q9MCZucGE9MCZzej02NDB4NDgwJTdDMTI4MHg3MjAlN0MxOTIweDEwODAlN0M0MDB4MzAwJmN1c3RfcGFyYW1zPWRzbWNtJTNEMSUyNmRzZCUzRG5hdGlvbmFscG9zdC5jb20mZ2RmcF9yZXE9MSZvdXRwdXQ9dmFzdCZ1bnZpZXdlZF9wb3NpdGlvbl9zdGFydD0xJmVudj12cCZpbXBsPXMmY29ycmVsYXRvcj03OTM5NTYmZ2Rwcj1fX0lTX0dEUFJfXyZnZHByX2NvbnNlbnQ9X19HRFBSX0NPTlNFTlRfXyZ1c19wcml2YWN5PV9fQ0NQQV9GTEFHX18
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
events
jssdks.mparticle.com/v3/JS/us1-99b65fde89a1a145894d2d51d283cc83/ 		41 B
157 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://jssdks.mparticle.com/v3/JS/us1-99b65fde89a1a145894d2d51d283cc83/events
Requested by
Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-99b65fde89a1a145894d2d51d283cc83/mparticle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Kestrel /
Resource Hash
86cfb92760978f2c1c23f37303692dd2de3d35956777be1342fbac7408477662

Request headers

Accept
text/plain;charset=UTF-8
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
Kestrel
x-timer
S1662402375.700573,VS0,VE16
x-origin-name
7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by
cache-yul12828-YUL
vary
Accept-Encoding
x-cache
MISS
content-type
application/json
access-control-allow-origin
*
accept-ranges
bytes
via
1.1 varnish
x-cache-hits
0
tpd
api.permutive.com/v2.0/ 		2 B
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/tpd?k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22
via
1.1 google
intl-messageformat.d63ade332623754d0fe9.js
cdn.viafoura.net/chunks/vendors~languages/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/vendors~languages/intl-messageformat.d63ade332623754d0fe9.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
54a4d3db85ff98894b08eb0dd28cdfd2365fd592cba74b263299b97295d2fdde

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428127
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:19 GMT
server
AmazonS3
etag
W/"f8aa60b957236643195937f1e68d7ded"
vary
Accept-Encoding
x-amz-version-id
4yNYDOd69ZpCRQ35ihIHSc9hf_RC8cft
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
iJoAu0nt0cnzaiKpAEhYMVL9Y_3yHv3TtC4L9-CN7HQz1YvkijgjIw==
intl-messageformat.61a00dace99cd8aa706d.js
cdn.viafoura.net/chunks/languages/ 		134 B
522 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/languages/intl-messageformat.61a00dace99cd8aa706d.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bcdb1de77d2b08299869059ba0bfd2b8063291bd5d2993ca37c39b2e352c3065

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
age
428127
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
content-length
134
last-modified
Wed, 31 Aug 2022 19:30:07 GMT
server
AmazonS3
etag
"ffd9f09c78ce92692f5da2bfdcff90d9"
x-amz-version-id
YB9Wio7OYD02tv55nnO4V5tGu35KveP9
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
x-amz-cf-id
MfQUJHBmSLPg__AQMQIWObKkTYGOhMqIYx-oOaVcj-d9WEdexR8HxA==
en-us-base-json.168a8516662dea1e43c6.js
cdn.viafoura.net/chunks/languages/ 		19 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/languages/en-us-base-json.168a8516662dea1e43c6.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b34923fbe5567884d4cf4851faeed85c30a6d104fec9fab6b2270853511d42ae

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428127
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:06 GMT
server
AmazonS3
etag
W/"6cce7ae2514caeb8abf5af91949fa099"
vary
Accept-Encoding
x-amz-version-id
M9Ic09k3NFhU4xGm8.KSjqjYaeFzCXBL
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
vldbTSjV0KEhKBkUjOe7b7pgwo-Bc3nF2m1prq_N4aWuJd-nAu0ysA==
integrator.js
adservice.google.ca/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=nationalpost.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=nationalpost.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
js
www.googletagmanager.com/gtag/ 		210 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-72QH41ZTMR&l=gtm_data_layer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P3Q4QHW&l=gtm_data_layer
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2008 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3cfbea8b949617fca1e6c39560085b2517fdf8f304436c0bf3ace35cadc813a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
75605
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:14 GMT
marfeel-sdk.js
sdk.mrf.io/statics/ 		82 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.mrf.io/statics/marfeel-sdk.js?id=1528
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.207 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4488b028a1fd5484471be21f9680aba82a92b9b56d2fd6f4d34fac44ab7086b8

Request headers

Referer
https://nationalpost.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-b3-traceid
dcc449a19dc945fbad0a92780d9c27f3
x-amz-cf-pop
YUL62-C1
x-cache
Hit from cloudfront, HIT
mrf-cache-status
H
access-control-max-age
3600
x-b3-traceid-primal
be6f26a1b4734c06a632711517c730bd
content-length
22841
x-served-by
cache-yul12824-YUL
last-modified
Mon, 05 Sep 2022 13:03:21 GMT
server
AmazonS3
x-timer
S1662402375.771073,VS0,VE0
etag
W/"3f868d3f35e82832f78fca121b820f81"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
mxzVqCGVtJYc2GaquK2eRblJ4vBCP6nRogRBwGzCLF92bY5UiMcsqg==
x-cache-hits
142
fbevents.js
connect.facebook.net/en_US/ 		100 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6a0f07fac6fc58958b0e670e2d2927901e052938b2162c1553817aa4cbf5de2f
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26752
x-xss-protection
0
pragma
public
x-fb-debug
c/p2t1jhTqss2G89J7hlTmsrQl/3nOpsAy1XIW4GGO1E3wToTbpzTh989qSV9elVYHa+fD/a/cJMFxzEJsdIiA==
x-fb-trip-id
1814657579
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Mon, 05 Sep 2022 18:26:14 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
p.js
cdn.parsely.com/keys/nationalpost.com/ 		73 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/nationalpost.com/p.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P3Q4QHW&l=gtm_data_layer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.25.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-25-39.ewr53.r.cloudfront.net
Software
nginx /
Resource Hash
335c52c7dc4f7e3a35a5f7f80daa871f33660ce85b493ebf396372ffc01f17bc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
public
date
Mon, 05 Sep 2022 07:01:56 GMT
content-encoding
gzip
last-modified
Wed, 10 Aug 2022 17:52:25 GMT
server
nginx
age
41058
etag
W/"62f3f059-12267"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a5bdbdd1958d4d023b03427095a0a97a.cloudfront.net (CloudFront)
cache-control
max-age=86400, public
x-amz-cf-pop
EWR53-C2
x-amz-cf-id
M123DD2Dw-hLTGJgo9zbclBueBoOkUceKszVqJjxZs3W5O-5Hed0Iw==
expires
Tue, 06 Sep 2022 07:01:56 GMT
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=10276888&ns__t=1662402374728&ns_c=UTF-8&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1662402374728&ns_c=UTF-8&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%2...
0
190 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1662402374728&ns_c=UTF-8&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&c7=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&c9=
Protocol
H2
Server
108.138.128.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-77.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
x-amz-cf-id
PB0E-oAxGzcPQ5NwVxuWL8DehLtJFtegiUytOyQWFKlkzTllr0NDIw==
x-cache
Miss from cloudfront

Redirect headers

location
/b2?c1=2&c2=10276888&ns__t=1662402374728&ns_c=UTF-8&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&c7=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&c9=
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
content-length
0
x-amz-cf-id
zSFNDisCmdFrRi-QQ4EQqkG3fbfO7q90xZ5T92vqSl-pYwp4GxarNQ==
x-cache
Miss from cloudfront
headerstats
as-sec.casalemedia.com/ 		0
499 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=191262&u=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUaKg7aMag92WdHJ4EAVtvMX%2B68tQOR1vNaQBkiDaJT4uBUABQKS7OS8TwwWniABK6jUt9H5CwmVksqnZJJHaTgnUXwWhqB31jg6XuxmaYvVI0CUyUQFsFDdNN44r589uBIybsB4LQc%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7461031af817a1f9-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
pixel
pxl.qccerttest.com/ 		35 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pxl.qccerttest.com/pixel?r=1754556089;fpan=1;fpa=P0-429207354-1662402374809;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;ref=;cm=;gdpr=0;d=nationalpost.com;dst=0;et=1662402374809;tzo=0;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020;ogl=site_name.nationalpost%2Ctype.article%2Ctitle.Nearly%2013%252C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%2Cimage.https%3A%2F%2Fsmartcdn%252Egprod%252Epostmedia%252Edigital%2Fnationalpost%2Fwp-content%2Fuploads%2F2022%2F08%2Cimage%3Awidth.750%2Cimage%3Aheight.1000%2Curl.https%3A%2F%2Fnationalpost%252Ecom%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victim
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:6800:11:615:7240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 07:10:39 GMT
via
1.1 ea5efad48fd2ca3e2050f885ef5ad57c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
40535
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
strict-transport-security
max-age=31536000
content-length
35
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Aug 2022 16:01:04 GMT
server
AmazonS3
x-frame-options
SAMEORIGIN
etag
"55d25e9dc950d5db4d53a3b195c046c6"
vary
Accept-Encoding, Origin
content-type
image/gif
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
x-amz-cf-id
VRvBOAA8jXmLsybeJj3nHooxZuiC0s22ArFO_uxtIIcRsCkxgigICg==
pixel;r=407094482;labels=pub.22507%2Clang.en-us%2Cdomain.com.nationalpost.root.news.politics.nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=407094482;labels=pub.22507%2Clang.en-us%2Cdomain.com.nationalpost.root.news.politics.nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020;rf=0;a=p-w9vzu-sGKCA0U;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020;uht=2;fpan=0;fpa=P0-429207354-1662402374809;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;cm=;gdpr=0;ref=;d=nationalpost.com;dst=0;et=1662402374814;tzo=0;ogl=site_name.nationalpost%2Ctype.article%2Ctitle.Nearly%2013%252C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%2Cimage.https%3A%2F%2Fsmartcdn%252Egprod%252Epostmedia%252Edigital%2Fnationalpost%2Fwp-content%2Fuploads%2F2022%2F08%2Cimage%3Awidth.750%2Cimage%3Aheight.1000%2Curl.https%3A%2F%2Fnationalpost%252Ecom%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victim;ses=51b0790d-c48b-408a-be55-d70b17525112
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:b08a:1dc5:659b:4055 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel;r=364988200;labels=campaign.22342.433.943.5321;event=refresh;rf=0;a=p-w9vzu-sGKCA0U;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-f...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=364988200;labels=campaign.22342.433.943.5321;event=refresh;rf=0;a=p-w9vzu-sGKCA0U;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020;uht=2;fpan=0;fpa=P0-429207354-1662402374809;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;cm=;gdpr=0;ref=;d=nationalpost.com;dst=0;et=1662402374817;tzo=0;ogl=site_name.nationalpost%2Ctype.article%2Ctitle.Nearly%2013%252C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%2Cimage.https%3A%2F%2Fsmartcdn%252Egprod%252Epostmedia%252Edigital%2Fnationalpost%2Fwp-content%2Fuploads%2F2022%2F08%2Cimage%3Awidth.750%2Cimage%3Aheight.1000%2Curl.https%3A%2F%2Fnationalpost%252Ecom%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victim;ses=51b0790d-c48b-408a-be55-d70b17525112
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:b08a:1dc5:659b:4055 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
cs.js
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain
  • https://sb.scorecardresearch.com/c2/10276888/cs.js
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
0
368 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol
H2
Server
108.138.128.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:03:49 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
etag
"d41d8cd98f00b204e9800998ecf8427e"
last-modified
Mon, 01 Mar 2021 20:42:20 GMT
server
AmazonS3
age
1347
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-pop
JFK50-P4
accept-ranges
bytes
content-length
0
x-amz-cf-id
SVe2n679_5ZPtTOx0M-zdJGuz5PH40kJJjaA6G_7kXVPVIgcL79DmA==

Redirect headers

location
/internal-c2/default/cs.js
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
content-length
0
x-amz-cf-id
zx2rkG1BLNQTTF-xtyAeRRpFRUGPrYDqEQIacizqURU109oi7Syejg==
x-cache
Miss from cloudfront
ads
securepubads.g.doubleclick.net/gampad/ 		141 KB
45 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3327620227062007&correlator=978160375062171&eid=31068366%2C44755509%2C44769662%2C31068920&output=ldjh&gdfp_req=1&vrg=2022083001&ptt=17&impl=fifs&iu_parts=3081%2Cnpo.com%2Cnews%2Cpolitics%2Cstory&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C6x6%7C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C7x7%7C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5&ifi=1&adks=1596188534%2C3613382000%2C3104984798%2C1596188523%2C1596188522%2C1596188525%2C1596188524%2C2207261202&sfv=1-0-38&fsapi=false&prev_scp=loc%3D1%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D391e36e9-2d48-11ed-8c61-0ae73f51c6af%26vw%3D40%2C50%2C60%2C70%26grm%3D40%2C50%2C60%2C70%7Cloc%3D2%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D391e36ea-2d48-11ed-8c61-0ae73f51c6af%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26IOM%3D300x250_10%2C728x90_3%2C970x250_1%26ix_id%3D_p9VHgwP4%2C_p9VHgwP4%2C_p9VHgwP4%7Cloc%3D3%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D391e36eb-2d48-11ed-8c61-0ae73f51c6af%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26IOM%3D300x250_10%2C970x250_1%26ix_id%3D_zmMdRCiy%2C_zmMdRCiy%7Cloc%3D4%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D391e36ec-2d48-11ed-8c61-0ae73f51c6af%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26IOM%3D300x250_12%2C970x250_3%26ix_id%3D_bp2aIE63%2C_bp2aIE63%7Cloc%3D5%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D391e36ed-2d48-11ed-8c61-0ae73f51c6af%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26IOM%3D300x250_10%2C728x90_1%2C970x250_1%26ix_id%3D_ttlIC1Jg%2C_ttlIC1Jg%2C_ttlIC1Jg%7Cloc%3D6%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D391e36ee-2d48-11ed-8c61-0ae73f51c6af%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26IOM%3D300x250_12%2C728x90_1%2C970x250_1%26ix_id%3D_2t1yw4Wr%2C_2t1yw4Wr%2C_2t1yw4Wr%7Cloc%3D7%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D391e36ef-2d48-11ed-8c61-0ae73f51c6af%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%26ix_sovrn_om%3D970x90_52%26ix_sovrn_id%3D_RVtAxZqV%26IOM%3D300x250_12%26ix_id%3D_sq96lfqR%7Cloc%3D1%26amznbid%3D2%26amznp%3D2%26id%3D391e36f1-2d48-11ed-8c61-0ae73f51c6af&eri=1&cust_params=permutive%3D96400%252C105538%252C105541%252C105543%252C105693%252C106663%252C110592%252C111761%252C111793%252Crts%26puid%3Da161c2b3-1387-440f-b59f-da9c85d45339%26ptime%3D1662402373589%26prmtvvid%3D531ec4d8-a66d-478a-b675-110a6578a457%26prmtvwid%3D23dc09d6-b664-425a-a76e-0eed6a6cc102%26aid%3D3952896c-cca3-412d-bae7-2ca9bd7cdd13%252C79808677%26author%3DChristopher%2520Nardi%26no_pol%3Dtrue%26page%3Dstory%26pr%3Dnp%26sensitive%3Dy%26sct%3Dcrime%252Conline_privacy%252Cpolitics_canada%26negative%3Dy%26nkb%3DLandRover%252CCIBC%252CCANGOV%252CGM%252Ccovid%252Cloblaw%252CSamsung%252CHyundaiNegative%252CQuestTradeNegative%252CVolkswagen%252CHyundai%252CATBFinancial%252CBoeing%252CJLR%252COntarioSecuritiesCommission%252Cscotia%252CQuestTradePositive%26asrc%3Dnp%26ck%3Dnews%26sck%3Dpolitics%26kuid%3D%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3D&sc=1&cookie_enabled=1&abxe=1&dt=1662402374849&lmt=1662402374&dlt=1662402373007&idt=574&adxs=200%2C797%2C797%2C200%2C200%2C200%2C200%2C798&adys=277%2C1540%2C3101%2C3937%2C4733%2C5457%2C6253%2C7598&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C1%7C2%7C3%7C4%7C5%7C6%7C7&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&frm=20&vis=1&psz=1600x250%7C1600x250%7C1600x250%7C1600x250%7C1600x250%7C1600x250%7C1600x250%7C530x5&msz=1600x-1%7C1600x-1%7C1600x-1%7C1600x-1%7C1600x-1%7C1600x-1%7C1600x-1%7C530x5&fws=4%2C4%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C564&ga_vid=1120338599.1662402375&ga_sid=1662402375&ga_hid=367509151&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c6a46e6314ccf738fb16d7a57f7e8819a0a98b1d89f0f8ff516325d8fbfc5512
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45919
x-xss-protection
0
google-lineitem-id
-1,-1,-1,-1,-1,-1,-1,6094712526
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-1,-1,-1,-1,-1,-1,-1,138402174776
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022083001&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3766e73dd0411446249f9d4b6562182f380f3abe44e861903fa7ae869ef63637
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10838
x-xss-protection
0
container.html
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A1FA 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Tue, 05 Sep 2023 18:26:14 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
/
match.sharethrough.com/jwumXNuB/v1/ Frame FA82 		427 B
612 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.224.21.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-21-15.compute-1.amazonaws.com
Software
/
Resource Hash
3e1795114336feb198f0cc3fd4ebeb25bede9124fee982f4deb0fee52f26d555

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-length
427
date
Mon, 05 Sep 2022 18:26:14 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3286 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.128.213 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-128-213.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=91501
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Mon, 05 Sep 2022 18:26:14 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Tue, 06 Sep 2022 19:51:15 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame B74E 		281 B
573 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.1.200.83 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-1-200-83.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 05 Sep 2022 18:26:14 GMT
ETag
"402b2-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Unused62
8096267
Vary
Accept-Encoding
cm
u.openx.net/w/1.0/ Frame 3A7C 		676 B
743 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
7ff8fb6c90b74da9aecce0b570db2cce7146fa67781c992381bc2c8065ca5e2c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
423
content-type
text/html
date
Mon, 05 Sep 2022 18:26:14 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
ecm3
s.amazon-adsystem.com/ Frame D49F
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
  • https://s.amazon-adsystem.com/ecm3?id=4032320738726574262&ex=appnexus.com
43 B
516 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?id=4032320738726574262&ex=appnexus.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
HW0H5Q7YF5HMSF7FS93S

Redirect headers

AN-X-Request-Uuid
0ecfbf55-1e0a-4dcb-81fe-25c4815a952a
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://s.amazon-adsystem.com/ecm3?id=4032320738726574262&ex=appnexus.com
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
amazon
ap.lijit.com/beacon/ Frame 110C 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.190.69 Katy, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
a986de9daab1766415bb999b48ae7e3d192a614d31795d120cd99d2d937bc7a9

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Length
1296
Content-Type
text/html
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap3ewr1
ecm3
s.amazon-adsystem.com/ Frame A8E2
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4314556371279844782841
43 B
516 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4314556371279844782841
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_pm-db5_rbd_ox-db5_an-db5_sovrn_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Mon, 05 Sep 2022 18:26:14 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
x-amz-rid
8X403C540ESM766J9YYG

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Mon, 05 Sep 2022 18:26:14 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=4314556371279844782841
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
template.bundle.1.0.css
buy.tinypass.com/widget/dist/template/css/ Frame 6BB3 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d82b3b69ed27853344397a159429cced7fa5019fa56412c0a3d627471ef709ef
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
accept-encoding
cf-cache-status
HIT
age
356
p3p
CP="NON DSP COR OUR IND"
x-forwarded-https
on
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
wn
prod-dash-10-0-112-193
last-modified
Mon, 29 Aug 2022 01:55:54 GMT
server
cloudflare
etag
W/"27358-1661738154000"
strict-transport-security
max-age=86400; includeSubDomains
content-type
text/css
server-time
0.000
cache-control
public, max-age=7200
cf-ray
7461031b1f5f713e-YUL
expires
Mon, 05 Sep 2022 20:26:14 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/ Frame 6BB3 		95 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1628348
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
30360
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:48 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec4-17b8b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bMWMxrmle2oLIJZuwK1eK7izlq1V8zxv2R0vIES4E%2FBIqSFPjf2ETDI4iqQHbmqotwUncLawfW%2FcOokuz3qU34zPB0Pp%2BS6iuHWi3JyRIYigXMcxSaxMPfNTX%2BgpOsAd%2FGq3ixGC4awUhbyYI0Xbdgxs"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f854bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/1.4.1/ Frame 6BB3 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/1.4.1/jquery-migrate.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1037570
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3550
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:46 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec2-2748"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kgebVMeCNHkDNWuBL1GN4f3I7q0sIKXvS%2BpEUhDIHf2HA4guXRCN09bddLa5L3i1xSVtANcllZql6LX3yVrI6leQZXdQt51qvTd8F5LtI3ZVocBUn9Mavgm9TQWDAVFrgExvy%2BylBWGEs%2BqutU%2Ffj%2Bl%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f874bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
angular.min.js
cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/ Frame 6BB3 		104 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/angular.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04142857a43c3bf04f03b182ac95d7a519e9c85ec50f44247edd23f951232d98
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1627840
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
35086
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d25-1a191"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JGm8i%2BQoT2mx6kfLzlRkRkGUAUUbLcMOfV6iL2myEeua0xp4CMWuXW0U85QhHel2R%2BIdCcswAP%2Fswve7A5V7K%2FqH5UqW1SCY4UR2btmS4ZwwfMLhx8Ye%2Fsmov6rcH%2BOfZIk4e4f1Rb3cTgjBLhmLluR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f894bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
angular-animate.min.js
ajax.googleapis.com/ajax/libs/angularjs/1.2.22/ Frame 6BB3 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/angularjs/1.2.22/angular-animate.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:808::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
07275140ea3f47293d4f8a51d785a766eb1c94e4ae087f7c60c5bd611328ac86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 11:28:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
284277
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4430
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 02 Sep 2023 11:28:17 GMT
angular-cookies.min.js
cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/ Frame 6BB3 		825 B
748 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/angular-cookies.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b460d56dd27b62df333537db25d28e7e5ace33535bf4c7d7d767bdbc687a8dd9
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
300570
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
434
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d25-339"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=99z1KZKJYGtjZr6FwqE9AA4GPt8mUTn3%2BPzH4potclTf%2BtVOKOcUk2sbyITyIaqdByQEF2jZ5ffPA35o7ozHT6%2FrSitGhIXAoFYCpJM0scBGgRY7HOxVt%2FmLW57RmIdQBhHTsGCvNezNYQrw%2FWxEgTPK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f8a4bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
angular-sanitize.min.js
cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/ Frame 6BB3 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular.js/1.2.22/angular-sanitize.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
42e8aa892f98807c2b3f49f7c83002b605e357c9463e8a3fbaeffa805fae5bcc
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
279694
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2171
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:53 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d25-11cf"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Jai%2FAHWcIIY%2BnJGOPL6fd0UI6lScVOT1boL2u6GqSRg3VvAvJtgtcq2qdsnevNpY%2FkN4Z2Py%2B5yQ%2B6UtK2UF4FnR5nk9aLOqioE3nQNzN5WD%2BfRS4QBNu9cDQXs0MKSri5W79BxvkCDKyZIW2lZlDgP"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f8e4bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
tmhDynamicLocale.min.js
cdnjs.cloudflare.com/ajax/libs/angular-dynamic-locale/0.1.27/ Frame 6BB3 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular-dynamic-locale/0.1.27/tmhDynamicLocale.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2b400c65cddf356b9056899cc2e34c1df2964e5437eed73e184634679cbbe77
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
300570
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
953
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:43 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d1b-ad6"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LhzafkEjVd%2BMB%2FKzXZKcHvFlX3dQjn3fBTE13qlqqCYm0QGvun9yOK%2Fb1iYwOjQl9o%2BH1dY0I5n9mP2JDy0yp33HMbzPiR4zMAlCnissVEyIiLNzkXec4nCzDVB7hLn%2BUI4IIkxvexguJNypgZgltYOf"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f944bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
angular-ui-utils.min.js
cdnjs.cloudflare.com/ajax/libs/angular-ui-utils/0.1.1/ Frame 6BB3 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular-ui-utils/0.1.1/angular-ui-utils.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9685145fc6691742536e349a2953828a84fd729012f34f00cb09b8a26f713b6f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2846924
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7490
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d24-5b33"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvrroLvNF%2BozFkMPpZ%2BhCQUZWHdmaS93NIfwj4NsBSr05Zxi61paUCWppRhmDwU8TsmH%2FfpkrHZSGGVolkTYGsHAAkURl5eZI0FHakeFFnAYCmAal89N8mZXjOz0%2FOqQktd3%2BeJ6T8mH0kXoXGlnY1V1"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f924bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
angular-ui-ieshiv.js
cdnjs.cloudflare.com/ajax/libs/angular-ui/0.4.0/ Frame 6BB3 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular-ui/0.4.0/angular-ui-ieshiv.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
269c614f28c2a9470a6f1c3642a1734986a949f9272a0ce52e1c9d7eb888028f
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1115736
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
910
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d24-93c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phCAjb01o1hKaeg4kzerRmDgRS%2FVEWIemGGEO%2BqT4UkjwcOUIk86exZjjo5bTG0NOe%2BtTasaYooew6JCAJH5UFGKcnRQey%2BCB6l81ofvCqWozjwtAqOKXIic1rAlyXGz8hQQSrJVmjR17QmJ35bHiweY"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b3f904bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
angular-ui-router.min.js
cdnjs.cloudflare.com/ajax/libs/angular-ui-router/0.2.10/ Frame 6BB3 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/angular-ui-router/0.2.10/angular-ui-router.min.js
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1e9510079704b81b083e51700f25a88ddd444272ae498f3b5cd06deb164bfd1
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1035016
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
6934
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:04:52 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03d24-4f8f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZHj1jjPwvqzkNYoqMgwrqkdDlKj1YWqQxTvnpXvvUSOdR5%2BZveK%2Fwa%2FkVSP%2BwqWpOk4lnq02623uDJ2Ag2dsP2SrZy9RsfTjb%2BUQiA%2FjUVaadBXVDhShLIC%2BC9Rwgm%2FpDj%2FvzVGNXEfVNsuoY%2FaBwcv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
7461031b4f9f4bd1-YUL
expires
Sat, 26 Aug 2023 18:26:14 GMT
H4sIAAAAAAAAAD3IwQ6AIAgA0B9KmJ76m4bJHI6oBa7f7-bt7eEnrXNgEw8Mvh6lYBy-DHVaU95QpTqS9an0pgwFSkHJu63T-yTlgy1Nh-E_BjVxNVoAAAA
buy.tinypass.com/_sam/ Frame 6BB3 		114 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://buy.tinypass.com/_sam/H4sIAAAAAAAAAD3IwQ6AIAgA0B9KmJ76m4bJHI6oBa7f7-bt7eEnrXNgEw8Mvh6lYBy-DHVaU95QpTqS9an0pgwFSkHJu63T-yTlgy1Nh-E_BjVxNVoAAAA?compressed=true&v=14.263.0
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3981b1db3de18ae74a074167e1d1bcab1b1762ff521ec6469c9543a690453de
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
352
p3p
CP="NON DSP COR OUR IND"
x-forwarded-https
on
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
wn
prod-dash-10-0-115-45
last-modified
Fri, 02 Sep 2022 20:45:06 GMT
server
cloudflare
strict-transport-security
max-age=86400; includeSubDomains
content-type
text/javascript
server-time
0.000
cache-control
public, max-age=604438
x-optimized-by
_sam
cf-ray
7461031b1f63713e-YUL
expires
Mon, 12 Sep 2022 18:20:12 GMT
css
fonts.googleapis.com/ Frame 6BB3 		8 KB
712 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=SE0WzqlbUG&templateId=OTR28KB0LWNT&offerId=fakeOfferId&experienceId=EX5RE37BQNGV&iframeId=offer_45037aba30d439a5a343-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fnationalpost.com
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
dda36ab0dda2b7ba616e824e0dd455eb222bf9fee24984c74e19df9fa962758e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 05 Sep 2022 18:09:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 05 Sep 2022 18:26:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 05 Sep 2022 18:26:14 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=367509151&t=event&ni=0&_s=1&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ul=en-us&de=UTF-8&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=video&ea=Distroscale%20-%20&_u=YAhAAEABAAAAAC~&jid=1762013411&gjid=1736699293&cid=1120338599.1662402375&tid=UA-238413164-9&_gid=1272909826.1662402375&_r=1&gtm=2wg8v0TR7GVNJ&cd1=National%20Post&cd2=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&cd3=false&cd4=Chrome&cd5=en-US&cd6=desktop&cd7=np&cd8=nationalpost.com&cd9=v65.0&cd10=story&cd11=Cheetah&cd12=11.4.5&cd13=anonymous&cd14=HTML&cd53=false&cd54=true&cd57=story%20page&cd59=Distroscale&z=894896791
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=367509151&t=pageview&_s=1&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ul=en-us&de=UTF-8&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAjAAEABAAAAAC~&jid=896026127&gjid=1476247610&cid=1120338599.1662402375&tid=UA-138335866-30&_gid=1272909826.1662402375&_r=1&gtm=2wg8v0MW2G74V&z=2143886304
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=367509151&t=pageview&_s=1&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ul=en-us&de=UTF-8&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCjACEABBAAAAC~&jid=1376416963&gjid=1454506987&cid=1120338599.1662402375&tid=UA-213173459-3&_gid=1272909826.1662402375&_r=1&gtm=2wg8v0P3Q4QHW&cd1=1120338599.1662402375&cd2=2022-09-05T18%3A26%3A14.722%2B00%3A00&cd7=anonymous&cd17=0&cd23=National%20Post&cd24=Cheetah&cd25=11.4.5&cd26=v65.0&cd27=0&cd28=GTM-P3Q4QHW&cd29=39&cd31=story&cd50=true&cd51=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020&cd52=politics&cd53=canada%2Cnews&cd56=cerb%2C%20cra%2C%20fraud&cd57=949&cd58=4994&cd59=Christopher%20Nardi&cd60=1661826836&cd62=3952896c-cca3-412d-bae7-2ca9bd7cdd13&cd64=false&cd65=true&cd68=Politics%2CSports&cd69=5%2C500%20CRA%20accounts%2C1%7CCanada%20Revenue%20Agency%2C0.9172%7CCRA%20account%20breach%2C0.8122%7CCRA%27s%20MyCRA%20portal%2C0.7468%7CCRA%27s%20login%20system%2C0.7198&cd70=Agencies%2Cgovernment%20agency%2CCanada%20Revenue%20Agency%2C0.9561%7CTeams%2Cbaseball%20team%2CCanadians%2C0.8697%7CDiseases%2Cdisease%2CCOVID-19%2C0.8406%7CPeople%2Cperson%20name%2CTodd%20Sweet%2C0.482%7CAssociations%20%26%20groups%2Cgroup%2CRCMP%2C0.1964&cd89=Newsroom%20daily&z=1143919628
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=367509151&t=pageview&_s=1&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ul=en-us&de=UTF-8&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCjACEABBAAAAC~&jid=1029088028&gjid=1111443173&cid=1120338599.1662402375&tid=UA-138335866-2&_gid=1272909826.1662402375&_r=1&gtm=2wg8v0P3Q4QHW&z=1042643994
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=367509151&t=pageview&_s=1&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ul=en-us&de=UTF-8&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAjAAEABAAAAAC~&jid=&gjid=&cid=1120338599.1662402375&tid=UA-238413164-9&_gid=1272909826.1662402375&gtm=2wg8v0TR7GVNJ&cd1=National%20Post&cd2=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&cd3=false&cd4=Chrome&cd5=en-US&cd6=desktop&cd7=np&cd8=nationalpost.com&cd9=v65.0&cd10=story&cd11=Cheetah&cd12=11.4.5&cd13=anonymous&cd14=HTML&cd15=Christopher%20Nardi&cd16=3952896c-cca3-412d-bae7-2ca9bd7cdd13&cd17=cerb%2C%20cra%2C%20fraud&cd21=4994&cd22=politics&cd23=true&cd24=Politics%2CSports&cd25=Agencies%2Cgovernment%20agency%2CCanada%20Revenue%20Agency%2C0.9561%7CTeams%2Cbaseball%20team%2CCanadians%2C0.8697%7CDiseases%2Cdisease%2CCOVID-19%2C0.8406%7CPeople%2Cperson%20name%2CTodd%20Sweet%2C0.482%7CAssociations%20%26%20groups%2Cgroup%2CRCMP%2C0.1964&cd26=5%2C500%20CRA%20accounts%2C1%7CCanada%20Revenue%20Agency%2C0.9172%7CCRA%20account%20breach%2C0.8122%7CCRA%27s%20MyCRA%20portal%2C0.7468%7CCRA%27s%20login%20system%2C0.7198&cd27=true&cd28=Newsroom%20daily&cd29=1661826836&cd33=false&cd34=949&cd49=3952896c-cca3-412d-bae7-2ca9bd7cdd13&cd53=false&cd54=true&cd57=story%20page&cd59=Distroscale&cd80=ABD28419-31CA-477B-9157-9186BCE4EB1E&z=920857439
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 07:02:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41029
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j96&a=367509151&t=event&ni=0&_s=1&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ul=en-us&de=UTF-8&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Screen%20Views&ea=nationalpost.com&el=politics&_u=YAjAAEABAAAAAC~&jid=&gjid=&cid=1120338599.1662402375&tid=UA-138335866-30&_gid=1272909826.1662402375&gtm=2wg8v0MW2G74V&cd1=National%20Post&cd2=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&cd3=false&cd4=Chrome&cd5=en-US&cd6=desktop&cd7=np&cd8=nationalpost.com&cd9=v65.0&cd10=story&cd11=Cheetah&cd12=11.4.5&cd13=anonymous&cd14=HTML&cd15=Christopher%20Nardi&cd16=3952896c-cca3-412d-bae7-2ca9bd7cdd13&cd17=cerb%2C%20cra%2C%20fraud&cd22=4994&cd23=politics&cd24=true&cd25=Politics%2CSports&cd26=Agencies%2Cgovernment%20agency%2CCanada%20Revenue%20Agency%2C0.9561%7CTeams%2Cbaseball%20team%2CCanadians%2C0.8697%7CDiseases%2Cdisease%2CCOVID-19%2C0.8406%7CPeople%2Cperson%20name%2CTodd%20Sweet%2C0.482%7CAssociations%20%26%20groups%2Cgroup%2CRCMP%2C0.1964&cd27=5%2C500%20CRA%20accounts%2C1%7CCanada%20Revenue%20Agency%2C0.9172%7CCRA%20account%20breach%2C0.8122%7CCRA%27s%20MyCRA%20portal%2C0.7468%7CCRA%27s%20login%20system%2C0.7198&cd28=true&cd29=Newsroom%20daily&cd30=1661826836&cd34=false&cd35=949&cd50=3952896c-cca3-412d-bae7-2ca9bd7cdd13&cd54=false&cd55=true&cd58=story%20page&cd60=Distroscale&z=1515105878
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 07:02:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
41029
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
42fb57ac-2013-45a6-8dad-332d53e17c1b
consumer.krxd.net/consent/get/ 		239 B
297 B 		Script
General
Check archive.org
Download Go to
Full URL
https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_1
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ad27e9e87b75a750b0bd9d26576b3d356ce2478183947309b853103631284c84

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 varnish
age
1241
x-served-by
consumer-a002-ash-prod.krxd.net, cache-yul12834-YUL
vary
Accept-Encoding
x-cache
MISS, HIT
content-type
text/javascript; charset=UTF-8
content-encoding
gzip
cache-control
max-age=1800
x-age
0
accept-ranges
bytes
x-timer
S1662402375.957368,VS0,VE1
content-length
194
x-cache-hits
0, 1
pixel.gif
beacon.krxd.net/ 		0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/pixel.gif?source=smarttag&fired=report&confid=uepn18565&_kpid=42fb57ac-2013-45a6-8dad-332d53e17c1b&_kcp_s=nationalpost_desktop&_kcp_d=nationalpost.com&_knifr=8&_kua_kx_tz=0&_kua_kx_lang=en-us&_kua_kx_tech_browser_language=en-us&_kua_kx_whistle=0&_kua_mpid=2559400497429026896&_kua_ad_light_user=false&_kpa_nationalpost_desktop_url_path_1=news&_kpa_nationalpost_desktop_url_path_2=politics&_kpa_nationalpost_desktop_url_path_3=nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&_kpa_domain=nationalpost.com&_kpa_url_path_1=news&_kpa_url_path_2=politics&_kpa_url_path_3=nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&_kpa_page_type=story&_kpa_nlp_category=Politics%2CSports&_kpa_nlp_entity=Agencies%2Cgovernment%20agency%2CCanada%20Revenue%20Agency%2C0.9561%7CTeams%2Cbaseball%20team%2CCanadians%2C0.8697%7CDiseases%2Cdisease%2CCOVID-19%2C0.8406%7CPeople%2Cperson%20name%2CTodd%20Sweet%2C0.482%7CAssociations%20%26%20groups%2Cgroup%2CRCMP%2C0.1964&_kpa_nlp_topic=5%2C500%20CRA%20accounts%2C1%7CCanada%20Revenue%20Agency%2C0.9172%7CCRA%20account%20breach%2C0.8122%7CCRA%27s%20MyCRA%20portal%2C0.7468%7CCRA%27s%20login%20system%2C0.7198&_kpa_authors=Christopher%20Nardi&_kpa_tags=cerb%2C%20cra%2C%20fraud&_kpa_nationalpost_desktop_page_type=story&_kpa_nationalpost_desktop_nlp_category=Politics%2CSports&_kpa_nationalpost_desktop_nlp_entity=Agencies%2Cgovernment%20agency%2CCanada%20Revenue%20Agency%2C0.9561%7CTeams%2Cbaseball%20team%2CCanadians%2C0.8697%7CDiseases%2Cdisease%2CCOVID-19%2C0.8406%7CPeople%2Cperson%20name%2CTodd%20Sweet%2C0.482%7CAssociations%20%26%20groups%2Cgroup%2CRCMP%2C0.1964&_kpa_nationalpost_desktop_nlp_topic=5%2C500%20CRA%20accounts%2C1%7CCanada%20Revenue%20Agency%2C0.9172%7CCRA%20account%20breach%2C0.8122%7CCRA%27s%20MyCRA%20portal%2C0.7468%7CCRA%27s%20login%20system%2C0.7198&_kpa_nationalpost_desktop_authors=Christopher%20Nardi&_kpa_nationalpost_desktop_tags=cerb%2C%20cra%2C%20fraud&_kpa_main_category=politics&_kpa_view_type=HTML&_kpa_wire_content=false&_kpa_word_count=949&_kpa_env=prod&_kpa_paywall_whitelist=true&t_navigation_type=0&t_dns=13&t_tcp=41&t_http_request=-1&t_http_response=22&t_content_ready=2968&t_window_load=3468&t_redirect=0&interchange_ran=false&userdata_was_requested=false&userdata_did_respond=false&sview=1&kplt0=41818&kplt1=42920&kplt2=42921&kplt3=42922&kplt4=44981&kplt5=45977&kplt6=46302&jsonp_requests=https%3A%2F%2Fbeacon.krxd.net%2Foptout_check%2C361%2Chttps%3A%2F%2Fconsumer.krxd.net%2Fconsent%2Fget%2F42fb57ac-2013-45a6-8dad-332d53e17c1b%2C460%2Chttps%3A%2F%2Fconsumer.krxd.net%2Fconsent%2Fget%2F42fb57ac-2013-45a6-8dad-332d53e17c1b%2CNaN
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:14 GMT
cache-control
private, no-cache, no-store
x-request-time
D=45 t=1662402374
x-served-by
beacon-n032-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-7GC5VRWDF9&gtm=2oe8v0&_p=367509151&cid=1120338599.1662402375&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1662402374&sct=1&seg=0&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7GC5VRWDF9&l=mp_data_layer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
controltag.js.387e8802bbd0d9fbfa52c1546d7297df
cdn.krxd.net/ctjs/ Frame D751 		259 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/uepn18565.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d1872ace7c3af8a214bec239d58ad3d4f3e0d5eee7a18bb416aa9cd28fff233d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
age
11278424
x-amz-server-side-encryption
AES256
x-cache
HIT
x-cache-hits
1079652
content-length
84742
x-served-by
cache-yul12830-YUL
last-modified
Thu, 28 Apr 2022 05:17:05 GMT
x-timer
S1662402375.013469,VS0,VE0
etag
"387e8802bbd0d9fbfa52c1546d7297df"
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=315360000
accept-ranges
bytes
expires
Sun, 25 Apr 2032 05:17:04 GMT
get
cdn.krxd.net/userdata/ 		365 B
485 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.krxd.net/userdata/get?pub=42fb57ac-2013-45a6-8dad-332d53e17c1b&technographics=1&callback=Krux.ns.postmedia.kxjsonp_userdata
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
bab9222ec3618d9d7de41f11035637c50caefccbb32ff6e16192a8181704a1ab

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-cdn-backend
4FrRTvEr9h480D4BywjehZ--F_userdata_ash_prod_krxd_net___UserData_Service_V2
date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
age
0
x-served-by
userdata-a009-ash-prod.krxd.net, cache-yul12830-YUL
vary
Accept-Encoding
x-cache
MISS, MISS
content-type
text/javascript
via
1.1 varnish
cache-control
private, max-age=1800
x-age
0
accept-ranges
bytes
x-timer
S1662402375.055101,VS0,VE19
content-length
280
x-cache-hits
0, 0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 18:26:15 GMT
ecm3
s.amazon-adsystem.com/ Frame 110C 		43 B
516 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=FRESbBZH1ezf_uvkQiiWfS6Y&ex=sovrn.com&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
SNMYVXS2SBQERPBRBTRM
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 110C
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=6lb1rO8D8KzxUaCsuAHpquxT8P_xXPyiv1amiIXk
43 B
1017 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=6lb1rO8D8KzxUaCsuAHpquxT8P_xXPyiv1amiIXk
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Protocol
HTTP/1.1
Server
63.251.114.182 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ewr1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=6lb1rO8D8KzxUaCsuAHpquxT8P_xXPyiv1amiIXk
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
qmap
sync.crwdcntrl.net/ Frame 110C
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2...
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2...
49 B
739 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%2526gdpr%253D0%2526gdpr_consent%253D&ct=y
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Protocol
H2
Server
34.196.96.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-96-235.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.32.209
content-type
image/gif
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253Df27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341%2526gdpr%253D0%2526gdpr_consent%253D&ct=y
cache-control
no-cache
x-server
10.40.40.186
content-length
0
expires
0
merge
ce.lijit.com/ Frame 110C
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=80&3pid=L7P3GA77-14-DC4F&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=80&3pid=L7P3GA77-14-DC4F&gdpr=0
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Protocol
HTTP/1.1
Server
63.251.114.182 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ewr1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ce.lijit.com/merge?pid=80&3pid=L7P3GA77-14-DC4F&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
Content-Type
text/html
content-length
0
X-RPHost
ad49a0f18e050afeb6359164ab3bd56e
Expires
0
epx.gif
px.owneriq.net/fr/ Frame 110C
Redirect Chain
  • https://px.owneriq.net/eucm/p/sv?gdpr=0&gdpr_consent=
  • https://px.owneriq.net/fr/epx.gif
43 B
402 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/fr/epx.gif
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Protocol
HTTP/1.1
Server
23.217.18.198 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-18-198.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
Apache/2.4.6 (CentOS)
X-Powered-By
PHP/7.3.33
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
max-age=150205
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Wed, 07 Sep 2022 12:09:40 GMT

Redirect headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
Apache/2.4.6 (CentOS)
X-Powered-By
PHP/7.3.33
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://px.owneriq.net/fr/epx.gif
Cache-Control
max-age=77420
Connection
keep-alive
Content-Type
text/html
Content-Length
154
merge
ce.lijit.com/ Frame 110C
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=17&mt_exuid=FRESbBZH1ezf_uvkQiiWfS6Y&redirect=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D3%263pid%3D%5BUUID%5D&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=3&3pid=5d8e6316-3f46-4300-9c36-e08cab2310c1&gdpr=0&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=3&3pid=5d8e6316-3f46-4300-9c36-e08cab2310c1&gdpr=0&gdpr_consent=
Requested by
Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://s.amazon-adsystem.com/ecm3?id=$UID&ex=sovrn.com
Protocol
HTTP/1.1
Server
63.251.114.182 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap7ewr1
Content-Type
image/gif
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
MT3 4505 5b23575 master ord-pixel-x58 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ce.lijit.com/merge?pid=3&3pid=5d8e6316-3f46-4300-9c36-e08cab2310c1&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 05 Sep 2022 18:26:14 GMT
ecm3
s.amazon-adsystem.com/ Frame 3A7C 		43 B
516 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=ac0ce2f0-05ec-8f46-b337-58e17f756dc5
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
M6H0KNYMD7YWDJ7Y6Y2T
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dds
rtb.openx.net/sync/ Frame 3A7C
Redirect Chain
  • https://rtb.openx.net/sync/dds
  • https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=K4wUsbDAjZKVTZbBxF-cnw==&ox_sc=1&ox_init=1
  • https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
43 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
103.252.227.35.bc.googleusercontent.com
Software
Cowboy /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
server
Cowboy
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
null
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
x-request-id
hmei4ofilbe1qeq87i3u4kbgalk5nr59

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
249
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 3A7C
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://us-u.openx.net/w/1.0/sd?id=536872786&val=5d8e6316-3f46-4300-9c36-e08cab2310c1
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=536872786&val=5d8e6316-3f46-4300-9c36-e08cab2310c1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
MT3 4505 5b23575 master ord-pixel-x55 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://us-u.openx.net/w/1.0/sd?id=536872786&val=5d8e6316-3f46-4300-9c36-e08cab2310c1
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 05 Sep 2022 18:26:14 GMT
sd
us-u.openx.net/w/1.0/ Frame 3A7C
Redirect Chain
  • https://sync.ipredictive.com/d/sync/cookie/generic?https://us-u.openx.net/w/1.0/sd?id=537073028&val=${ADELPHIC_CUID}
  • https://us-u.openx.net/w/1.0/sd?id=537073028&val=5e5d81cf-122b-4a9c-9108-7114f8719535
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537073028&val=5e5d81cf-122b-4a9c-9108-7114f8719535
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Location
https://us-u.openx.net/w/1.0/sd?id=537073028&val=5e5d81cf-122b-4a9c-9108-7114f8719535
Date
Mon, 05 Sep 2022 18:26:15 GMT
X-CI-RTID
2ed3f88b-27c9-4290-9aa4-03c98e091668
Connection
keep-alive
Content-Length
112
Content-Type
text/html; charset=utf-8
sd
us-u.openx.net/w/1.0/ Frame 3A7C
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=4&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072977&val=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072977&val=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://us-u.openx.net/w/1.0/sd?id=537072977&val=f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
check
pixel.tapad.com/idsync/ex/receive/ Frame 3A7C
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1955&partner_device_id=f2a4ed71-4241-093b-39d8-42a024ca6729
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=f2a4ed71-4241-093b-39d8-42a024ca6729
95 B
113 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=f2a4ed71-4241-093b-39d8-42a024ca6729
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H3
Server
107.178.246.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
49.246.178.107.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
content-type
image/png
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=1955&partner_device_id=f2a4ed71-4241-093b-39d8-42a024ca6729
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
usync.js
eus.rubiconproject.com/ Frame B74E 		31 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.1.200.83 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-1-200-83.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
9f4e7e56746300091e10a8cd8c5886566bb421f8046874c65195a4f05c081a58

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Content-Encoding
gzip
Last-Modified
Wed, 24 Aug 2022 20:46:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=49570
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9378
Expires
Tue, 06 Sep 2022 08:12:25 GMT
ecm3
s.amazon-adsystem.com/ Frame FA82 		43 B
516 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=78924e43-1d47-4869-b9e8-0023b61d48e4
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
9D89RAMMH72EAFDYKH21
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
v1
match.sharethrough.com/sync/ Frame FA82
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
  • https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID
  • https://sync.search.spotxchange.com/partner?adv_id=8499&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3Dk1jJghvBi79yX1NZ2sM5fXrm%26source_user_id%3D%24SPOTX_USER_ID&__user_chec...
  • https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=3a1c23db-2d48-11ed-903d-170bbb690503
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=3a1c23db-2d48-11ed-903d-170bbb690503
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.224.21.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-21-15.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
nginx
Location
https://match.sharethrough.com/sync/v1?source_id=k1jJghvBi79yX1NZ2sM5fXrm&source_user_id=3a1c23db-2d48-11ed-903d-170bbb690503
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
241
Connection
keep-alive
Content-Length
0
v1
match.sharethrough.com/sync/ Frame FA82
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
  • https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID
  • https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=4032320738726574262
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=4032320738726574262
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.224.21.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-21-15.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 570.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
0cb9f22d-7aff-4cf7-b078-3aa4314b2b70
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=4032320738726574262
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
match.sharethrough.com/sync/ Frame FA82
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=7ead435e-a2cd-4cbf-8876-adb66822613f&ph=c6b01e12-aa62-4ae6-9e10-71346e597c31&r=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DF2...
  • https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=3ab96bb0-ab02-0951-3692-fc3c1d8d044d
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=3ab96bb0-ab02-0951-3692-fc3c1d8d044d
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.224.21.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-21-15.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://match.sharethrough.com/sync/v1?source_id=F2Stothm3wg5g6opTuaPadz9&source_user_id=3ab96bb0-ab02-0951-3692-fc3c1d8d044d
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
via
1.1 google
v1
match.sharethrough.com/sync/ Frame FA82
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&gdpr=0&gdpr_consent=
68 B
279 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
3.224.21.15 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-224-21-15.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
323
index.html
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/ Frame 85EC 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
9d84e609f83ce654233e71c1a1ea7321f73479b0126d2cbbf216e18add331d23

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=63478
content-encoding
gzip
content-length
7033
content-type
text/html
date
Mon, 05 Sep 2022 18:26:15 GMT
etag
"1639728651"
last-modified
Fri, 17 Dec 2021 08:10:51 GMT
x-hw
1662402375.dop074.dc2.t,1662402375.cds101.dc2.hn,1662402375.cds173.dc2.c
truncated
/ 		226 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2e8db71249f82bb7584f1a2b6744275d18a4b5940ec8d48da133c65e81d5a23b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
cdgv_nationalpost_trending_articles_20220905065517_63159a8bcb40b_new.jpg
a.jsrdn.com/videos/22507/cdgv_nationalpost/20220905065517_63159a8bcb40b/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.jsrdn.com/videos/22507/cdgv_nationalpost/20220905065517_63159a8bcb40b/cdgv_nationalpost_trending_articles_20220905065517_63159a8bcb40b_new.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
1ed4a787e0f6813387f0edbbf3e86597961f764753d93d48e084b18f90983cf0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
last-modified
Mon, 05 Sep 2022 06:55:23 GMT
etag
"1662360923"
x-hw
1662402375.dop207.dc2.t,1662402375.cds078.dc2.hn,1662402375.cds073.dc2.c
content-type
image/jpeg
cache-control
max-age=45096
accept-ranges
bytes
content-length
8909
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1662402375142&plid=9615789&idsite=nationalpost.com&url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&sref=&sts=1662402375136&slts=0&title=Nearly+13%2C000+Canadians+potentially+victims+of+CERB+fraud+after+hackers+accessed+CRA+accounts+in+2020+%7C+National+Post&date=Mon+Sep+05+2022+18%3A26%3A15+GMT%2B0000+(GMT)&action=pageview&pvid=66784669&u=pid%3D7215d0fc65e8de9c10af68d5fe101d26
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.161.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-161-83.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Cache-Control
no-cache
Last-Modified
Monday, 05-Sep-2022 18:26:15 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
1685973801652415
connect.facebook.net/signals/config/ 		295 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1685973801652415?v=2.9.79&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2beb4966a47048142ff5b93c710bafe5c888fa3733a8f38094363a542ee5a38d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
86894
x-xss-protection
0
pragma
public
x-fb-debug
RqCF5YCZfDeSgD0YXRvP7IxEYQkBkUEeGKzFrsa5us4g31kE20Ld/HxFa574APJU+Fh/GVOubDzC2PVz3tDWuA==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Mon, 05 Sep 2022 18:26:15 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-213173459-3&cid=1120338599.1662402375&jid=1376416963&gjid=1454506987&_gid=1272909826.1662402375&_u=YCjACEABBAAAAC~&z=1203146886
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 05 Sep 2022 18:26:15 GMT
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
vf-css.e588d23cc1bd3177ad37.js
cdn.viafoura.net/chunks/ 		123 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/vf-css.e588d23cc1bd3177ad37.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5d046d38a35eef7bc96561c4fcd138273e334256e8794d653af811fa48c10532

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:26 GMT
server
AmazonS3
etag
W/"34ae5c6134daffcaf63e2b9d37ce1f10"
vary
Accept-Encoding
x-amz-version-id
pl32egGrsClhuYVzwNQ_J_6JcpPeY8kb
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
_whTg_aOVpBPAbr2efHzsYiHPoY131_qxYfLKlaezIRsSGHOpxuuZw==
LoginRadiusV2.js
auth.lrcontent.com/v2/ 		199 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.lrcontent.com/v2/LoginRadiusV2.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:835 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c
Security Headers
Name Value
Strict-Transport-Security max-age= 63072000; includeSubdomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 b9bb8c8d0c6ea9da42e05e460c141e77.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
age
2802
cf-polished
origSize=1238069
x-cache
Hit from cloudfront
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 05:19:58 GMT
server
cloudflare
etag
W/"ae3463c4a59ae100b160ed4dd5dbf4b8"
strict-transport-security
max-age= 63072000; includeSubdomains; preload
content-type
application/javascript
cache-control
max-age=14400
x-amz-cf-pop
EWR52-C3
cf-ray
7461031cdc204bd6-YUL
x-amz-cf-id
xoSXHa_pmakynzj0FxiKw6oBO5CtzNhGrGMu8b-CJaxk9D-rfai4Tw==
cf-bgj
minify
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 3286 		24 B
107 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=2&cb=PubMatic._uidCB
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
1b6dfbc0392b3e04e6f10a39a7c097635148b6bc998c13ffbda40d5b3df488c8

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private
expires
Thu, 15 Sep 2022 11:18:44 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
24
content-type
text/html; charset=UTF-8
cdgv_nationalpost_trending_articles_20220905065517_63159a8bcb40b_new.mp4
a.jsrdn.com/videos/22507/cdgv_nationalpost/20220905065517_63159a8bcb40b/ 		3 MB
3 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://a.jsrdn.com/videos/22507/cdgv_nationalpost/20220905065517_63159a8bcb40b/cdgv_nationalpost_trending_articles_20220905065517_63159a8bcb40b_new.mp4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
561dcd35e7af10512106c11b6550f32713388356d88af8dee0afef9164c74d5c

Request headers

Referer
https://nationalpost.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
last-modified
Mon, 05 Sep 2022 06:55:21 GMT
etag
"1662360921"
x-hw
1662402375.dop207.dc2.t,1662402375.cds078.dc2.hn,1662402375.cds189.dc2.c
content-type
video/mp4
Content-Range
bytes 0-2975171/2975172
cache-control
max-age=45132
accept-ranges
bytes
Content-Length
2975172
p
sb.scorecardresearch.com/ 		43 B
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=22807838&ns_type=hidden&ns_st_sv=5.4.0.161011&ns_st_smv=5.6&ns_st_it=r&ns_st_id=1662402375237&ns_st_ec=1&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=0&ns_st_cl=77900&ns_st_pb=1&ns_st_mp=js_api&ns_st_mv=5.4.0.161011&ns_st_pn=1&ns_st_tp=0&ns_st_ci=1833957&ns_st_pt=0&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=0&ns_st_det=0&ns_st_upc=0&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=0&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=0&ns_st_dlpc=0&ns_st_lpa=0&ns_st_dlpa=0&ns_st_pa=0&ns_ts=1662402375238&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_lt=1&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=0&ns_st_dpc=0&ns_st_pp=0&ns_st_br=0&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=distroscale&c3=news&c4=*null&c6=*null&c7=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&c9=&distroscale_guid=c_5321_6696_e8d459a7-399a-48e7-9d38-8d11bb0ce7ae
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-77.jfk50.r.cloudfront.net
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
content-length
43
x-amz-cf-id
3E52w3KBD41ThBIpGEsF0eFhu1VfoGTzKp5G9yoET0nsz40H65HkkA==
x-cache
Miss from cloudfront
content-type
image/gif
ingest.php
events.newsroom.bi/ 		126 B
937 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.newsroom.bi/ingest.php
Requested by
Host: sdk.mrf.io
URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1528
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
188.40.92.96 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
haproxy01.cl03.k8s.mrf.io
Software
istio-envoy /
Resource Hash
c4866c723c789cf04a4900008e83e9a923d0209e0ee11f32a679c3ece024e103

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundary44ieRxHPPfpyNRnX

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-expose-headers
Content-Length,Content-Range
cache-control
private,no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
86
c945b149f1536100dedd.js
sdk.mrf.io/statics/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sdk.mrf.io/statics/c945b149f1536100dedd.js
Requested by
Host: sdk.mrf.io
URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1528
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.207 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
98ad7bed720031871213cd7ad063c68b321f3861706045fe2b74f1e94b200452

Request headers

Referer
https://nationalpost.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
br
x-b3-traceid
bab3fa024635420f8fe76c8cc3bbfa18
x-amz-cf-pop
YUL62-C1
x-cache
RefreshHit from cloudfront, HIT
mrf-cache-status
H
access-control-max-age
3600
x-b3-traceid-primal
f0bbed6d03734789b3b17fef23713ca8
content-length
4943
x-served-by
cache-yul12824-YUL
last-modified
Mon, 05 Sep 2022 13:03:21 GMT
server
AmazonS3
x-timer
S1662402375.265347,VS0,VE0
etag
W/"18f167499a1e342cbbe0e20cca6a49fd"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
x-amz-cf-id
EHvs0EFhCQK1hWvpttBN1tp1pXdPJIacCq9i2NHzY1t55puJdVnIKw==
x-cache-hits
2191
active
flowcards.mrf.io/json/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://flowcards.mrf.io/json/active?site_id=1528&page_technology=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.207 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
048968c6d38c394e2b7f848c6b0155af214fd68fdc97df109e5233974c9def9c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
x-b3-traceid
8e71baccbea5401caef7f399049f88ff
x-cache
HIT
mrf-cache-status
H
x-envoy-upstream-service-time
2
x-b3-traceid-primal
153f8d3610a94980aa8153ec5970c847
content-length
723
x-served-by
cache-yul12824-YUL
server
istio-envoy
x-timer
S1662402375.290985,VS0,VE0
vary
origin
x-req-backend
F_origin_1_croupier
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-type
application/json; charset=utf-8
x-cache-hits
6
collect
analytics.google.com/g/ 		0
347 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-72QH41ZTMR&gtm=2oe8v0&_p=367509151&_gaz=1&cid=1120338599.1662402375&ul=en-us&sr=1600x1200&ir=1&_eu=Q&_z=ccd.v9B&_s=1&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&sid=1662402375&sct=1&seg=0&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&en=page_view&_fv=1&_ss=1&ep.debug_mode=false&ep.gtm_version=39&ep.gtm_container_id=GTM-P3Q4QHW&ep.ad_blocker_enabled=false&ep.user_status=anonymous&ep.project_type=Newsroom%20daily&ep.page_type=story&ep.session_uuid=ABD28419-31CA-477B-9157-9186BCE4EB1E&ep.platform=Cheetah&ep.platform_version=11.4.5&ep.fem_version=v65.0&ep.mp_id=2559400497429026896&ep.brand=National%20Post&ep.timestamp=2022-09-05T18%3A26%3A15.263%2B00%3A00&ep.ga_client_id=1120338599.1662402375&ep.article_authors=Christopher%20Nardi&ep.publish_timestamp=1661826836&ep.article_title=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020&ep.originating_property=true&ep.nlp_category=Politics%2CSports&ep.nlp_topic=5%2C500%20CRA%20accounts%2C1%7CCanada%20Revenue%20Agency%2C0.9172%7CCRA%20account%20breach%2C0.8122%7CCRA%27s%20MyCRA%20portal%2C0.7468%7CCRA%27s%20login%20system%2C0.7198&ep.nlp_entity=Agencies%2Cgovernment%20agency%2CCanada%20Revenue%20Agency%2C0.9561%7CTeams%2Cbaseball%20team%2CCanadians%2C0.8697%7CDiseases%2Cdisease%2CCOVID-19%2C0.8406%7CPeople%2Cperson%20name%2CTodd%20Sweet%2C0.482%7CAssociations%20%26%20groups%2Cgroup%2CRCMP%2C0.1964&ep.main_category=politics&ep.article_sub_category_1=canada%2Cnews&ep.article_tags=cerb%2C%20cra%2C%20fraud&epn.word_count=949&epn.character_count=4994&ep.article_id=3952896c-cca3-412d-bae7-2ca9bd7cdd13&ep.wire_content=false&ep.metered_content=true&up.mp_id=2559400497429026896&up.client_id=1120338599.1662402375
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-72QH41ZTMR&l=gtm_data_layer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-72QH41ZTMR&cid=1120338599.1662402375&gtm=2oe8v0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-72QH41ZTMR&l=gtm_data_layer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c06::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-72QH41ZTMR&cid=1120338599.1662402375&gtm=2oe8v0&aip=1&z=668293075
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
42fb57ac-2013-45a6-8dad-332d53e17c1b
consumer.krxd.net/consent/get/ Frame D751 		224 B
328 B 		Script
General
Check archive.org
Download Go to
Full URL
https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_0
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c5117ec6b60c1f3e2f9fc2cbeaf38fcb4687229794227bc9d2d08ff784e1ef2a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 varnish
age
0
x-served-by
consumer-a013-ash-prod.krxd.net, cache-yul12834-YUL
vary
Accept-Encoding
x-cache
MISS, MISS
content-type
text/javascript; charset=UTF-8
content-encoding
gzip
cache-control
max-age=1800
x-age
0
accept-ranges
bytes
x-timer
S1662402375.309967,VS0,VE19
content-length
187
x-cache-hits
0, 0
fail-icon.png
buy.tinypass.com/widget/dist/template/css/img/ Frame 6BB3 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://buy.tinypass.com/widget/dist/template/css/img/fail-icon.png
Requested by
Host: buy.tinypass.com
URL: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
359
p3p
CP="NON DSP COR OUR IND"
x-forwarded-https
on
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2177
wn
prod-dash-10-0-113-104
last-modified
Fri, 02 Sep 2022 20:45:06 GMT
server
cloudflare
etag
W/"2177-1662151506000"
strict-transport-security
max-age=86400; includeSubDomains
content-type
image/png
server-time
0.001
cache-control
public, max-age=7200
accept-ranges
bytes
cf-ray
7461031ded81713e-YUL
expires
Mon, 05 Sep 2022 20:26:15 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 6BB3 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://buy.tinypass.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 29 Aug 2022 18:52:16 GMT
x-content-type-options
nosniff
age
603239
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 29 Aug 2023 18:52:16 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 85EC 		376 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:15 GMT
pixel;r=1584201035;labels=cm.content;event=refresh;rf=0;a=p-w9vzu-sGKCA0U;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hacke...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1584201035;labels=cm.content;event=refresh;rf=0;a=p-w9vzu-sGKCA0U;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020;uht=2;fpan=0;fpa=P0-429207354-1662402374809;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;cm=;gdpr=0;ref=;d=nationalpost.com;dst=0;et=1662402375351;tzo=0;ogl=site_name.nationalpost%2Ctype.article%2Ctitle.Nearly%2013%252C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%2Cimage.https%3A%2F%2Fsmartcdn%252Egprod%252Epostmedia%252Edigital%2Fnationalpost%2Fwp-content%2Fuploads%2F2022%2F08%2Cimage%3Awidth.750%2Cimage%3Aheight.1000%2Curl.https%3A%2F%2Fnationalpost%252Ecom%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victim;ses=51b0790d-c48b-408a-be55-d70b17525112
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:b08a:1dc5:659b:4055 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
events
api.permutive.com/v2.0/batch/ 		201 B
158 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
52b01da32564c38a203ddd2b1a5b974eb2b31cf014245bed84e65771e90a4e91

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
140
via
1.1 google
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9787 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95557
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:53:38 GMT
expires
Mon, 04 Sep 2023 15:53:38 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame B24E 		783 B
970 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9713a012c5f41fc2a4ef34953967ef5098f28bbd384eedb1ffad25112b722589
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-MD5EL-r762Zx8orcDxvwCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-MD5EL-r762Zx8orcDxvwCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 18:26:15 GMT
expires
Mon, 05 Sep 2022 18:26:15 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-213173459-3&cid=1120338599.1662402375&jid=1376416963&_u=YCjACEABBAAAAC~&z=1956648650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-213173459-3&cid=1120338599.1662402375&jid=1376416963&_u=YCjACEABBAAAAC~&z=1956648650
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::2003 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1685973801652415&ev=PageView&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&rl=&if=false&ts=1662402375415&sw=1600&sh=1200&v=2.9.79&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22514537319740368%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%22503487844400487%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%221042784969583558%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%22858678751523779%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[4]=%7B%22extractorID%22%3A%221127243281129742%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[5]=%7B%22extractorID%22%3A%22497819211464386%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1662402375413.2068803609&it=1662402375151&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Mon, 05 Sep 2022 18:26:15 GMT
minimal.mp4
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/ Frame 85EC 		843 B
984 B 		Media
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/minimal.mp4
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6

Request headers

Referer
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
last-modified
Fri, 17 Dec 2021 08:10:51 GMT
etag
"1639728651"
x-hw
1662402375.dop074.dc2.t,1662402375.cds101.dc2.hn,1662402375.cds060.dc2.c
content-type
video/mp4
Content-Range
bytes 0-842/843
cache-control
max-age=55949
accept-ranges
bytes
Content-Length
843
en-us-trending_articles-json.0edf4524bfb67376a6d7.js
cdn.viafoura.net/chunks/languages/ 		1 KB
916 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/languages/en-us-trending_articles-json.0edf4524bfb67376a6d7.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a3050fe845f18ff7093ef9b4c56fb489911c0cedd50ef10dcf8397c78a6793c0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:49 GMT
content-encoding
br
age
428127
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:08 GMT
server
AmazonS3
etag
W/"41056dad783491342a8aa5ff8e271584"
vary
Accept-Encoding
x-amz-version-id
VP_O7pezAuZDacyd7yz2gJuSz8Nas9Ls
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
vkeOy5TtvB6ljKuNXnL2339qXHJPUo6peN73t1PjPMWpKC9jZIljSQ==
en-us-conversations-json.c37231766ac43b57883c.js
cdn.viafoura.net/chunks/languages/ 		14 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/languages/en-us-conversations-json.c37231766ac43b57883c.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3302399a73c776a578acb294da4e6550f2005064a0b63956a8f6183e5b22c47f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:13 GMT
server
AmazonS3
etag
W/"6e8199e21ba59f700c38d9990a737a8d"
vary
Accept-Encoding
x-amz-version-id
oxpfrcA7lf1DQ1jmZBJjIgVRtSLIYcva
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
S5RYU84yZMzpucOUleW9cFJi3zQmpXEt693_uae7-_v_AGdvGUgDbA==
0.1a2bd25f84fa6c122df3.css
cdn.viafoura.net/ 		86 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/0.1a2bd25f84fa6c122df3.css
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1aa4d55e3601b2a646f69b1133331c9235d6fd21e16cbb9b11e42a2c48dec694

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:33 GMT
server
AmazonS3
etag
W/"c5f08be041057d5a73c4c83fa2e4f144"
vary
Accept-Encoding
x-amz-version-id
ZaKTvHWTeFYHznbc7QOiEEpRByHp5SIC
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
text/css; charset=utf-8
x-amz-cf-id
XGtdM0LVM3lh6k8O8lgwRnb24gP1h_mbT74aBIUq8Bygh6fag0dL0g==
da.e7b507aa7d081ace1313.js
cdn.viafoura.net/chunks/ 		141 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/da.e7b507aa7d081ace1313.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ffebdc58de729df0709318a479c4d18c71d1ff441d5f1e7da98fad4d96ba5111

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:25 GMT
server
AmazonS3
etag
W/"e3bd5452fb04c2b5d26313852e821372"
vary
Accept-Encoding
x-amz-version-id
QhF3NQy.hrBjpJsaDSKv.2QLvZJrPp0t
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
_PVWHBl84q_Eee_hv8eopJGjqRh1Rvd1BquRObKWOESupPJzB_fu6g==
142.7eb70ed54018967fa0ee.css
cdn.viafoura.net/ 		1 KB
809 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/142.7eb70ed54018967fa0ee.css
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d2c43641d163bddadbc85f08f1f97d737fbf31a06108fc350ba366b1919f1a37

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:34 GMT
server
AmazonS3
etag
W/"865ba33e2423ffeb7c25b876262d41fe"
vary
Accept-Encoding
x-amz-version-id
cgiCXWPEwuA8wYUNT32HhmkDuN.JOqO0
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
text/css; charset=utf-8
x-amz-cf-id
nW4I_-ROkd6pAz3hHz5Hmm80a1Qpdqm1IG_K1aDQAd7nveOZtU-T6A==
tray-trigger.90b4818b6054a925fd46.js
cdn.viafoura.net/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/tray-trigger.90b4818b6054a925fd46.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
40dff71379e1db338222188af399e3991fdcf9b4a6605574808e39f5501eb5db

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:23 GMT
server
AmazonS3
etag
W/"a550dbaa9b6e5b7085a322a16906300b"
vary
Accept-Encoding
x-amz-version-id
nyrSQYnvn67zyj2UDXTbhN2tAjaSWu83
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
-TYxMMqPa6zvDjiDcA7UKs0DpbVQW8Cb8ZVpQpfHQJNv4lCrsvjcLw==
roboto-regular.woff2
cdn.viafoura.net/front/assets/fonts/roboto/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/front/assets/fonts/roboto/roboto-regular.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
659a8dee04b272c247129ff6513d23c16f4f9c183b5d64e7347815af8861a2a4

Request headers

Referer
https://nationalpost.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:49 GMT
via
1.1 08e4533f506df09f2c978ceaed6e2310.cloudfront.net (CloudFront)
age
428127
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
content-length
50240
last-modified
Wed, 24 Aug 2022 14:20:52 GMT
server
AmazonS3
etag
"184a2a669cf798f8d80bcfba041c3ecf"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
xT_cLGbhQxFYceJYvkSWBOw5kPPvd2cT
access-control-allow-origin
*
cache-control
public,max-age=31536000
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
font/woff2
x-amz-cf-id
o5K6PJx_5Z8JBrLytGuzcieObAGnsVfD6WjQEvv1r-0cIcHDq6cecA==
roboto-700.woff2
cdn.viafoura.net/front/assets/fonts/roboto/ 		49 KB
49 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/front/assets/fonts/roboto/roboto-700.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
be54ac8b9843afcd92dea7b3e72306efec71ba3b6365f679f179c7ca4a0aea9f

Request headers

Referer
https://nationalpost.com/
Origin
https://nationalpost.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:50 GMT
via
1.1 08e4533f506df09f2c978ceaed6e2310.cloudfront.net (CloudFront)
age
428126
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
content-length
50196
last-modified
Wed, 24 Aug 2022 14:20:52 GMT
server
AmazonS3
etag
"bc4866b032d34d1ab1fe7d30fe7d2af2"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
Y7vXXx28QCyWRVQkav9CkQOtaa7HUfPY
access-control-allow-origin
*
cache-control
public,max-age=31536000
x-amz-cf-pop
EWR53-C2
accept-ranges
bytes
content-type
font/woff2
x-amz-cf-id
GyXYc7Bx94zRaXuLCkVK2lps1Why8vFpCsaSeOi6AyyHmhrzQFBkTQ==
ingest
i.viafoura.co/v3/nationalpost.com/ 		67 B
392 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://i.viafoura.co/v3/nationalpost.com/ingest
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.250.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-204-250-37.compute-1.amazonaws.com
Software
/
Resource Hash
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://nationalpost.com
date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
image/png
content-length
67
expires
Fri, 01 Jan 1990 00:00:00 GMT
svod-module-js.ea1892696bfd2223f43d.js
cdn.viafoura.net/chunks/vuex_store/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/vuex_store/svod-module-js.ea1892696bfd2223f43d.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dfe97873104215ca01b106410421739f29b4acb5f7abe60650d3e7d35d0bc70c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:17 GMT
server
AmazonS3
etag
W/"7c62b10cee412a345fca103df5f43964"
vary
Accept-Encoding
x-amz-version-id
VlPeKWhR307etyY1glO58IYZR6A6n1vy
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
fCH8DHqlrviZqzzR6QV6VVJ1LVzx8ChFHnhZBD_VVz1lHDbuVsNB4Q==
usermatch.gif
beacon.krxd.net/ Frame D751
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=google
  • https://cm.g.doubleclick.net/pixel?google_cm&google_nid=krux_digital&google_hm=UEQ3QjAydkQ
  • https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
Protocol
H2
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store
x-request-time
D=26 t=1662402375
x-served-by
beacon-n004-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
291
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatch.gif
beacon.krxd.net/ Frame D751
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=krux_digital&google_cm&google_hm=UEQ3QjAydkQ
  • https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
Protocol
H2
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store
x-request-time
D=29 t=1662402375
x-served-by
beacon-n021-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://beacon.krxd.net/usermatch.gif?google_gid=CAESEKbzKUn5G-Oa-zRsirKWBKs&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
291
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
379708.gif
idsync.rlcdn.com/ Frame D751 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/379708.gif?partner_uid=PD7B02vD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
26357
stags.bluekai.com/site/ Frame D751 		62 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stags.bluekai.com/site/26357?id=PD7B02vD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.197.37.29 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-37-29.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
content-length
62
content-type
image/gif
p
sb.scorecardresearch.com/ Frame D751 		43 B
359 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=9&c2=8188709&cs_xi=PD7B02vD&rn=1662402376
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-77.jfk50.r.cloudfront.net
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
content-length
43
x-amz-cf-id
xzvr6hZyMELXrhA__J2sdrZUI6KUtV6bAwaZZNfEF3Co4TammZ8hDA==
x-cache
Miss from cloudfront
content-type
image/gif
usermatch.gif
beacon.krxd.net/ Frame D751
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/NC4WTmcy?redir=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner_id%3Dcb276571-e0d9-4438-9fd4-80a1ff034b01%26puid%3D%24%7BTM_USER_ID%7D
  • https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YxY-RgAE-bZcqQBN
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YxY-RgAE-bZcqQBN
Protocol
H2
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store
x-request-time
D=25 t=1662402375
x-served-by
beacon-n024-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 varnish
server
Varnish
x-timer
S1662402376.577192,VS0,VE0
x-served-by
cache-yul12832-YUL
x-cache
HIT
location
https://beacon.krxd.net/usermatch.gif?partner_id=cb276571-e0d9-4438-9fd4-80a1ff034b01&puid=YxY-RgAE-bZcqQBN
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
/
ps.eyeota.net/match/bounce/ Frame D751
Redirect Chain
  • https://ps.eyeota.net/match?bid=i0r4o4v&uid=PD7B02vD
  • https://ps.eyeota.net/match/bounce/?bid=i0r4o4v&uid=PD7B02vD
70 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match/bounce/?bid=i0r4o4v&uid=PD7B02vD
Protocol
HTTP/1.1
Server
34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-192-192.compute-1.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Content-Type
image/gif
Content-Length
70
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location
/match/bounce/?bid=i0r4o4v&uid=PD7B02vD
Date
Mon, 05 Sep 2022 18:26:15 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
krux
match.prod.bidr.io/cookie-sync/ Frame D751
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=beeswax
  • https://match.prod.bidr.io/cookie-sync/krux?partner_user_id=PD7B02vD
43 B
430 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.prod.bidr.io/cookie-sync/krux?partner_user_id=PD7B02vD
Protocol
HTTP/1.1
Server
18.215.140.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-215-140-171.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
nginx
strict-transport-security
max-age=2592000; includeSubDomains
p3p
CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control
no-cache, must-revalidate
Connection
keep-alive
content-type
image/gif
Content-Length
43
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://match.prod.bidr.io/cookie-sync/krux?partner_user_id=PD7B02vD
date
Mon, 05 Sep 2022 18:26:15 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a013-ash-prod.krxd.net
usermatch.gif
beacon.krxd.net/ Frame D751
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=mediamath
  • https://sync.mathtag.com/sync/img?mt_exid=10031&mt_exuid=PD7B02vD&redirect=https://beacon.krxd.net/usermatch.gif?partner%3Dmediamath%26partner_id%3D%5BMM_UUID%5D
  • https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=5d8e6316-3f46-4300-9c36-e08cab2310c1
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=5d8e6316-3f46-4300-9c36-e08cab2310c1
Protocol
H2
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store
x-request-time
D=24 t=1662402375
x-served-by
beacon-n020-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
MT3 4505 5b23575 master ord-pixel-x22 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://beacon.krxd.net/usermatch.gif?partner=mediamath&partner_id=5d8e6316-3f46-4300-9c36-e08cab2310c1
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 05 Sep 2022 18:26:14 GMT
tag.aspx
ml314.com/ Frame D751 		31 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?582022
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
236.234.111.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
27d7b573de36acef9ddbf975de05251f5219d2e4b8424288aae62aa57d5a6396

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:03:17 GMT
age
1378
x-guploader-uploadid
ADPycdufu6VWCaFryxE_11lJu3WoE6Xf5zt0TkPsa4asKPllnD9DSkJo4bl7WcPSLIQlFdjjzh8or61SoK8j3uXiWfmupn65n-XA
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
32025
last-modified
Tue, 09 Aug 2022 21:49:07 GMT
server
UploadServer
cache-control
public,max-age=3600
etag
"fe36d3317b1b052708eb2260e253aa63"
x-goog-hash
crc32c=BjH7bw==, md5=/jbTMXsbBScI6yJg4lOqYw==
x-goog-generation
1660081747697868
cache-id
YUL-7d0cee4c
x-cache-hit
hit
x-goog-stored-content-length
32025
accept-ranges
bytes
content-type
application/javascript
g.js
aa.agkn.com/adscores/ Frame D751
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=neustar
  • https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=PD7B02vD
43 B
655 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=PD7B02vD
Protocol
H2
Server
13.225.214.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-50.ewr50.r.cloudfront.net
Software
AAWebServer /
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 cae77502d3847ca96378af9649c50cb4.cloudfront.net (CloudFront)
server
AAWebServer
x-amz-cf-pop
EWR50-C1
access-control-allow-methods
GET, POST, OPTIONS
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-cache
Miss from cloudfront
content-type
image/gif
access-control-allow-headers
accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length
43
x-amz-cf-id
z7OgBiAbItC974zEeHNTQqqZP-kJRwaATawEL5EbJf3wSlt1eoQsqg==
expires
0

Redirect headers

location
https://aa.agkn.com/adscores/g.js?sid=9212244187&_kdpid=PD7B02vD
date
Mon, 05 Sep 2022 18:26:15 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a020-ash-prod.krxd.net
usermatch.gif
beacon.krxd.net/ Frame D751
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=183716&cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dcasale%26partner_uid%3D__UID__&s=183716&C=1
  • https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YxY-R-sDvI8TTtYUEMh6VAAA%26026
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YxY-R-sDvI8TTtYUEMh6VAAA%26026
Protocol
H2
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store
x-request-time
D=29 t=1662402375
x-served-by
beacon-n030-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=id2IbGopp5ju4UacZKYPt1%2BI5LCBrxxZfEEoH5dQP43RB2cZ%2Fi1T0EFY6dASRusWPVu2HC5c5QKXVmaPn2cV5gYAnpCAM8M6K1UNErt33KqCH60%2FvY4gZN8muKL%2FEPh%2BOqHdeDbYNZ0Nqw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location
https://beacon.krxd.net/usermatch.gif?partner=casale&partner_uid=YxY-R-sDvI8TTtYUEMh6VAAA%26026
cache-control
no-cache
cf-ray
746103208d87544f-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
usermatch.gif
beacon.krxd.net/ Frame D751
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=salesforce
  • https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=AbRAvIwhQax0rZSP3crf7pU4mbQ
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=AbRAvIwhQax0rZSP3crf7pU4mbQ
Protocol
H2
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store
x-request-time
D=35 t=1662402375
x-served-by
beacon-n036-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
https://beacon.krxd.net/usermatch.gif?partner=stackadapt&partner_uid=AbRAvIwhQax0rZSP3crf7pU4mbQ
Date
Mon, 05 Sep 2022 18:26:15 GMT
Connection
keep-alive
Content-Length
123
Content-Type
text/html; charset=utf-8
xuid
eb2.3lift.com/ Frame D751
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=triplelift&gdpr=0&cmp_cs=&us_privacy=undefined
  • https://eb2.3lift.com/xuid?mid=3587&xuid=PD7B02vD&dongle=13b2&gdpr=0&cmp_cs=&us_privacy=undefined
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3587&xuid=PD7B02vD&dongle=13b2&gdpr=0&cmp_cs=&us_privacy=undefined
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://eb2.3lift.com/xuid?mid=3587&xuid=PD7B02vD&dongle=13b2&gdpr=0&cmp_cs=&us_privacy=undefined
date
Mon, 05 Sep 2022 18:26:15 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a001-ash-prod.krxd.net
utsync.ashx
ml314.com/ Frame D751 		270 B
292 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=748&ct=js&pi=&fp=&clid=&if=1&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fcdn.krxd.net%2Fpartnerjs%2Fxdi%2Fproxy.3d2100fd7107262ecb55ce6847f01fa5.html%23!kxcid%3Duepn18565%26kxt%3Dhttps%253A%252F%252Fnationalpost.com%26kxcl%3Dcdn%26kxp%3D&pv=1662402375733_7q1o6rjpl&bl=en-us&cb=727905&return=https%3A%2F%2Fml314.com%2Fcsync.ashx%3Ffp%3DPD7B02vD%26person_id%3D%5BPersonID%5D%26eid%3D748%26return%3Dhttps%253A%252F%252Fbeacon.krxd.net%252Fusermatch.gif%253Fpartner%253Dmadisonlogic%2526partner_uid%253D%5BPersonID%5D&ht=&d=&dc=&si=1662402375733_7q1o6rjpl&cid=&s=1600x1200&rp=https%3A%2F%2Fnationalpost.com%2F&v=2.5.2.2
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?582022
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
236.234.111.34.bc.googleusercontent.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
6f69cfd72aad99cf8bcf52820772a316d3dfde1099b601006399144edbd386e3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:14 GMT
via
1.1 google
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
p3p
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control
private
content-type
application/javascript; charset=utf-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
270
expires
0
container.html
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4C6C 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 18:26:14 GMT
expires
Tue, 05 Sep 2023 18:26:14 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/ Frame B24E 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022083001&jk=3327620227062007&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
appInfo
config.lrcontent.com/ciam/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Requested by
Host: auth.lrcontent.com
URL: https://auth.lrcontent.com/v2/LoginRadiusV2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbe74c62945bca0d7d29f9784c7462326fb4f8100313f320468c67a947a267ad

Request headers

Referer
https://nationalpost.com/
X-Requested-With
XMLHttpRequest
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
access-control-allow-origin
https://nationalpost.com
cache-control
max-age=86400
cf-ray
74610320de307157-YUL
appInfo
config.lrcontent.com/ciam/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-headers
x-requested-with
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://nationalpost.com
allow
GET, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
746103209dd87157-YUL
date
Mon, 05 Sep 2022 18:26:15 GMT
server
cloudflare
vary
Origin
ingest
i.viafoura.co/v3/nationalpost.com/ 		67 B
391 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://i.viafoura.co/v3/nationalpost.com/ingest
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.250.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-204-250-37.compute-1.amazonaws.com
Software
/
Resource Hash
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://nationalpost.com
date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-type
image/png
content-length
67
expires
Fri, 01 Jan 1990 00:00:00 GMT
bridge3.528.0_en.html
imasdk.googleapis.com/js/core/ Frame 70D3 		637 KB
206 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c5x8i7c7.ssl.hwcdn.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95460
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210604
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:55:15 GMT
expires
Mon, 04 Sep 2023 15:55:15 GMT
last-modified
Mon, 29 Aug 2022 20:41:35 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 85EC 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 18:26:15 GMT
collect
analytics.google.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-72QH41ZTMR&gtm=2oe8v0&_p=367509151&cid=1120338599.1662402375&ul=en-us&sr=1600x1200&ir=1&_eu=QI&_z=ccd.v9B&_s=2&dl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&sid=1662402375&sct=1&seg=0&dt=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&en=ad_impression&_c=1&ep.debug_mode=false&ep.gtm_version=39&ep.gtm_container_id=GTM-P3Q4QHW&ep.ad_blocker_enabled=false&ep.user_status=anonymous&ep.project_type=Newsroom%20daily&ep.page_type=story&ep.session_uuid=ABD28419-31CA-477B-9157-9186BCE4EB1E&ep.platform=Cheetah&ep.platform_version=11.4.5&ep.fem_version=v65.0&ep.mp_id=2559400497429026896&ep.brand=National%20Post&ep.timestamp=2022-09-05T18%3A26%3A15.263%2B00%3A00&ep.ga_client_id=1120338599.1662402375&ep.query_id=CIq7qbij_vkCFQa30QQdCLIGkw&_et=553
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-72QH41ZTMR&l=gtm_data_layer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
content-module-js.0a90032f6d9bb0d5f5f9.js
cdn.viafoura.net/chunks/vuex_store/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/vuex_store/content-module-js.0a90032f6d9bb0d5f5f9.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5e6572ecaf3d41396ec6ad7deb8013b5a576bda7c600403066f1611ae3983450

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428128
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:18 GMT
server
AmazonS3
etag
W/"546a12b73180e97a8171dae7a877da6a"
vary
Accept-Encoding
x-amz-version-id
JiigQyEg7vxIVNBb566Md3Ux0gcyo0xx
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
jXCOfqisto4rjlKZ-gGiycSUUIFGmBpfMofE6Rc3lVj8XYwYALTvEg==
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=40oe&k=ZQl3YQlhCTE3NzAJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCWI1YTg1MWE5LTM5NDItMzQ4YS0xYTZiLTE5ODRkZTc3MDAzMQljcAl0cAl2dgkyMDIxMTIxN18wMDA5OmltYV9odG1sNTozLjUyOC4wCXd0CTYzNAlhZFRhZwkvL3B1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldC9nYW1wYWQvYWRzP2l1PS8zMDgxL2Fybi1kaXN0cm8mZGVzY3JpcHRpb25fdXJsPWh0dHBzJTNBJTJGJTJGbmF0aW9uYWxwb3N0LmNvbSUyRm5ld3MlMkZwb2xpdGljcyUyRm5lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwJmVudj12cCZpbXBsPXMmY29ycmVsYXRvcj0mdGZjZD0wJm5wYT0wJmdkZnBfcmVxPTEmb3V0cHV0PXZhc3Qmc3o9MzIweDI0MCZjdXN0X3BhcmFtcz1uayUzRGRpc3RybyUyNnByJTNEbnAlMjZjayUzRG5ld3MlMjZsb2MlM0R0b3AlMjZwYWdlJTNEc3RvcnklMjZzY2slM0Rwb2xpdGljcyUyNmFpZCUzRDM5NTI4OTZjLWNjYTMtNDEyZC1iYWU3LTJjYTliZDdjZGQxMyUyQzc5ODA4Njc3JTI2cHBpZCUzRDAwMDAwMDAwcHBpZHAyNTU5NDAwNDk3NDI5MDI2ODk2JTI2cGVybXV0aXZlJTNEOTY0MDAlMkMxMDU1MzglMkMxMDU1NDElMkMxMDU1NDMlMkMxMDU2OTMlMkMxMDY2NjMlMkMxMTA1OTIlMkMxMTE3NjElMkMxMTE3OTMmdXNfcHJpdmFjeT0mZ2Rwcj0wJmdkcHJfY29uc2VudD0mdW52aWV3ZWRfcG9zaXRpb25fc3RhcnQ9MQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
JRDtgcUl_7OUjJ4QO8bVbwNuRTRqDUxuSBYCwiPHS6U.js
pagead2.googlesyndication.com/bg/ Frame 9787 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/JRDtgcUl_7OUjJ4QO8bVbwNuRTRqDUxuSBYCwiPHS6U.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2510ed81c525ffb3948c9e103bc6d56f036e45346a0d4c6e481602c223c74ba5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Sat, 03 Sep 2022 16:25:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
180065
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15893
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 03 Sep 2023 16:25:10 GMT
integrator.js
adservice.google.com/adsid/ Frame 85EC 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=c5x8i7c7.ssl.hwcdn.net
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
state
api.permutive.com/v1.0/ 		0
34 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v1.0/state?fetch_unseen=true&k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20
via
1.1 google
pixel
googleads.g.doubleclick.net/xbbe/ Frame 9B75 		624 B
733 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CIOCCBC-2rUCGNnD3NABMAE&v=APEucNVRy2VuHSLNAGfqm6WFs9tgJJYZY2DRArhVrIOD3zaFnnQIWtGvMg6hGkgdAEeTMkw7OroSu8nHGrE973iZDNBAOXdh7A
Requested by
Host: 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
URL: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 18:26:15 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 4C6C 		70 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D-ZJiwxX6c3VFUEURKdGT4agNhH4It_zek8gfkP6jCvuX_Fhh_fDWYgPRpiktyiE2GP_gLmrI_lboGDswGb0ymeIfccw&cry=1&dbm_d=AKAmf-C_hKYbLw8JnYBDWGsUB7sxfxvf3S1U5ASNlnb2OKvfZJgTj7vJ6AvOrXg48XytOrzvzA2aIJhzq4SneZMF7-4o1MqLmwcyLBwR4T2cXHbCgKbL6uV4yWeDVv2eURGgmXbSIPk5XqNKhbgiv40yO3_UR4rjuBVlr46KK8gGF9D98ErgfXywRqPe6JrwaPJdy5Ocr3L1guQEJguaEIC86ZNqya_EpibWbI9-Cu2rITf_PU54tYA5MqO9i31-IEJhXuZxQefu31Ywz4CJUjDdvXvLpkpZupMm86lIo_wTy2lRpT3aUKLbdLz-chwtjjSWLCQb2AG60nt9CJ7bzsSNYSrfZ42BzjmCeZw5hizBDfeNTPxuC2c1iPEdcT1LcoeUC1ubGtAGH1CMmGvEDgFcXfjzciykxIPnDNdk_NiXplDguviecX5GTAfDgMcyKEiZlDAGr_wftNW3LvhzCSB5D_mdasjeiS0ybCdfi9mLm-NXFVio-BoAvkA50rUfYro5y3msGWgu5pjlkniPacPSUm3K8G-m7Uht0gKBg5BUDmzBTGH1UbCcmbV26bFQZiME4QSfqcQCA4FZwEk7IM-zSgdgY3NID3G-zaa4yfF6tfc5puT3PSsK86UzV0bxpEO9olB0gu8KTgO-_xcFB-Ux2Aw5IcZdgoqjqdBeN0WCs4PMnBWdD-6GDcrqnefzNVnzXQX8JNiJla0yphkvtiLjTuUXSGDZtQcVbgzVpOHKSziMbakza0Ut0dYnUBiwo1PEW7Hx_trTp9tdOOSXwG-FvAT7_roqKr2bMcIgy7RWs250oUvNP6HEjaU0dPRwstjLctZJKJWN966OrPEbG5KNwNyMf6TvhyCDm6Ox5SvTkKTiNwOKOkpzqRfbJmSKllKez3IKMhECp0Rewe3HFCPYhzBpmbKof9t9g9tMJC1PRk6VlszYZFtn_nRYQi1kp16OrEqjJvlwLrl_1pUq6pYBF-7PAgdkx-jEp91znRK8me0aPlJJPKmF0Khp5vHiSm8ZM3XzZR9yDEmST1GUcm1W5pavLNBYIxif5iK9_wwLETsuCLn9TwHYjBfiHrKBOFmFKRP8B1q6fwz8vFiIuXoAhyVWybhhHzg9EuEVwjmZHIhcJRmB4SMYBHxou53U0w0dOB2sZYvEPvfgZSq7Ck5cUCuCmm1I-WJNnvVGPmsMtu8BUtBT1STV7hwXjinGlJ-3lDgU8wNyCLsAAdwRzhsWj7CjXdp_NtloCgto6um_NMJuznAv3wD3HxVN1n_n7Y7DMwF6trnDf7GcBIlDIe33OhGCxpPyaDIWEJb6nIpjMk9-ZidOxxADYM-mm6JCZwfA0yeX8Qe5xx68lNLk6NzhWovBxBkcp-13g6J4pbS1ahtYKCaEiOF8C-mG85LBBREae2IItz_803nzARUg5THvbrkKPM7pSSSxT2jAslLferC0FnQBuFayAJCSBEhVnC7__cUfej2TRz-kFR0nOYHANfiPaCSMBER8Dw2jCUYIvSZWaUhiB9vrAsNsEtUJpxroYXKcE0VmjD4aE4GZGYrkHLbwBG-URql-IPddk9lZSzXFRZkNMkYZ32mpC9t-byQLM2dP-U1ew-pWuAguttvdvmHl-lv-B72uSvxgup-dEsxq43V8JgmXRIjF6y1A5g3OSZKDTW_KKRqYuBgxG_PFMMDlT47hTLoY5MGPChz_E9CCInIdR_IqfIooKd54kd-OwPuPxslOecD_0mGRlvVII5VDpYnXWR53iCTykjpOX68Dk97euwFk98FgUAhpiui769nY7k8aTHA2Bjiwo6t98t5d6MH2c3oiESZqKzZcjMs7ep9yxq3PZkSk7TaDB1NuYf4cJAomy3iDzcu28H9bmvKmGLDXSm6D2eRn4JlhDOP5TtTKOITMtueoXFx6vGRmHOXSGFC7Tv8WbANSSYJxcX3CwV0m53jqxb_HjBz6LctW57QxGBkwr4sYDiGYpU41IqoQML48zFCfZQ8XQocTYj6iszdhRbsDjPV1d6B46pWYiIZhr9bomnzSd16KMK5PBv18rn61cC4k8yP3jjj8YAsBg0CRTLPVm-4xSgKiP8Np8U4lW_J1AY7n4Kc0qNx-wlIUWrtcFsEKdbG_R2N6YDFEoaRuwWODy-PWX6ma7ziKmwSZ3gIUKbV4kudbT601dp9o5Voljc82SC-WBn9kg0RMURc2Gmgc7P3wiYOjVn2MP75PLwNxoCEDMGLXuzTDmBvCFx-YOZ77WJdK4cYIM3JFNqsYKNxPCyj9Ei-fxPl-BvfdkN_Yu4Y3jk4bjkyX3Nj3fIAzd_QDJlB6ZxsXzi2313efsHeEDjX9Gv5j9cOq60c4VeKkQttpVruJnKXWwW5T0y85XHeQp3GdPrAXIHAKCcsCvSeC0QcuiQDmHwg6-i4MiOfNITgQ_WuZ0vHua10ZcJD6Nms2aU7gKBmiivb-WOa1txd7P4krelhP_iZz3mq7atawNG47fANWq4LOJVOmqT-5CGcST6qbF6N_0F13op310M4TYKPAZa1OmhXbJeYi1xziPJuwNiDKNKCZwphOHeSbix8VDiZrZ8yFOHHtWet9in8qyVVBtQJtM0e0FUgPCM950FDeu_Ela8oQcCMIyJlGH4MVt5P03yPR_OtlKi6zfJ4kNd-wBdCWrsJzUpifYdPosXkuoEen3Pdg1ylPfsAAC-YywfxAymCTQWx0DeWAnFiXsevZC--UfC6fE8zPMXBgVB2MNru2HV0sGFDpIyrsAv0DDvVRy9RQpFfCFNvcoyOyXzscLBjzzsqlANuiAnb62HHMO7WxQP21WLB5Z2R7dJ4uP5Wusx4vHIFXjb6zr08cfOeXe21MfP269rP_oZ1Co1Wxr-KBkjaSsYO2TRVoGVupcPjGFrhostf-8RunXCHFMLjg1Os9m1WuUJAOk3WpVMRuBmcFRFuG6ouzS7qyFgAc6FHoJkP91jVs-2oxX1_7QFplE67BH8wnxlq14Km-9Q8YazDZYJZlB4hBBrlU69VlGs-EunPdNUBeJs_RwSImwzSVb88z0bj3l4WZomkWLsm0vq23BjxrixBhxvlXgJA9K3yTC_kec2jBHB1CjmroTwFOwKu5PDv904jjcMbzKqPNuHp0Fh9rWVi_KstJCYWkIA5sr8FnSZx5MUEHQ_B-aQXLFgBr24a5SM50-gcGMkWg-Be_3oj6_y_oWpdJ3n2guTDo2AvhapXBpR5p_yynl1OocvkLaGmrsthV6aTkpA8YaipNsgI2bZqw20v1nirs1JqWeVBCMj-ln48PwCIVHfgdsAkt2_KyABsO7jiITI-trLrODB4NjXWvkfaZ&cid=CAASJeRopFPjGXGaxmSUn8Mwa_E8cRmVvGLHtGJ_yeVRrGM6g9_O6rA&rfl=1%2Chttps%253A%252F%252Fnationalpost.com%252F%240
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
16f0657fcf8192f39158391e7f6b3f4e2c0b30a2b08b0d2c99aa76f5e7b1a480
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33020
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4C6C 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AkRax3W8ft2YoOhciaylbbPbGzy6fZIW-6nYL6wkB2tDVtxjU8k7veCJCeRWHUcDKI43JbYnUuBNSxUfjcUFMDpp7ulzsHsNAyiWM_AXKE-CcbRGM
Requested by
Host: 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
URL: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:15 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 4C6C 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/window_focus_fy2021.js
Requested by
Host: 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
URL: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:18:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
457
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 18:18:38 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4C6C 		142 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
URL: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44792
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1661945761880069"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 05 Sep 2022 18:26:15 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/ Frame 4C6C 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220831/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
URL: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 18:26:03 GMT
l
www.google.com/ads/measurement/ Frame 4C6C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQStwtsRoxgdoHI3HOPSqPvGnlstIVx_5nQZTAqLEKUzAa0TCetJm5KBGMO9vfNVPHEhArFYbN-hw9uT3qUUU_HB8cNyg
Requested by
Host: 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
URL: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81e::2004 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
usermatch.gif
beacon.krxd.net/ Frame D751
Redirect Chain
  • https://ml314.com/csync.ashx?fp=PD7B02vD&person_id=3629847580089778247&eid=748&return=https%3A%2F%2Fbeacon.krxd.net%2Fusermatch.gif%3Fpartner%3Dmadisonlogic%26partner_uid%3D3629847580089778247
  • https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3629847580089778247
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3629847580089778247
Protocol
H2
Server
52.45.87.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-87-68.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cdn.krxd.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:15 GMT
cache-control
private, no-cache, no-store
x-request-time
D=31 t=1662402375
x-served-by
beacon-n039-ash-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Mon, 05 Sep 2022 18:26:15 GMT
via
1.1 google
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-type
text/html; charset=utf-8
location
https://beacon.krxd.net/usermatch.gif?partner=madisonlogic&partner_uid=3629847580089778247
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
211
expires
Tue, 06 Sep 2022 14:26:15 GMT
login
postmedia.hub.loginradius.com/ssologin/ 		38 B
550 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://postmedia.hub.loginradius.com/ssologin/login
Requested by
Host: auth.lrcontent.com
URL: https://auth.lrcontent.com/v2/LoginRadiusV2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.169.125.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-169-125-112.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f7a4a046540cd7b682afc0d129cbbdea16081d1a54dfd3385115725f960c54c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://nationalpost.com/
X-Requested-With
XMLHttpRequest
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods
HEAD,GET,POST,PUT,DELETE,OPTIONS, POST, GET, PUT, OPTIONS, DELETE
Content-Type
application/json
Access-Control-Allow-Origin
https://nationalpost.com
X-LoginRadius-Server
Primary - IDX - AWS
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Server
ms_idx_primary
Content-Length
38
login
postmedia.hub.loginradius.com/ssologin/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://postmedia.hub.loginradius.com/ssologin/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.169.125.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-169-125-112.compute-1.amazonaws.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
*/*
Access-Control-Request-Headers
x-requested-with
Access-Control-Request-Method
GET
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
x-requested-with
Access-Control-Allow-Methods
HEAD,GET,POST,PUT,DELETE,OPTIONS POST, GET, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin
https://nationalpost.com
Connection
keep-alive
Date
Mon, 05 Sep 2022 18:26:15 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-LoginRadius-Server
Primary - IDX - AWS
X-Server
ms_idx_primary
all
notifications.viafoura.co/v5/notifications/00000000-0000-4000-8000-05d38950df07/ 		36 B
223 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://notifications.viafoura.co/v5/notifications/00000000-0000-4000-8000-05d38950df07/all
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.250.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-204-250-37.compute-1.amazonaws.com
Software
/
Resource Hash
b6dc85459fbb9d03f478d91eae99e6627e04c8f805b08e4b97423ffbc3870d9d

Request headers

Accept
application/json, text/plain, */*
Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-origin
https://nationalpost.com
date
Mon, 05 Sep 2022 18:26:15 GMT
content-encoding
gzip
access-control-allow-credentials
true
content-length
59
content-type
application/json; charset=utf-8
ingest.php
events.newsroom.bi/ 		2 B
828 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://events.newsroom.bi/ingest.php
Requested by
Host: sdk.mrf.io
URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1528
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
188.40.92.96 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
haproxy01.cl03.k8s.mrf.io
Software
istio-envoy /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryQh9TTJCQVqc7zMuk

Response headers

date
Mon, 05 Sep 2022 18:26:16 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-expose-headers
Content-Length,Content-Range
cache-control
private,no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
2
/
www.facebook.com/tr/ Frame 270D 		0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://nationalpost.com
Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://nationalpost.com
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Mon, 05 Sep 2022 18:26:16 GMT
priority
u=0
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
rum
dsum-sec.casalemedia.com/ Frame 9B75
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
43 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIOCCBC-2rUCGNnD3NABMAE&v=APEucNVRy2VuHSLNAGfqm6WFs9tgJJYZY2DRArhVrIOD3zaFnnQIWtGvMg6hGkgdAEeTMkw7OroSu8nHGrE973iZDNBAOXdh7A
Protocol
H2
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
74610322cc4454d9-YYZ
pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yM174qYNQjaxIOQ8mme5HdgNwdovOMOn%2F5noGoacpX152sWwwmmQZm65L%2Fa3Jhs%2BzyAosJCqbp0QFOI61QTnBnO2uSnplUuY0jsh77Mt4w%2BMzv6OybDBvehAVm0%2F10F1QuIVAFHQo5KNXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 9B75
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YxY-R-sDvI8TTtYUEMh6VAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
43 B
880 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIOCCBC-2rUCGNnD3NABMAE&v=APEucNVRy2VuHSLNAGfqm6WFs9tgJJYZY2DRArhVrIOD3zaFnnQIWtGvMg6hGkgdAEeTMkw7OroSu8nHGrE973iZDNBAOXdh7A
Protocol
H3
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

cf-ray
74610323ddf154a3-YYZ
pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i325qI22ieslEDTg%2B3iTtr3DUMwkkvBnJ2%2F2xdSzs%2BTjY0qq5A6Aycx4FWd3HoX0dbgyOz3YPUu1VuwGglDomjmpajUo4%2F1ShlCS%2BVtJTX1%2BbgKwQ0C93o%2F6unVWWQN6HihOM4jc1dfogw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control
no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFTvRp2LYqf1aWRAvUsb800&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 9B75
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEJWEppLbzg-HhLhBp52CPso&google_cver=1
43 B
1018 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEJWEppLbzg-HhLhBp52CPso&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIOCCBC-2rUCGNnD3NABMAE&v=APEucNVRy2VuHSLNAGfqm6WFs9tgJJYZY2DRArhVrIOD3zaFnnQIWtGvMg6hGkgdAEeTMkw7OroSu8nHGrE973iZDNBAOXdh7A
Protocol
HTTP/1.1
Server
68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:16 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
1d4ff8fa-2bd5-49b9-82d6-f5319db70087
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEJWEppLbzg-HhLhBp52CPso&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 9B75
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzMjMyMDczODcyNjU3NDI2Mg%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzMjMyMDczODcyNjU3NDI2Mg%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIOCCBC-2rUCGNnD3NABMAE&v=APEucNVRy2VuHSLNAGfqm6WFs9tgJJYZY2DRArhVrIOD3zaFnnQIWtGvMg6hGkgdAEeTMkw7OroSu8nHGrE973iZDNBAOXdh7A
Protocol
H3
Server
142.250.65.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:16 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
f798dc21-8ec5-48b4-bee0-0d462e1acc69
Server
nginx/1.21.3
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDAzMjMyMDczODcyNjU3NDI2Mg%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/ Frame 4C6C 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D-ZJiwxX6c3VFUEURKdGT4agNhH4It_zek8gfkP6jCvuX_Fhh_fDWYgPRpiktyiE2GP_gLmrI_lboGDswGb0ymeIfccw&cry=1&dbm_d=AKAmf-C_hKYbLw8JnYBDWGsUB7sxfxvf3S1U5ASNlnb2OKvfZJgTj7vJ6AvOrXg48XytOrzvzA2aIJhzq4SneZMF7-4o1MqLmwcyLBwR4T2cXHbCgKbL6uV4yWeDVv2eURGgmXbSIPk5XqNKhbgiv40yO3_UR4rjuBVlr46KK8gGF9D98ErgfXywRqPe6JrwaPJdy5Ocr3L1guQEJguaEIC86ZNqya_EpibWbI9-Cu2rITf_PU54tYA5MqO9i31-IEJhXuZxQefu31Ywz4CJUjDdvXvLpkpZupMm86lIo_wTy2lRpT3aUKLbdLz-chwtjjSWLCQb2AG60nt9CJ7bzsSNYSrfZ42BzjmCeZw5hizBDfeNTPxuC2c1iPEdcT1LcoeUC1ubGtAGH1CMmGvEDgFcXfjzciykxIPnDNdk_NiXplDguviecX5GTAfDgMcyKEiZlDAGr_wftNW3LvhzCSB5D_mdasjeiS0ybCdfi9mLm-NXFVio-BoAvkA50rUfYro5y3msGWgu5pjlkniPacPSUm3K8G-m7Uht0gKBg5BUDmzBTGH1UbCcmbV26bFQZiME4QSfqcQCA4FZwEk7IM-zSgdgY3NID3G-zaa4yfF6tfc5puT3PSsK86UzV0bxpEO9olB0gu8KTgO-_xcFB-Ux2Aw5IcZdgoqjqdBeN0WCs4PMnBWdD-6GDcrqnefzNVnzXQX8JNiJla0yphkvtiLjTuUXSGDZtQcVbgzVpOHKSziMbakza0Ut0dYnUBiwo1PEW7Hx_trTp9tdOOSXwG-FvAT7_roqKr2bMcIgy7RWs250oUvNP6HEjaU0dPRwstjLctZJKJWN966OrPEbG5KNwNyMf6TvhyCDm6Ox5SvTkKTiNwOKOkpzqRfbJmSKllKez3IKMhECp0Rewe3HFCPYhzBpmbKof9t9g9tMJC1PRk6VlszYZFtn_nRYQi1kp16OrEqjJvlwLrl_1pUq6pYBF-7PAgdkx-jEp91znRK8me0aPlJJPKmF0Khp5vHiSm8ZM3XzZR9yDEmST1GUcm1W5pavLNBYIxif5iK9_wwLETsuCLn9TwHYjBfiHrKBOFmFKRP8B1q6fwz8vFiIuXoAhyVWybhhHzg9EuEVwjmZHIhcJRmB4SMYBHxou53U0w0dOB2sZYvEPvfgZSq7Ck5cUCuCmm1I-WJNnvVGPmsMtu8BUtBT1STV7hwXjinGlJ-3lDgU8wNyCLsAAdwRzhsWj7CjXdp_NtloCgto6um_NMJuznAv3wD3HxVN1n_n7Y7DMwF6trnDf7GcBIlDIe33OhGCxpPyaDIWEJb6nIpjMk9-ZidOxxADYM-mm6JCZwfA0yeX8Qe5xx68lNLk6NzhWovBxBkcp-13g6J4pbS1ahtYKCaEiOF8C-mG85LBBREae2IItz_803nzARUg5THvbrkKPM7pSSSxT2jAslLferC0FnQBuFayAJCSBEhVnC7__cUfej2TRz-kFR0nOYHANfiPaCSMBER8Dw2jCUYIvSZWaUhiB9vrAsNsEtUJpxroYXKcE0VmjD4aE4GZGYrkHLbwBG-URql-IPddk9lZSzXFRZkNMkYZ32mpC9t-byQLM2dP-U1ew-pWuAguttvdvmHl-lv-B72uSvxgup-dEsxq43V8JgmXRIjF6y1A5g3OSZKDTW_KKRqYuBgxG_PFMMDlT47hTLoY5MGPChz_E9CCInIdR_IqfIooKd54kd-OwPuPxslOecD_0mGRlvVII5VDpYnXWR53iCTykjpOX68Dk97euwFk98FgUAhpiui769nY7k8aTHA2Bjiwo6t98t5d6MH2c3oiESZqKzZcjMs7ep9yxq3PZkSk7TaDB1NuYf4cJAomy3iDzcu28H9bmvKmGLDXSm6D2eRn4JlhDOP5TtTKOITMtueoXFx6vGRmHOXSGFC7Tv8WbANSSYJxcX3CwV0m53jqxb_HjBz6LctW57QxGBkwr4sYDiGYpU41IqoQML48zFCfZQ8XQocTYj6iszdhRbsDjPV1d6B46pWYiIZhr9bomnzSd16KMK5PBv18rn61cC4k8yP3jjj8YAsBg0CRTLPVm-4xSgKiP8Np8U4lW_J1AY7n4Kc0qNx-wlIUWrtcFsEKdbG_R2N6YDFEoaRuwWODy-PWX6ma7ziKmwSZ3gIUKbV4kudbT601dp9o5Voljc82SC-WBn9kg0RMURc2Gmgc7P3wiYOjVn2MP75PLwNxoCEDMGLXuzTDmBvCFx-YOZ77WJdK4cYIM3JFNqsYKNxPCyj9Ei-fxPl-BvfdkN_Yu4Y3jk4bjkyX3Nj3fIAzd_QDJlB6ZxsXzi2313efsHeEDjX9Gv5j9cOq60c4VeKkQttpVruJnKXWwW5T0y85XHeQp3GdPrAXIHAKCcsCvSeC0QcuiQDmHwg6-i4MiOfNITgQ_WuZ0vHua10ZcJD6Nms2aU7gKBmiivb-WOa1txd7P4krelhP_iZz3mq7atawNG47fANWq4LOJVOmqT-5CGcST6qbF6N_0F13op310M4TYKPAZa1OmhXbJeYi1xziPJuwNiDKNKCZwphOHeSbix8VDiZrZ8yFOHHtWet9in8qyVVBtQJtM0e0FUgPCM950FDeu_Ela8oQcCMIyJlGH4MVt5P03yPR_OtlKi6zfJ4kNd-wBdCWrsJzUpifYdPosXkuoEen3Pdg1ylPfsAAC-YywfxAymCTQWx0DeWAnFiXsevZC--UfC6fE8zPMXBgVB2MNru2HV0sGFDpIyrsAv0DDvVRy9RQpFfCFNvcoyOyXzscLBjzzsqlANuiAnb62HHMO7WxQP21WLB5Z2R7dJ4uP5Wusx4vHIFXjb6zr08cfOeXe21MfP269rP_oZ1Co1Wxr-KBkjaSsYO2TRVoGVupcPjGFrhostf-8RunXCHFMLjg1Os9m1WuUJAOk3WpVMRuBmcFRFuG6ouzS7qyFgAc6FHoJkP91jVs-2oxX1_7QFplE67BH8wnxlq14Km-9Q8YazDZYJZlB4hBBrlU69VlGs-EunPdNUBeJs_RwSImwzSVb88z0bj3l4WZomkWLsm0vq23BjxrixBhxvlXgJA9K3yTC_kec2jBHB1CjmroTwFOwKu5PDv904jjcMbzKqPNuHp0Fh9rWVi_KstJCYWkIA5sr8FnSZx5MUEHQ_B-aQXLFgBr24a5SM50-gcGMkWg-Be_3oj6_y_oWpdJ3n2guTDo2AvhapXBpR5p_yynl1OocvkLaGmrsthV6aTkpA8YaipNsgI2bZqw20v1nirs1JqWeVBCMj-ln48PwCIVHfgdsAkt2_KyABsO7jiITI-trLrODB4NjXWvkfaZ&cid=CAASJeRopFPjGXGaxmSUn8Mwa_E8cRmVvGLHtGJ_yeVRrGM6g9_O6rA&rfl=1%2Chttps%253A%252F%252Fnationalpost.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
35700fd4dc1a4008ab66bc0e57c19689f6daca9368bfd2a6beea1b86dc0159d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:22:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
230
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11778
x-xss-protection
0
server
cafe
etag
15541287485089275602
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 18:22:26 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/ Frame 4C6C 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220831/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D-ZJiwxX6c3VFUEURKdGT4agNhH4It_zek8gfkP6jCvuX_Fhh_fDWYgPRpiktyiE2GP_gLmrI_lboGDswGb0ymeIfccw&cry=1&dbm_d=AKAmf-C_hKYbLw8JnYBDWGsUB7sxfxvf3S1U5ASNlnb2OKvfZJgTj7vJ6AvOrXg48XytOrzvzA2aIJhzq4SneZMF7-4o1MqLmwcyLBwR4T2cXHbCgKbL6uV4yWeDVv2eURGgmXbSIPk5XqNKhbgiv40yO3_UR4rjuBVlr46KK8gGF9D98ErgfXywRqPe6JrwaPJdy5Ocr3L1guQEJguaEIC86ZNqya_EpibWbI9-Cu2rITf_PU54tYA5MqO9i31-IEJhXuZxQefu31Ywz4CJUjDdvXvLpkpZupMm86lIo_wTy2lRpT3aUKLbdLz-chwtjjSWLCQb2AG60nt9CJ7bzsSNYSrfZ42BzjmCeZw5hizBDfeNTPxuC2c1iPEdcT1LcoeUC1ubGtAGH1CMmGvEDgFcXfjzciykxIPnDNdk_NiXplDguviecX5GTAfDgMcyKEiZlDAGr_wftNW3LvhzCSB5D_mdasjeiS0ybCdfi9mLm-NXFVio-BoAvkA50rUfYro5y3msGWgu5pjlkniPacPSUm3K8G-m7Uht0gKBg5BUDmzBTGH1UbCcmbV26bFQZiME4QSfqcQCA4FZwEk7IM-zSgdgY3NID3G-zaa4yfF6tfc5puT3PSsK86UzV0bxpEO9olB0gu8KTgO-_xcFB-Ux2Aw5IcZdgoqjqdBeN0WCs4PMnBWdD-6GDcrqnefzNVnzXQX8JNiJla0yphkvtiLjTuUXSGDZtQcVbgzVpOHKSziMbakza0Ut0dYnUBiwo1PEW7Hx_trTp9tdOOSXwG-FvAT7_roqKr2bMcIgy7RWs250oUvNP6HEjaU0dPRwstjLctZJKJWN966OrPEbG5KNwNyMf6TvhyCDm6Ox5SvTkKTiNwOKOkpzqRfbJmSKllKez3IKMhECp0Rewe3HFCPYhzBpmbKof9t9g9tMJC1PRk6VlszYZFtn_nRYQi1kp16OrEqjJvlwLrl_1pUq6pYBF-7PAgdkx-jEp91znRK8me0aPlJJPKmF0Khp5vHiSm8ZM3XzZR9yDEmST1GUcm1W5pavLNBYIxif5iK9_wwLETsuCLn9TwHYjBfiHrKBOFmFKRP8B1q6fwz8vFiIuXoAhyVWybhhHzg9EuEVwjmZHIhcJRmB4SMYBHxou53U0w0dOB2sZYvEPvfgZSq7Ck5cUCuCmm1I-WJNnvVGPmsMtu8BUtBT1STV7hwXjinGlJ-3lDgU8wNyCLsAAdwRzhsWj7CjXdp_NtloCgto6um_NMJuznAv3wD3HxVN1n_n7Y7DMwF6trnDf7GcBIlDIe33OhGCxpPyaDIWEJb6nIpjMk9-ZidOxxADYM-mm6JCZwfA0yeX8Qe5xx68lNLk6NzhWovBxBkcp-13g6J4pbS1ahtYKCaEiOF8C-mG85LBBREae2IItz_803nzARUg5THvbrkKPM7pSSSxT2jAslLferC0FnQBuFayAJCSBEhVnC7__cUfej2TRz-kFR0nOYHANfiPaCSMBER8Dw2jCUYIvSZWaUhiB9vrAsNsEtUJpxroYXKcE0VmjD4aE4GZGYrkHLbwBG-URql-IPddk9lZSzXFRZkNMkYZ32mpC9t-byQLM2dP-U1ew-pWuAguttvdvmHl-lv-B72uSvxgup-dEsxq43V8JgmXRIjF6y1A5g3OSZKDTW_KKRqYuBgxG_PFMMDlT47hTLoY5MGPChz_E9CCInIdR_IqfIooKd54kd-OwPuPxslOecD_0mGRlvVII5VDpYnXWR53iCTykjpOX68Dk97euwFk98FgUAhpiui769nY7k8aTHA2Bjiwo6t98t5d6MH2c3oiESZqKzZcjMs7ep9yxq3PZkSk7TaDB1NuYf4cJAomy3iDzcu28H9bmvKmGLDXSm6D2eRn4JlhDOP5TtTKOITMtueoXFx6vGRmHOXSGFC7Tv8WbANSSYJxcX3CwV0m53jqxb_HjBz6LctW57QxGBkwr4sYDiGYpU41IqoQML48zFCfZQ8XQocTYj6iszdhRbsDjPV1d6B46pWYiIZhr9bomnzSd16KMK5PBv18rn61cC4k8yP3jjj8YAsBg0CRTLPVm-4xSgKiP8Np8U4lW_J1AY7n4Kc0qNx-wlIUWrtcFsEKdbG_R2N6YDFEoaRuwWODy-PWX6ma7ziKmwSZ3gIUKbV4kudbT601dp9o5Voljc82SC-WBn9kg0RMURc2Gmgc7P3wiYOjVn2MP75PLwNxoCEDMGLXuzTDmBvCFx-YOZ77WJdK4cYIM3JFNqsYKNxPCyj9Ei-fxPl-BvfdkN_Yu4Y3jk4bjkyX3Nj3fIAzd_QDJlB6ZxsXzi2313efsHeEDjX9Gv5j9cOq60c4VeKkQttpVruJnKXWwW5T0y85XHeQp3GdPrAXIHAKCcsCvSeC0QcuiQDmHwg6-i4MiOfNITgQ_WuZ0vHua10ZcJD6Nms2aU7gKBmiivb-WOa1txd7P4krelhP_iZz3mq7atawNG47fANWq4LOJVOmqT-5CGcST6qbF6N_0F13op310M4TYKPAZa1OmhXbJeYi1xziPJuwNiDKNKCZwphOHeSbix8VDiZrZ8yFOHHtWet9in8qyVVBtQJtM0e0FUgPCM950FDeu_Ela8oQcCMIyJlGH4MVt5P03yPR_OtlKi6zfJ4kNd-wBdCWrsJzUpifYdPosXkuoEen3Pdg1ylPfsAAC-YywfxAymCTQWx0DeWAnFiXsevZC--UfC6fE8zPMXBgVB2MNru2HV0sGFDpIyrsAv0DDvVRy9RQpFfCFNvcoyOyXzscLBjzzsqlANuiAnb62HHMO7WxQP21WLB5Z2R7dJ4uP5Wusx4vHIFXjb6zr08cfOeXe21MfP269rP_oZ1Co1Wxr-KBkjaSsYO2TRVoGVupcPjGFrhostf-8RunXCHFMLjg1Os9m1WuUJAOk3WpVMRuBmcFRFuG6ouzS7qyFgAc6FHoJkP91jVs-2oxX1_7QFplE67BH8wnxlq14Km-9Q8YazDZYJZlB4hBBrlU69VlGs-EunPdNUBeJs_RwSImwzSVb88z0bj3l4WZomkWLsm0vq23BjxrixBhxvlXgJA9K3yTC_kec2jBHB1CjmroTwFOwKu5PDv904jjcMbzKqPNuHp0Fh9rWVi_KstJCYWkIA5sr8FnSZx5MUEHQ_B-aQXLFgBr24a5SM50-gcGMkWg-Be_3oj6_y_oWpdJ3n2guTDo2AvhapXBpR5p_yynl1OocvkLaGmrsthV6aTkpA8YaipNsgI2bZqw20v1nirs1JqWeVBCMj-ln48PwCIVHfgdsAkt2_KyABsO7jiITI-trLrODB4NjXWvkfaZ&cid=CAASJeRopFPjGXGaxmSUn8Mwa_E8cRmVvGLHtGJ_yeVRrGM6g9_O6rA&rfl=1%2Chttps%253A%252F%252Fnationalpost.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:20:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
337
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 19 Sep 2022 18:20:39 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 4C6C 		0
622 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQAmrHVA5Rulj1VGipKvroChoTnoGTbTPmXhQgzgpHB5KzPcw2BvIFphLuNfPi1XVL7wnN7X1UCjeEm3O1ANShIzMrC16gPVKJPtKK8fX5EiVfK9IO3FNYDLvFiP_1hLYgp8BQoaTmeBjny6eVA4PW4buzB1PMSOQvGEugMm0eOi7heRQKLk53Kz5lKC3v6EDzo0QEd-M6VhjJQpZuS2Je9XXF8iN7VNbMwyoVKwL4Ub2l8YrW2RKFsvrgIxLpZQ6g-j4msFkaIXZQK-KBnyQhxcePJMKCzAVLNlgDB1yUVr0ZE7eUFMRYFK0Z_ZuuLodhaZloN0noPMqE8kfZ6KVoONKL0D4zXpD2W6HNLozMQiDWgvmz7pmBwXNRy2K5UTuJp3gPcgMH-ra_bZEdVu_YUDO1bGTHYUgnOxr2HO-fVg03oDiZUoYnOtmCEVn9687D_K0GPwHfYdf0vrAFNMKwbdwxMfsIZwVvYl_cBcKBE4bNz9Np3QiWtVwy6Ie2WnLJzm8Tax8nTLDUmGrkWL5ND7L2jJfC4BVOV4f1FxYOHQh4RDIy1AVaTwFCHr-HhP_STew0pDJueEYp7P8uKwI628G-spKMsWgkKRk0nmtZ0qt2nAfdaDr7JKFJ6eI1Lhoc5AtP4jo_VL7oDnCwJ37oIw6H7k4E3BK-cA8n4i0DU_GknTZ6zs-_FbJDnWqWRIerBjp-WIUXdSVDGS_zd4yIQ4-gDUZPW448GeTMKOvgMhHFPt_rw41wj9wNf0vpBcnRv2l8cWjp4LuIcWotS4syvSo3ud7y5gy5ayzXzwj7pgJM6f0SdzbRenxRYyJaceRARkrwcvEEpwy2HH12I5DiC8TP5XdAKm63pcmXeOz1C0dBH8_BJHdcH6zefOZii8xbYBwD7GUN2YlTdhKrsSj7n7L_fbBSM4mN06dQUdoxbTfaXkqiQe6s_26ynAhlpjpByaN5kHLEV0xTHY9d6P7vUP9J1q2khhX4WMO1aN7Nt7Sg6-CivPJRZbf4Jx2VhbaBzdK6WIZu7xIT_xRED_ptRYSgHi7K7Umb9uWNU-ztI54RZq9nR-5cVcNqf10Dp6wPbye91a54Q5VOvwZ_Sg-54E-l506SaKJ-yTkWkj5c0m5n_g69uwjMkWi6adaR7L279NoujD3eao1ZbKxe2eX9ECUlzctKclY8Lo0jUeAsNbOEGJey8OTwNY08jJ9mEs5csm2X-eiWv8bXSgiAhJ2IBiNv6NQ581VOV5F_hIV6DA&sai=AMfl-YS0_VmxW7x-kmD4k35jPf_xZctPZ7uA3mPpNss_xRmrG3BDy2sHbwuXoKmEbM21TaURXMuhfCXBfzvZ2JIAAc0iLmFBCNc7E7a6X0S49MRS4l9K6JPcmOC9WDUqoMYCCKkXuTfFQIerloTK5WMhokhd-qodw0mSC7rq4-NNjg7nGVIdVHIcMhlA4fy-dJ3YDTxWlzLtLD_jvKibGKykl9jk&sig=Cg0ArKJSzLxFJ3wDgHCZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220831.20874&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D-ZJiwxX6c3VFUEURKdGT4agNhH4It_zek8gfkP6jCvuX_Fhh_fDWYgPRpiktyiE2GP_gLmrI_lboGDswGb0ymeIfccw&cry=1&dbm_d=AKAmf-C_hKYbLw8JnYBDWGsUB7sxfxvf3S1U5ASNlnb2OKvfZJgTj7vJ6AvOrXg48XytOrzvzA2aIJhzq4SneZMF7-4o1MqLmwcyLBwR4T2cXHbCgKbL6uV4yWeDVv2eURGgmXbSIPk5XqNKhbgiv40yO3_UR4rjuBVlr46KK8gGF9D98ErgfXywRqPe6JrwaPJdy5Ocr3L1guQEJguaEIC86ZNqya_EpibWbI9-Cu2rITf_PU54tYA5MqO9i31-IEJhXuZxQefu31Ywz4CJUjDdvXvLpkpZupMm86lIo_wTy2lRpT3aUKLbdLz-chwtjjSWLCQb2AG60nt9CJ7bzsSNYSrfZ42BzjmCeZw5hizBDfeNTPxuC2c1iPEdcT1LcoeUC1ubGtAGH1CMmGvEDgFcXfjzciykxIPnDNdk_NiXplDguviecX5GTAfDgMcyKEiZlDAGr_wftNW3LvhzCSB5D_mdasjeiS0ybCdfi9mLm-NXFVio-BoAvkA50rUfYro5y3msGWgu5pjlkniPacPSUm3K8G-m7Uht0gKBg5BUDmzBTGH1UbCcmbV26bFQZiME4QSfqcQCA4FZwEk7IM-zSgdgY3NID3G-zaa4yfF6tfc5puT3PSsK86UzV0bxpEO9olB0gu8KTgO-_xcFB-Ux2Aw5IcZdgoqjqdBeN0WCs4PMnBWdD-6GDcrqnefzNVnzXQX8JNiJla0yphkvtiLjTuUXSGDZtQcVbgzVpOHKSziMbakza0Ut0dYnUBiwo1PEW7Hx_trTp9tdOOSXwG-FvAT7_roqKr2bMcIgy7RWs250oUvNP6HEjaU0dPRwstjLctZJKJWN966OrPEbG5KNwNyMf6TvhyCDm6Ox5SvTkKTiNwOKOkpzqRfbJmSKllKez3IKMhECp0Rewe3HFCPYhzBpmbKof9t9g9tMJC1PRk6VlszYZFtn_nRYQi1kp16OrEqjJvlwLrl_1pUq6pYBF-7PAgdkx-jEp91znRK8me0aPlJJPKmF0Khp5vHiSm8ZM3XzZR9yDEmST1GUcm1W5pavLNBYIxif5iK9_wwLETsuCLn9TwHYjBfiHrKBOFmFKRP8B1q6fwz8vFiIuXoAhyVWybhhHzg9EuEVwjmZHIhcJRmB4SMYBHxou53U0w0dOB2sZYvEPvfgZSq7Ck5cUCuCmm1I-WJNnvVGPmsMtu8BUtBT1STV7hwXjinGlJ-3lDgU8wNyCLsAAdwRzhsWj7CjXdp_NtloCgto6um_NMJuznAv3wD3HxVN1n_n7Y7DMwF6trnDf7GcBIlDIe33OhGCxpPyaDIWEJb6nIpjMk9-ZidOxxADYM-mm6JCZwfA0yeX8Qe5xx68lNLk6NzhWovBxBkcp-13g6J4pbS1ahtYKCaEiOF8C-mG85LBBREae2IItz_803nzARUg5THvbrkKPM7pSSSxT2jAslLferC0FnQBuFayAJCSBEhVnC7__cUfej2TRz-kFR0nOYHANfiPaCSMBER8Dw2jCUYIvSZWaUhiB9vrAsNsEtUJpxroYXKcE0VmjD4aE4GZGYrkHLbwBG-URql-IPddk9lZSzXFRZkNMkYZ32mpC9t-byQLM2dP-U1ew-pWuAguttvdvmHl-lv-B72uSvxgup-dEsxq43V8JgmXRIjF6y1A5g3OSZKDTW_KKRqYuBgxG_PFMMDlT47hTLoY5MGPChz_E9CCInIdR_IqfIooKd54kd-OwPuPxslOecD_0mGRlvVII5VDpYnXWR53iCTykjpOX68Dk97euwFk98FgUAhpiui769nY7k8aTHA2Bjiwo6t98t5d6MH2c3oiESZqKzZcjMs7ep9yxq3PZkSk7TaDB1NuYf4cJAomy3iDzcu28H9bmvKmGLDXSm6D2eRn4JlhDOP5TtTKOITMtueoXFx6vGRmHOXSGFC7Tv8WbANSSYJxcX3CwV0m53jqxb_HjBz6LctW57QxGBkwr4sYDiGYpU41IqoQML48zFCfZQ8XQocTYj6iszdhRbsDjPV1d6B46pWYiIZhr9bomnzSd16KMK5PBv18rn61cC4k8yP3jjj8YAsBg0CRTLPVm-4xSgKiP8Np8U4lW_J1AY7n4Kc0qNx-wlIUWrtcFsEKdbG_R2N6YDFEoaRuwWODy-PWX6ma7ziKmwSZ3gIUKbV4kudbT601dp9o5Voljc82SC-WBn9kg0RMURc2Gmgc7P3wiYOjVn2MP75PLwNxoCEDMGLXuzTDmBvCFx-YOZ77WJdK4cYIM3JFNqsYKNxPCyj9Ei-fxPl-BvfdkN_Yu4Y3jk4bjkyX3Nj3fIAzd_QDJlB6ZxsXzi2313efsHeEDjX9Gv5j9cOq60c4VeKkQttpVruJnKXWwW5T0y85XHeQp3GdPrAXIHAKCcsCvSeC0QcuiQDmHwg6-i4MiOfNITgQ_WuZ0vHua10ZcJD6Nms2aU7gKBmiivb-WOa1txd7P4krelhP_iZz3mq7atawNG47fANWq4LOJVOmqT-5CGcST6qbF6N_0F13op310M4TYKPAZa1OmhXbJeYi1xziPJuwNiDKNKCZwphOHeSbix8VDiZrZ8yFOHHtWet9in8qyVVBtQJtM0e0FUgPCM950FDeu_Ela8oQcCMIyJlGH4MVt5P03yPR_OtlKi6zfJ4kNd-wBdCWrsJzUpifYdPosXkuoEen3Pdg1ylPfsAAC-YywfxAymCTQWx0DeWAnFiXsevZC--UfC6fE8zPMXBgVB2MNru2HV0sGFDpIyrsAv0DDvVRy9RQpFfCFNvcoyOyXzscLBjzzsqlANuiAnb62HHMO7WxQP21WLB5Z2R7dJ4uP5Wusx4vHIFXjb6zr08cfOeXe21MfP269rP_oZ1Co1Wxr-KBkjaSsYO2TRVoGVupcPjGFrhostf-8RunXCHFMLjg1Os9m1WuUJAOk3WpVMRuBmcFRFuG6ouzS7qyFgAc6FHoJkP91jVs-2oxX1_7QFplE67BH8wnxlq14Km-9Q8YazDZYJZlB4hBBrlU69VlGs-EunPdNUBeJs_RwSImwzSVb88z0bj3l4WZomkWLsm0vq23BjxrixBhxvlXgJA9K3yTC_kec2jBHB1CjmroTwFOwKu5PDv904jjcMbzKqPNuHp0Fh9rWVi_KstJCYWkIA5sr8FnSZx5MUEHQ_B-aQXLFgBr24a5SM50-gcGMkWg-Be_3oj6_y_oWpdJ3n2guTDo2AvhapXBpR5p_yynl1OocvkLaGmrsthV6aTkpA8YaipNsgI2bZqw20v1nirs1JqWeVBCMj-ln48PwCIVHfgdsAkt2_KyABsO7jiITI-trLrODB4NjXWvkfaZ&cid=CAASJeRopFPjGXGaxmSUn8Mwa_E8cRmVvGLHtGJ_yeVRrGM6g9_O6rA&rfl=1%2Chttps%253A%252F%252Fnationalpost.com%252F%240
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.64.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date
Mon, 05 Sep 2022 18:26:16 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 4C6C 		41 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D-ZJiwxX6c3VFUEURKdGT4agNhH4It_zek8gfkP6jCvuX_Fhh_fDWYgPRpiktyiE2GP_gLmrI_lboGDswGb0ymeIfccw&cry=1&dbm_d=AKAmf-C_hKYbLw8JnYBDWGsUB7sxfxvf3S1U5ASNlnb2OKvfZJgTj7vJ6AvOrXg48XytOrzvzA2aIJhzq4SneZMF7-4o1MqLmwcyLBwR4T2cXHbCgKbL6uV4yWeDVv2eURGgmXbSIPk5XqNKhbgiv40yO3_UR4rjuBVlr46KK8gGF9D98ErgfXywRqPe6JrwaPJdy5Ocr3L1guQEJguaEIC86ZNqya_EpibWbI9-Cu2rITf_PU54tYA5MqO9i31-IEJhXuZxQefu31Ywz4CJUjDdvXvLpkpZupMm86lIo_wTy2lRpT3aUKLbdLz-chwtjjSWLCQb2AG60nt9CJ7bzsSNYSrfZ42BzjmCeZw5hizBDfeNTPxuC2c1iPEdcT1LcoeUC1ubGtAGH1CMmGvEDgFcXfjzciykxIPnDNdk_NiXplDguviecX5GTAfDgMcyKEiZlDAGr_wftNW3LvhzCSB5D_mdasjeiS0ybCdfi9mLm-NXFVio-BoAvkA50rUfYro5y3msGWgu5pjlkniPacPSUm3K8G-m7Uht0gKBg5BUDmzBTGH1UbCcmbV26bFQZiME4QSfqcQCA4FZwEk7IM-zSgdgY3NID3G-zaa4yfF6tfc5puT3PSsK86UzV0bxpEO9olB0gu8KTgO-_xcFB-Ux2Aw5IcZdgoqjqdBeN0WCs4PMnBWdD-6GDcrqnefzNVnzXQX8JNiJla0yphkvtiLjTuUXSGDZtQcVbgzVpOHKSziMbakza0Ut0dYnUBiwo1PEW7Hx_trTp9tdOOSXwG-FvAT7_roqKr2bMcIgy7RWs250oUvNP6HEjaU0dPRwstjLctZJKJWN966OrPEbG5KNwNyMf6TvhyCDm6Ox5SvTkKTiNwOKOkpzqRfbJmSKllKez3IKMhECp0Rewe3HFCPYhzBpmbKof9t9g9tMJC1PRk6VlszYZFtn_nRYQi1kp16OrEqjJvlwLrl_1pUq6pYBF-7PAgdkx-jEp91znRK8me0aPlJJPKmF0Khp5vHiSm8ZM3XzZR9yDEmST1GUcm1W5pavLNBYIxif5iK9_wwLETsuCLn9TwHYjBfiHrKBOFmFKRP8B1q6fwz8vFiIuXoAhyVWybhhHzg9EuEVwjmZHIhcJRmB4SMYBHxou53U0w0dOB2sZYvEPvfgZSq7Ck5cUCuCmm1I-WJNnvVGPmsMtu8BUtBT1STV7hwXjinGlJ-3lDgU8wNyCLsAAdwRzhsWj7CjXdp_NtloCgto6um_NMJuznAv3wD3HxVN1n_n7Y7DMwF6trnDf7GcBIlDIe33OhGCxpPyaDIWEJb6nIpjMk9-ZidOxxADYM-mm6JCZwfA0yeX8Qe5xx68lNLk6NzhWovBxBkcp-13g6J4pbS1ahtYKCaEiOF8C-mG85LBBREae2IItz_803nzARUg5THvbrkKPM7pSSSxT2jAslLferC0FnQBuFayAJCSBEhVnC7__cUfej2TRz-kFR0nOYHANfiPaCSMBER8Dw2jCUYIvSZWaUhiB9vrAsNsEtUJpxroYXKcE0VmjD4aE4GZGYrkHLbwBG-URql-IPddk9lZSzXFRZkNMkYZ32mpC9t-byQLM2dP-U1ew-pWuAguttvdvmHl-lv-B72uSvxgup-dEsxq43V8JgmXRIjF6y1A5g3OSZKDTW_KKRqYuBgxG_PFMMDlT47hTLoY5MGPChz_E9CCInIdR_IqfIooKd54kd-OwPuPxslOecD_0mGRlvVII5VDpYnXWR53iCTykjpOX68Dk97euwFk98FgUAhpiui769nY7k8aTHA2Bjiwo6t98t5d6MH2c3oiESZqKzZcjMs7ep9yxq3PZkSk7TaDB1NuYf4cJAomy3iDzcu28H9bmvKmGLDXSm6D2eRn4JlhDOP5TtTKOITMtueoXFx6vGRmHOXSGFC7Tv8WbANSSYJxcX3CwV0m53jqxb_HjBz6LctW57QxGBkwr4sYDiGYpU41IqoQML48zFCfZQ8XQocTYj6iszdhRbsDjPV1d6B46pWYiIZhr9bomnzSd16KMK5PBv18rn61cC4k8yP3jjj8YAsBg0CRTLPVm-4xSgKiP8Np8U4lW_J1AY7n4Kc0qNx-wlIUWrtcFsEKdbG_R2N6YDFEoaRuwWODy-PWX6ma7ziKmwSZ3gIUKbV4kudbT601dp9o5Voljc82SC-WBn9kg0RMURc2Gmgc7P3wiYOjVn2MP75PLwNxoCEDMGLXuzTDmBvCFx-YOZ77WJdK4cYIM3JFNqsYKNxPCyj9Ei-fxPl-BvfdkN_Yu4Y3jk4bjkyX3Nj3fIAzd_QDJlB6ZxsXzi2313efsHeEDjX9Gv5j9cOq60c4VeKkQttpVruJnKXWwW5T0y85XHeQp3GdPrAXIHAKCcsCvSeC0QcuiQDmHwg6-i4MiOfNITgQ_WuZ0vHua10ZcJD6Nms2aU7gKBmiivb-WOa1txd7P4krelhP_iZz3mq7atawNG47fANWq4LOJVOmqT-5CGcST6qbF6N_0F13op310M4TYKPAZa1OmhXbJeYi1xziPJuwNiDKNKCZwphOHeSbix8VDiZrZ8yFOHHtWet9in8qyVVBtQJtM0e0FUgPCM950FDeu_Ela8oQcCMIyJlGH4MVt5P03yPR_OtlKi6zfJ4kNd-wBdCWrsJzUpifYdPosXkuoEen3Pdg1ylPfsAAC-YywfxAymCTQWx0DeWAnFiXsevZC--UfC6fE8zPMXBgVB2MNru2HV0sGFDpIyrsAv0DDvVRy9RQpFfCFNvcoyOyXzscLBjzzsqlANuiAnb62HHMO7WxQP21WLB5Z2R7dJ4uP5Wusx4vHIFXjb6zr08cfOeXe21MfP269rP_oZ1Co1Wxr-KBkjaSsYO2TRVoGVupcPjGFrhostf-8RunXCHFMLjg1Os9m1WuUJAOk3WpVMRuBmcFRFuG6ouzS7qyFgAc6FHoJkP91jVs-2oxX1_7QFplE67BH8wnxlq14Km-9Q8YazDZYJZlB4hBBrlU69VlGs-EunPdNUBeJs_RwSImwzSVb88z0bj3l4WZomkWLsm0vq23BjxrixBhxvlXgJA9K3yTC_kec2jBHB1CjmroTwFOwKu5PDv904jjcMbzKqPNuHp0Fh9rWVi_KstJCYWkIA5sr8FnSZx5MUEHQ_B-aQXLFgBr24a5SM50-gcGMkWg-Be_3oj6_y_oWpdJ3n2guTDo2AvhapXBpR5p_yynl1OocvkLaGmrsthV6aTkpA8YaipNsgI2bZqw20v1nirs1JqWeVBCMj-ln48PwCIVHfgdsAkt2_KyABsO7jiITI-trLrODB4NjXWvkfaZ&cid=CAASJeRopFPjGXGaxmSUn8Mwa_E8cRmVvGLHtGJ_yeVRrGM6g9_O6rA&rfl=1%2Chttps%253A%252F%252Fnationalpost.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Sat, 03 Sep 2022 16:19:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
180424
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 03 Sep 2023 16:19:12 GMT
15584090471822449157
s0.2mdn.net/simgad/ Frame 4C6C 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/simgad/15584090471822449157
Requested by
Host: 8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
URL: https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59816d7d3bb39f8ff81c61236994c9c2f39d1b56c3481c58ce77041242dcdc77
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Fri, 02 Sep 2022 09:55:58 GMT
x-content-type-options
nosniff
age
289818
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49259
x-xss-protection
0
last-modified
Wed, 03 Aug 2022 20:04:26 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 02 Sep 2023 09:55:58 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 70D3 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F3081%2Farn-distro&description_url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&env=vp&correlator=3257810768402044&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=320x240&cust_params=nk%3Ddistro%26pr%3Dnp%26ck%3Dnews%26loc%3Dtop%26page%3Dstory%26sck%3Dpolitics%26aid%3D3952896c-cca3-412d-bae7-2ca9bd7cdd13%2C79808677%26ppid%3D00000000ppidp2559400497429026896%26permutive%3D96400%2C105538%2C105541%2C105543%2C105693%2C106663%2C110592%2C111761%2C111793&us_privacy&gdpr=0&gdpr_consent&unviewed_position_start=1&vpa=auto&vpmute=1&sdkv=h.3.528.0&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=3304843381&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.528.0&media_url=https%3A%2F%2Fc5x8i7c7.ssl.hwcdn.net%2Fvplayer-parallel%2F20211217_0009%2Fima_html5%2Fminimal.mp4&sid=459F4849-64B3-4E8B-A6A7-32D6300B2EA6&nel=0&eid=44725355%2C44731964%2C44750822%2C44754420%2C44760950%2C44765701&ref=https%3A%2F%2Fnationalpost.com%2F&url=https%3A%2F%2Fnationalpost.com%2F&dlt=1662402375243&idt=770&dt=1662402376122&scor=4444503378943929&ged=ve4_td1_tt0_pd1_la1000_er0.0.154.300_vi0.0.317.564_vp100_eb24427
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
8e7b1ea43c38e710e203681c158fc706a16773927a62bfc4a45e525bb366f2bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:16 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1035
x-xss-protection
0
google-lineitem-id
0
pragma
no-cache
server
cafe
google-creative-id
0
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 4C6C 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93481c95be23e8d522247e1617c9051b4b7c2d0e9ddfa89603a9a0199cdc4686

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 104C 		22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
180423
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 03 Sep 2022 16:19:13 GMT
expires
Sun, 03 Sep 2023 16:19:13 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 4C6C 		0
26 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstQAmrHVA5Rulj1VGipKvroChoTnoGTbTPmXhQgzgpHB5KzPcw2BvIFphLuNfPi1XVL7wnN7X1UCjeEm3O1ANShIzMrC16gPVKJPtKK8fX5EiVfK9IO3FNYDLvFiP_1hLYgp8BQoaTmeBjny6eVA4PW4buzB1PMSOQvGEugMm0eOi7heRQKLk53Kz5lKC3v6EDzo0QEd-M6VhjJQpZuS2Je9XXF8iN7VNbMwyoVKwL4Ub2l8YrW2RKFsvrgIxLpZQ6g-j4msFkaIXZQK-KBnyQhxcePJMKCzAVLNlgDB1yUVr0ZE7eUFMRYFK0Z_ZuuLodhaZloN0noPMqE8kfZ6KVoONKL0D4zXpD2W6HNLozMQiDWgvmz7pmBwXNRy2K5UTuJp3gPcgMH-ra_bZEdVu_YUDO1bGTHYUgnOxr2HO-fVg03oDiZUoYnOtmCEVn9687D_K0GPwHfYdf0vrAFNMKwbdwxMfsIZwVvYl_cBcKBE4bNz9Np3QiWtVwy6Ie2WnLJzm8Tax8nTLDUmGrkWL5ND7L2jJfC4BVOV4f1FxYOHQh4RDIy1AVaTwFCHr-HhP_STew0pDJueEYp7P8uKwI628G-spKMsWgkKRk0nmtZ0qt2nAfdaDr7JKFJ6eI1Lhoc5AtP4jo_VL7oDnCwJ37oIw6H7k4E3BK-cA8n4i0DU_GknTZ6zs-_FbJDnWqWRIerBjp-WIUXdSVDGS_zd4yIQ4-gDUZPW448GeTMKOvgMhHFPt_rw41wj9wNf0vpBcnRv2l8cWjp4LuIcWotS4syvSo3ud7y5gy5ayzXzwj7pgJM6f0SdzbRenxRYyJaceRARkrwcvEEpwy2HH12I5DiC8TP5XdAKm63pcmXeOz1C0dBH8_BJHdcH6zefOZii8xbYBwD7GUN2YlTdhKrsSj7n7L_fbBSM4mN06dQUdoxbTfaXkqiQe6s_26ynAhlpjpByaN5kHLEV0xTHY9d6P7vUP9J1q2khhX4WMO1aN7Nt7Sg6-CivPJRZbf4Jx2VhbaBzdK6WIZu7xIT_xRED_ptRYSgHi7K7Umb9uWNU-ztI54RZq9nR-5cVcNqf10Dp6wPbye91a54Q5VOvwZ_Sg-54E-l506SaKJ-yTkWkj5c0m5n_g69uwjMkWi6adaR7L279NoujD3eao1ZbKxe2eX9ECUlzctKclY8Lo0jUeAsNbOEGJey8OTwNY08jJ9mEs5csm2X-eiWv8bXSgiAhJ2IBiNv6NQ581VOV5F_hIV6DA&sai=AMfl-YS0_VmxW7x-kmD4k35jPf_xZctPZ7uA3mPpNss_xRmrG3BDy2sHbwuXoKmEbM21TaURXMuhfCXBfzvZ2JIAAc0iLmFBCNc7E7a6X0S49MRS4l9K6JPcmOC9WDUqoMYCCKkXuTfFQIerloTK5WMhokhd-qodw0mSC7rq4-NNjg7nGVIdVHIcMhlA4fy-dJ3YDTxWlzLtLD_jvKibGKykl9jk&sig=Cg0ArKJSzLxFJ3wDgHCZEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=143&vt=11&dtpt=142&dett=2&cstd=0&cisv=r20220831.20874&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D-ZJiwxX6c3VFUEURKdGT4agNhH4It_zek8gfkP6jCvuX_Fhh_fDWYgPRpiktyiE2GP_gLmrI_lboGDswGb0ymeIfccw&cry=1&dbm_d=AKAmf-C_hKYbLw8JnYBDWGsUB7sxfxvf3S1U5ASNlnb2OKvfZJgTj7vJ6AvOrXg48XytOrzvzA2aIJhzq4SneZMF7-4o1MqLmwcyLBwR4T2cXHbCgKbL6uV4yWeDVv2eURGgmXbSIPk5XqNKhbgiv40yO3_UR4rjuBVlr46KK8gGF9D98ErgfXywRqPe6JrwaPJdy5Ocr3L1guQEJguaEIC86ZNqya_EpibWbI9-Cu2rITf_PU54tYA5MqO9i31-IEJhXuZxQefu31Ywz4CJUjDdvXvLpkpZupMm86lIo_wTy2lRpT3aUKLbdLz-chwtjjSWLCQb2AG60nt9CJ7bzsSNYSrfZ42BzjmCeZw5hizBDfeNTPxuC2c1iPEdcT1LcoeUC1ubGtAGH1CMmGvEDgFcXfjzciykxIPnDNdk_NiXplDguviecX5GTAfDgMcyKEiZlDAGr_wftNW3LvhzCSB5D_mdasjeiS0ybCdfi9mLm-NXFVio-BoAvkA50rUfYro5y3msGWgu5pjlkniPacPSUm3K8G-m7Uht0gKBg5BUDmzBTGH1UbCcmbV26bFQZiME4QSfqcQCA4FZwEk7IM-zSgdgY3NID3G-zaa4yfF6tfc5puT3PSsK86UzV0bxpEO9olB0gu8KTgO-_xcFB-Ux2Aw5IcZdgoqjqdBeN0WCs4PMnBWdD-6GDcrqnefzNVnzXQX8JNiJla0yphkvtiLjTuUXSGDZtQcVbgzVpOHKSziMbakza0Ut0dYnUBiwo1PEW7Hx_trTp9tdOOSXwG-FvAT7_roqKr2bMcIgy7RWs250oUvNP6HEjaU0dPRwstjLctZJKJWN966OrPEbG5KNwNyMf6TvhyCDm6Ox5SvTkKTiNwOKOkpzqRfbJmSKllKez3IKMhECp0Rewe3HFCPYhzBpmbKof9t9g9tMJC1PRk6VlszYZFtn_nRYQi1kp16OrEqjJvlwLrl_1pUq6pYBF-7PAgdkx-jEp91znRK8me0aPlJJPKmF0Khp5vHiSm8ZM3XzZR9yDEmST1GUcm1W5pavLNBYIxif5iK9_wwLETsuCLn9TwHYjBfiHrKBOFmFKRP8B1q6fwz8vFiIuXoAhyVWybhhHzg9EuEVwjmZHIhcJRmB4SMYBHxou53U0w0dOB2sZYvEPvfgZSq7Ck5cUCuCmm1I-WJNnvVGPmsMtu8BUtBT1STV7hwXjinGlJ-3lDgU8wNyCLsAAdwRzhsWj7CjXdp_NtloCgto6um_NMJuznAv3wD3HxVN1n_n7Y7DMwF6trnDf7GcBIlDIe33OhGCxpPyaDIWEJb6nIpjMk9-ZidOxxADYM-mm6JCZwfA0yeX8Qe5xx68lNLk6NzhWovBxBkcp-13g6J4pbS1ahtYKCaEiOF8C-mG85LBBREae2IItz_803nzARUg5THvbrkKPM7pSSSxT2jAslLferC0FnQBuFayAJCSBEhVnC7__cUfej2TRz-kFR0nOYHANfiPaCSMBER8Dw2jCUYIvSZWaUhiB9vrAsNsEtUJpxroYXKcE0VmjD4aE4GZGYrkHLbwBG-URql-IPddk9lZSzXFRZkNMkYZ32mpC9t-byQLM2dP-U1ew-pWuAguttvdvmHl-lv-B72uSvxgup-dEsxq43V8JgmXRIjF6y1A5g3OSZKDTW_KKRqYuBgxG_PFMMDlT47hTLoY5MGPChz_E9CCInIdR_IqfIooKd54kd-OwPuPxslOecD_0mGRlvVII5VDpYnXWR53iCTykjpOX68Dk97euwFk98FgUAhpiui769nY7k8aTHA2Bjiwo6t98t5d6MH2c3oiESZqKzZcjMs7ep9yxq3PZkSk7TaDB1NuYf4cJAomy3iDzcu28H9bmvKmGLDXSm6D2eRn4JlhDOP5TtTKOITMtueoXFx6vGRmHOXSGFC7Tv8WbANSSYJxcX3CwV0m53jqxb_HjBz6LctW57QxGBkwr4sYDiGYpU41IqoQML48zFCfZQ8XQocTYj6iszdhRbsDjPV1d6B46pWYiIZhr9bomnzSd16KMK5PBv18rn61cC4k8yP3jjj8YAsBg0CRTLPVm-4xSgKiP8Np8U4lW_J1AY7n4Kc0qNx-wlIUWrtcFsEKdbG_R2N6YDFEoaRuwWODy-PWX6ma7ziKmwSZ3gIUKbV4kudbT601dp9o5Voljc82SC-WBn9kg0RMURc2Gmgc7P3wiYOjVn2MP75PLwNxoCEDMGLXuzTDmBvCFx-YOZ77WJdK4cYIM3JFNqsYKNxPCyj9Ei-fxPl-BvfdkN_Yu4Y3jk4bjkyX3Nj3fIAzd_QDJlB6ZxsXzi2313efsHeEDjX9Gv5j9cOq60c4VeKkQttpVruJnKXWwW5T0y85XHeQp3GdPrAXIHAKCcsCvSeC0QcuiQDmHwg6-i4MiOfNITgQ_WuZ0vHua10ZcJD6Nms2aU7gKBmiivb-WOa1txd7P4krelhP_iZz3mq7atawNG47fANWq4LOJVOmqT-5CGcST6qbF6N_0F13op310M4TYKPAZa1OmhXbJeYi1xziPJuwNiDKNKCZwphOHeSbix8VDiZrZ8yFOHHtWet9in8qyVVBtQJtM0e0FUgPCM950FDeu_Ela8oQcCMIyJlGH4MVt5P03yPR_OtlKi6zfJ4kNd-wBdCWrsJzUpifYdPosXkuoEen3Pdg1ylPfsAAC-YywfxAymCTQWx0DeWAnFiXsevZC--UfC6fE8zPMXBgVB2MNru2HV0sGFDpIyrsAv0DDvVRy9RQpFfCFNvcoyOyXzscLBjzzsqlANuiAnb62HHMO7WxQP21WLB5Z2R7dJ4uP5Wusx4vHIFXjb6zr08cfOeXe21MfP269rP_oZ1Co1Wxr-KBkjaSsYO2TRVoGVupcPjGFrhostf-8RunXCHFMLjg1Os9m1WuUJAOk3WpVMRuBmcFRFuG6ouzS7qyFgAc6FHoJkP91jVs-2oxX1_7QFplE67BH8wnxlq14Km-9Q8YazDZYJZlB4hBBrlU69VlGs-EunPdNUBeJs_RwSImwzSVb88z0bj3l4WZomkWLsm0vq23BjxrixBhxvlXgJA9K3yTC_kec2jBHB1CjmroTwFOwKu5PDv904jjcMbzKqPNuHp0Fh9rWVi_KstJCYWkIA5sr8FnSZx5MUEHQ_B-aQXLFgBr24a5SM50-gcGMkWg-Be_3oj6_y_oWpdJ3n2guTDo2AvhapXBpR5p_yynl1OocvkLaGmrsthV6aTkpA8YaipNsgI2bZqw20v1nirs1JqWeVBCMj-ln48PwCIVHfgdsAkt2_KyABsO7jiITI-trLrODB4NjXWvkfaZ&cid=CAASJeRopFPjGXGaxmSUn8Mwa_E8cRmVvGLHtGJ_yeVRrGM6g9_O6rA&rfl=1%2Chttps%253A%252F%252Fnationalpost.com%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.64.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:16 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
generate_204
tpc.googlesyndication.com/ Frame 9787 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?e1y2Dw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80b::2001 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:16 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
SPug
simage4.pubmatic.com/AdServer/ Frame 6B7C 		0
260 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=158984&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=158984&userIdMacro=PM_UID&predirect=https%3A%2F%2Fc.aaxads.com%2Faacxc.php%3Ffv%3D1%26yvlg%3D3054039731454855000V10%26wbsh%3Dpba%26uhiXuo%3D%26ylg%3D24023738973054039731454855000V10%26ryvlg%3DPM_UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:25:54 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
JRDtgcUl_7OUjJ4QO8bVbwNuRTRqDUxuSBYCwiPHS6U.js
pagead2.googlesyndication.com/bg/ Frame 104C 		36 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/JRDtgcUl_7OUjJ4QO8bVbwNuRTRqDUxuSBYCwiPHS6U.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2510ed81c525ffb3948c9e103bc6d56f036e45346a0d4c6e481602c223c74ba5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Sat, 03 Sep 2022 16:25:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
180066
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15893
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 10:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 03 Sep 2023 16:25:10 GMT
ads
pubads.g.doubleclick.net/gampad/ Frame 70D3 		156 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?slotname=%2F3081%2Farn-distro&sz=320x240&cust_params=nk%3Ddistro%26pr%3Dnp%26ck%3Dnews%26loc%3Dtop%26page%3Dstory%26sck%3Dpolitics%26aid%3D3952896c-cca3-412d-bae7-2ca9bd7cdd13%2C79808677%26ppid%3D00000000ppidp2559400497429026896%26permutive%3D96400%2C105538%2C105541%2C105543%2C105693%2C106663%2C110592%2C111761%2C111793&url=https%3A%2F%2Fnationalpost.com%2F&unviewed_position_start=1&env=vp&gdfp_req=1&ad_rule=0&output=xml_vast4&video_url_to_fetch=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&useragent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F105.0.5195.102%20Safari%2F537.36%2Cgzip(gfe)&vad_type=linear&vpos=preroll&pod=1&vrid=181&min_ad_duration=0&max_ad_duration=700000&ppos=1&lip=true&sid=459F4849-64B3-4E8B-A6A7-32D6300B2EA6&adk=3304843381&correlator=3257810768402044&dlt=1662402375243&dt=1662402376292&gdpr=0&gdpr_consent&ged=ve4_td1_tt0_pd1_la1000_er0.0.317.564_vi0.0.317.564_vp100_ts0_eb24427&idt=770&is_amp=0&npa=false&omid_p=Google1%2Fh.3.528.0&osd=2&ptt=20&ref=https%3A%2F%2Fnationalpost.com%2F&scor=4444503378943929&sdk_apis=2%2C7%2C8&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&us_privacy&vis=1&u_so=l&eid=44725355%2C44731964%2C44750822%2C44754420%2C44760950%2C44765701&hl=en&frm=2&media_url=https%3A%2F%2Fc5x8i7c7.ssl.hwcdn.net%2Fvplayer-parallel%2F20211217_0009%2Fima_html5%2Fminimal.mp4&sdki=44d&sdkv=h.3.528.0&sdr=1&vpa=auto&vpmute=1&nel=0&afvsz=450x50%2C468x60%2C480x70&kfa=0&tfcd=0&ctv=0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:16 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 104C 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bui9ERz8WY7-XOvagowaC5YSQDgAAAAA4AeAEAg&bg=!HB-lH1vNAAZTikH4c4o7ACkAdvg8WvDXAmeHJkgMYj6mZDon_FmJa3TP2v8_1962Jp5V-J4qSrKEXwIAAABVUgAAAAFoAQeZAuzrx7Vb8l44Wwhaj_Q5viAmAQxBwBKuXD4CFDFvLEz1lOUPecYMKaYEUKn31zCCezi7x7hyoPdTTFX-VoZC9gz2fP3X1TeZBk0GGmn_F4B4fm5JYgaukd__FI1g8Wb0swQU2N2XV5bH1MbS_-3O4GJzwPwE30Wk_II962qiOFsQvnUAUhFK5x75MhD8PMEQpQ22Do6RnJ2zcQaluOL45h5AOtuqLOu3SdurpfCFVvLOg79-nok3eAH03bVExFCprb4o3FhBCqE2P9cZKEzQeUca-80wLqX1-2UtgmrMUlEsqW8OAm7GvkFyU2dp6TVTn1UUvDl7SzxmfytPwT-TyYmoHmMOT0h-edA-XDr0AwHvL-xkyXbPKBuzdJXHzlkVyT1jNw-3KRR4ImmPWIzrBvPKHO36Rq3SNCVeWgPwuX9uJnGHWx_H9u7dl6_Kkl1wm2eO10IRy9qDtXRS6DqJYlplGBzaABlqDCvO2mB-TL4zMkEs5I1kh4hJku88W9i2DhkBDmNtXilWBFEOVQRo4aVY-qk106NxneKzNcIL58HoFr0sBTQ1u2vzw1xD_UBAwjMrtXEzW2dTGgXkvLAncibr4HQ7HWVEcppw4cx_MAJPukFwiqePu7Pcuo2g9EK963AFyx8XGNLpT596eILyN9gI1LrcN3JamzgPRs0rynwvgrjzwDPOudoKopeTBMQ_8JwDjk-wOwQoGs-SN5iEcFrQUcR9ZStRdKnavrgbek_J3DFo3beSrdSpPGpm6ywxy_A-u0fu8ZoQI1SBHprpMVfD9nwg8nZtO13o1ArIZ6L4Pkuu7igmoortsNSjIxZtqCttZG-iVGVqlRB-pXbJSCMovoRKeIqeFrxC5t4Gzylb4s9NJPk5VHzyO-xLBf6iLRi-4ZUzSwv0NNM36CNvIXaqdSEfqg4-UU_IzyH92JmSL4paQEARo7ygXcRVfGpfFi9YYHcn83osTIGs8LakYpDF1dEighPG2gKDIdG9
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.html
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/ Frame CFE6 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
9d84e609f83ce654233e71c1a1ea7321f73479b0126d2cbbf216e18add331d23

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=63477
content-encoding
gzip
content-length
7033
content-type
text/html
date
Mon, 05 Sep 2022 18:26:16 GMT
etag
"1639728651"
last-modified
Fri, 17 Dec 2021 08:10:51 GMT
x-hw
1662402376.dop074.dc2.t,1662402376.cds101.dc2.hn,1662402376.cds173.dc2.c
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame CFE6 		376 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:16 GMT
minimal.mp4
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/ Frame CFE6 		843 B
964 B 		Media
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/minimal.mp4
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6

Request headers

Referer
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 05 Sep 2022 18:26:16 GMT
last-modified
Fri, 17 Dec 2021 08:10:51 GMT
etag
"1639728651"
x-hw
1662402376.dop074.dc2.t,1662402376.cds101.dc2.hn,1662402376.cds060.dc2.c
content-type
video/mp4
Content-Range
bytes 0-842/843
cache-control
max-age=55948
accept-ranges
bytes
Content-Length
843
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022083001&jk=3327620227062007&bg=!-Pul-7_NAAZTikH4c4o7ACkAdvg8Wt24_WKK-NZ-sTnX6HINMe6GPQyK9UCmRfhPgpX0zRE7RlXWOwIAAAE1UgAAAAJoAQeZAp6--njYGCRsmRXDr6u895j35zBYqSw85wnh2uyNv7FBOKO-BrtadBrEs3eAQ_xCR6NIAoGLjW6_j-fOUDdgEWEoK6ffvCYRKkqy_1sN9FpnnYXv-8gm6CPy-V50jjLOniK7KBzlCG5VP3c_GrwEotEPl9a_hyNYAVTL-5UP7wrYdbmM8GD9T2oAZ-ngNEedl5fAYGVjc6AryycNtCNR-DJyyRKiuczIm4znzhN7aKWKfRrl4zsbF4UjrlthUAdij4EInrlWXkjHzN-DpeDpgRasXG1D3Al_11eaHNt95yQC3x2xSUDMYaUQ3zi6JTqdFwuEjTW8HPY6zoVupGi5hDQbAArSvVuhO9FKnhTXNTonqVZu8VTeOVyjxxGRL-SesUbenY_p7YiCawk6i3N5aJC6t_PDiv1cAN1hIYBm8kYncy7lzgwsJLx5PJlo4quljxiYbLczXsBohvFIDGSqRsbaIOD9cwZNSI9DnyVNMS88lMUVUWRt0nIx4slJYfamK8tUtuFmXhEK8TPJh5UJ9suKvvisyplTXw3PWwQuR1rqMwMrb80m4DBX-kqaHL7iIg6JrcIk_35FIdXir2VgnlquiYEVSeZkHTvNiO1-tLrbyLfTf3CBXcL8uDaGGl9LzxY-jMnWD5x1sHPVQhgb1ocoeDFUgqMFHCrJt3_Ap4Rm-kPPJTuPPrA92gSAmiiphIeeks26l6AS3sqrYYyx8ynyEwBtySawrtMl1DIe0OjeTdKaiX8agKtw55pezxlYpcDGmv_VHz0soKmbdRkF3zdVU_72Tr1ZFjxqaOf3mcH7rygK5S2ziSS-7TSCFER_lZPc3BKXJ_E1u4z2Ua4hcbxpoQaZ1XT2Wz7i_9llYYgmImXGQBCAE_qoz0TORdHm
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers
bridge3.528.0_en.html
imasdk.googleapis.com/js/core/ Frame 3353 		637 KB
206 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c5x8i7c7.ssl.hwcdn.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95461
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210604
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:55:15 GMT
expires
Mon, 04 Sep 2023 15:55:15 GMT
last-modified
Mon, 29 Aug 2022 20:41:35 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame CFE6 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 18:26:16 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=rmin&k=ZQl3YQlhCTI3ODkJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCTE2N2EwZTZiLTNlNDItN2U0Zi00Y2I5LTg4NDdjMWVjOGE0ZgljcAlnMgl2dgkyMDIxMTIxN18wMDA5OmltYV9odG1sNTozLjUyOC4wCXd0CTUzOAlhZFRhZwkvL3B1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldC9nYW1wYWQvYWRzP2l1PS8yMTg3NDE1NTEzMywzMDgxLzIyNTA3XzQ5NTMwMzY3MDkmZGVzY3JpcHRpb25fdXJsPWh0dHBzJTNBJTJGJTJGbmF0aW9uYWxwb3N0LmNvbSUyRm5ld3MlMkZwb2xpdGljcyUyRm5lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwJnRmY2Q9MCZucGE9MCZzej02NDB4NDgwJTdDMTI4MHg3MjAlN0MxOTIweDEwODAlN0M0MDB4MzAwJmN1c3RfcGFyYW1zPWRzbWNtJTNEMSUyNmRzZCUzRG5hdGlvbmFscG9zdC5jb20mZ2RmcF9yZXE9MSZvdXRwdXQ9dmFzdCZ1bnZpZXdlZF9wb3NpdGlvbl9zdGFydD0xJmVudj12cCZpbXBsPXMmY29ycmVsYXRvcj04MDk4MjcmZ2Rwcj0wJmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:16 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
integrator.js
adservice.google.com/adsid/ Frame CFE6 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=c5x8i7c7.ssl.hwcdn.net
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 3353 		156 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21874155133%2C3081%2F22507_4953036709&description_url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&tfcd=0&npa=0&sz=640x480%7C1280x720%7C1920x1080%7C400x300&cust_params=dsmcm%3D1%26dsd%3Dnationalpost.com&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2552291831159005&gdpr=0&gdpr_consent&us_privacy&vpa=auto&vpmute=1&sdkv=h.3.528.0&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=3163591266&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.528.0&media_url=https%3A%2F%2Fc5x8i7c7.ssl.hwcdn.net%2Fvplayer-parallel%2F20211217_0009%2Fima_html5%2Fminimal.mp4&sid=E01D4222-0571-4C13-B216-A59B5799BBB8&nel=0&eid=44750823%2C44754420%2C44760950%2C44765701%2C44770964&ref=https%3A%2F%2Fnationalpost.com%2F&url=https%3A%2F%2Fnationalpost.com%2F&dlt=1662402376685&idt=249&dt=1662402376967&scor=980289908716122&ged=ve4_td0_tt0_pd0_la0_er0.0.154.300_vi0.0.317.564_vp100_eb24427
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 4C6C 		42 B
64 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvrgqjb-W6k8E754K7buVpvYWlfyIIPqxNFhGynS103_RA1rSIuaBx_76_Ogd1l-qCJO-7UmFcnXXF0oPGpDCYhfAWZhz9D9EC28q5r0CHUIru5Ursa8BPWmA&sai=AMfl-YTy4Q5bsRBk9XYum7dQJkdvVO4VvkZn6YKWgDpu83UWz-BRnxL61mlqOxKP2O2ZZ1KQeN-vBmDzFCf6sB1ncdoIDbGeSlUwIHKSM7d_M9SIR1168awdwwksJ8pX&sig=Cg0ArKJSzNda_JnaEdClEAE&cid=CAASJeRopFPjGXGaxmSUn8Mwa_E8cRmVvGLHtGJ_yeVRrGM6g9_O6rA&id=lidar2&mcvt=1000&p=152,650,402,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220831&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1596188534&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1662402375743&rpt=458&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame E10D 		376 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:17 GMT
191231-96143263832481.js
js-sec.indexww.com/ht/p/ Frame E10D 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/191231-96143263832481.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3eb6b450e09da3c00ba344a44a690b004402dc62ddf0d3cf3bbdec5ab33310e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:17 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Sep 2022 18:05:41 GMT
Server
Apache
ETag
"905aba-930a-5e7f1ed878108"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2549
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
12789
Expires
Mon, 05 Sep 2022 19:08:46 GMT
minimal.mp4
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/pd1_html5/ Frame E10D 		843 B
998 B 		Media
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/pd1_html5/minimal.mp4
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6

Request headers

Referer
https://nationalpost.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
last-modified
Fri, 17 Dec 2021 08:10:01 GMT
etag
"1639728601"
x-hw
1662402377.dop074.dc2.t,1662402377.cds101.dc2.hn,1662402377.cds185.dc2.c
content-type
video/mp4
Content-Range
bytes 0-842/843
cache-control
max-age=81551
accept-ranges
bytes
Content-Length
843
headerstats
as-sec.casalemedia.com/ Frame E10D 		0
503 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=476694&u=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/191231-96143263832481.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pkZpQyak%2Bc2BgxeQ0N3Ndiew%2BAYu9gtwQM3UDYdYyxZSGZ%2FlndIGXIWETe87LVfn8gJXSsPB6jOaeTHDJn5o1%2Fu9gDiAAMuMVtVy4hB6bWJHgs5FbtWJf3A6sl0ibdQ2BO%2FX2%2BYcUIk%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7461032bac22a21d-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
bridge3.528.0_en.html
imasdk.googleapis.com/js/core/ Frame 9989 		637 KB
206 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95462
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210604
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:55:15 GMT
expires
Mon, 04 Sep 2023 15:55:15 GMT
last-modified
Mon, 29 Aug 2022 20:41:35 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame E10D 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 18:26:17 GMT
p22507-ds-desktop.json
a.jsrdn.com/prebid/tags/ Frame E10D 		18 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.jsrdn.com/prebid/tags/p22507-ds-desktop.json?aca=1&env.sd=nationalpost.com&env.gc=CA
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4f150bfe51e4ef18abef9570c3e6dc3c31a38130e6b779912014f7bf66f723b7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
content-encoding
gzip
last-modified
Mon, 05 Sep 2022 17:42:32 GMT
etag
"1662399752"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-hw
1662402377.dop164.dc2.t,1662402377.cds068.dc2.hn,1662402377.cds076.dc2.c
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-max-age
3600
cache-control
max-age=83785
access-control-allow-credentials
true
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
content-length
1860
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=4h5w&k=ZQl3YQlhCTM1NTcJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCThiYjM0NjQwLTk5MjMtODlhYy04ODkxLTdkNzZjODUyOTdlNAljcAlwZAl2dgkyMDIxMTIxN18wMDA5OnBkMV9odG1sNTozLjUyOC4wCXd0CTUxOAlhZFRhZwkvL2EuanNyZG4uY29tL3ByZWJpZC90YWdzL3AyMjUwNy1kcy1kZXNrdG9wLmpzb24_YWNhPTEmZW52LnNkPW5hdGlvbmFscG9zdC5jb20mZW52LmdjPUNB
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.230.217.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-230-217-116.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-openrtb-version
Access-Control-Request-Method
POST
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
https://nationalpost.com
access-control-max-age
600
age
0
content-length
0
date
Mon, 05 Sep 2022 18:26:17 GMT
server
ATS/9.1.10.25
tag
5ew8d-b3mmu.ads.tremorhub.com/ad/ Frame E10D
Redirect Chain
  • https://5ew8d-b3mmu.ads.tremorhub.com/ad/tag?adCode=5ew8d-hg1g0&playerWidth=640&playerHeight=480&srcPageUrl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-vic...
  • https://5ew8d-b3mmu.ads.tremorhub.com/ad/tag?adCode=5ew8d-hg1g0&playerWidth=640&playerHeight=480&srcPageUrl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-vic...
55 B
605 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://5ew8d-b3mmu.ads.tremorhub.com/ad/tag?adCode=5ew8d-hg1g0&playerWidth=640&playerHeight=480&srcPageUrl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&supplyCode=5ew8d-b3mmu&skip=0&delivery=1&placement=1&schain=1.0,1!distroscale.com,6243197009,1,,,&transactionId=49ad21bd-0e06-4a33-bd73-b370fd8251d5&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&hb=1&fmt=json&_tur=T
Protocol
H2
Server
2600:1f18:612b:4232:404:2bd9:b8a8:362 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
539b6a3aa366b330fefa27834c08720cd7e26c871e9eca9048387568899b3c89

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
content-encoding
gzip
server
Apache-Coyote/1.1
vary
accept-encoding
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-tremorvideo-status
NO_AD
content-type
application/json;charset=UTF-8

Redirect headers

location
https://5ew8d-b3mmu.ads.tremorhub.com/ad/tag?adCode=5ew8d-hg1g0&playerWidth=640&playerHeight=480&srcPageUrl=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&supplyCode=5ew8d-b3mmu&skip=0&delivery=1&placement=1&schain=1.0,1!distroscale.com,6243197009,1,,,&transactionId=49ad21bd-0e06-4a33-bd73-b370fd8251d5&referrer=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&hb=1&fmt=json&_tur=T
date
Mon, 05 Sep 2022 18:26:17 GMT
access-control-allow-credentials
true
server
Apache-Coyote/1.1
access-control-allow-origin
https://nationalpost.com
content-length
0
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
cygnus
htlb.casalemedia.com/ Frame E10D 		36 B
538 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=448676&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%2239aa621eb039ac%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020%22%2C%22page%22%3A%22https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A1%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.3.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%224c6cbf58b34824%22%2C%22ext%22%3A%7B%22siteID%22%3A%22448676%22%2C%22sid%22%3A%22640x480%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fogg%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22api%22%3A%5B2%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A60%2C%22playerSize%22%3A%5B%5B640%2C480%5D%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22placement%22%3A1%2C%22w%22%3A640%2C%22h%22%3A480%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22distroscale.com%22%2C%22sid%22%3A%226243197009%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22a5145ca0-88b0-4e4c-aeb9-c324ab89cd12%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222022-09-05T18%3A26%3A13%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%7D%7D
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b8e2dc664ad7fbb8435f6d509111dd94edfb86194bc1fa761a78795fd2a39af

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P9WME989cUtUJFkdn9jLXte3frvAqEJ2g6TWYz40zxZX6IeZxFz03fVFPyF23oL%2BUIvcpIUUX8ALqcUuGQNnM4Xd7Tb%2FH2BogXXqwNGh3ZShKoCH6cS6QMRMZHPjtb6lH7p5Nnu3"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7461032c7cff5413-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36
expires
0
trinity.json
apex.go.sonobi.com/ Frame E10D 		521 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22642a836f8f39ad%22%3A%22fc436484eaa0d0cecf8a%7C%7Cgpid%3Dfc436484eaa0d0cecf8a%22%7D&ref=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&s=9a3b011b-d1bd-4b92-ace0-61ddbb75cddf&pv=e87c9012-4bf7-4f95-b94c-9c5cd7aeead0&vp=mobile&lib_name=prebid&lib_v=6.3.0&us=3&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22distroscale.com%22%2C%22sid%22%3A%226243197009%22%2C%22hp%22%3A1%7D%5D%7D&coppa=0
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.166.1.15 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
e6968810a584fb545efd0cdcdab0e20645b8416d465b7f1673a99a1185728f28
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:17 GMT
Content-Encoding
gzip
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-70
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-cache, no-store, private
Access-Control-Allow-Credentials
true
Tcn
Choice
Content-Type
application/json
Content-Length
356
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
324253
search.spotxchange.com/openrtb/2.3/dados/ Frame E10D 		0
953 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://search.spotxchange.com/openrtb/2.3/dados/324253?src_sys=prebid
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.35.249.142 Ashburn, United States, ASN11742 (SPOTX-IAD, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
x-spotx-timing-transform
0.000478
x-spotx-timing-spotmarket
0.008123
x-spotx-timing-page-require
0.000578
x-fe
546
x-spotx-timing-page-misc
0.006160
x-spotx-timing-page-cookie
0.000024
x-spotx-timing-page
0.016922
pragma
no-cache
x-spotx-timing-page-context
0.000406
last-modified
Mon, 05 Sep 2022 18:26:17 GMT
cache-control
no-cache, must-revalidate, post-check=0, pre-check=0
x-spotx-timing-spotmarket-primary
0.008123
access-control-allow-methods
POST, GET, PATCH, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
https://nationalpost.com
x-spotx-timing-page-exception
0.000000
x-spotx-timing-spotmarket-secondary
0.000000
x-spotx-timing-page-uri
0.000014
x-spotx-timing-page-mux
0.001139
access-control-allow-headers
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
prebid
ib.adnxs.com/ut/v3/ Frame E10D 		145 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 Secaucus, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
33e939a950bdbf1eaa9373978a3d4a7d2e438adac741f373650db4e67478b0a2
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:17 GMT
X-Proxy-Origin
149.56.153.180; 149.56.153.180; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid
5f1d7648-ec0d-4769-a40c-d56ec6a34412
Server
nginx/1.21.3
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://nationalpost.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
145
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
PBJS
c2shb.pubgw.yahoo.com/admax/bid/partners/ Frame E10D 		0
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c2shb.pubgw.yahoo.com/admax/bid/partners/PBJS
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.4.33.45 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-33-45.compute-1.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
x-openrtb-version
2.5
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
https://nationalpost.com
date
Mon, 05 Sep 2022 18:26:17 GMT
access-control-allow-credentials
true
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
avjp
distroscale-d.openx.net/v/1.0/ Frame E10D 		106 B
369 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://distroscale-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=49ad21bd-0e06-4a33-bd73-b370fd8251d5&nocache=1662402377646&schain=1.0%2C1!distroscale.com%2C6243197009%2C1%2C33bd4ea9-d6ef-495d-bd6c-5691496fd930%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A640%2C%22h%22%3A480%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fogg%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22api%22%3A%5B2%5D%2C%22maxduration%22%3A60%2C%22linearity%22%3A1%2C%22minduration%22%3A0%2C%22startdelay%22%3A0%2C%22placement%22%3A1%7D%7D%5D%7D&auid=556538739&vwd=640&vht=480&vmimes=video%2Fmp4%2Cvideo%2Fogg%2Cvideo%2Fwebm%2Capplication%2Fjavascript
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
via
1.1 google
server
OXGW/0.0.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://nationalpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
mvo
tag.1rx.io/rmp/211334/0/ Frame E10D 		0
164 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tag.1rx.io/rmp/211334/0/mvo?z=1r&hbv=6.3,2.1
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.226.210.221 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://nationalpost.com
pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ Frame E10D 		0
116 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://nationalpost.com
date
Mon, 05 Sep 2022 18:26:17 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=4lhv&k=ZQl3d2EJYQkzNTg0CWQJdXMtZWFzdC0xZQloCWktMDZjNjhlODZkYTA0Yjc0NmIJdQllNmVkYTgyMi0wZTFmLTQ1ZTAtYTRhOS1lZjIyMzU3MTA3YTQJdgliZmMzMjRlNi03MTM3LTRhMmUtYWNmOC02MTM0NzI3NzEyMWMJdmwJMjAyMjA5MDUuMTgwMAl2dAkyMDIyMDkwNS4xODAwCXZzCTIwMjEwNTA1CXZjCTIwMjIwNDI5CXN0CTIwMjIwOTA1LjE4MjYxNAlpCWU4ZDQ1OWE3LTM5OWEtNDhlNy05ZDM4LThkMTFiYjBjZTdhZQlmCWh0dHBzOi8vbmF0aW9uYWxwb3N0LmNvbS9uZXdzL3BvbGl0aWNzL25lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwCXEJZjM2YWM4MjgtNjA4Ny00Mjk4LTk5MDItYTllYmVjZDUyMGJiCW0JMjIzNDIJYgk0MzMJZwk5NDMJdAk1MzIxCWMJNTM3NglsCTE5ODY2CXoJMTg5NDEJcwk2Njk2CXAJMjI1MDcJdwluZXdzCWNzCUlBQjEyCWN6CQlnYwlDQQlncglRQwlnZAlmYWxzZQlnbglDb3Jwb3JhdGUJbmUJaW0JbmQJaW0Jc2QJbmF0aW9uYWxwb3N0LmNvbQlzZQk2MjQzMTk3MDA5CW1jCTMwODEJbmYJaXYJcXAJNTAJcXQJMjUwMAlwbgkzOTI5CXZuCTE4MzM5NTcJdnAJMQl2ZwlwcgljaQk4YmIzNDY0MC05OTIzLTg5YWMtODg5MS03ZDc2Yzg1Mjk3ZTQJY3AJcGQJdnYJMjAyMTEyMTdfMDAwOTpwZDFfaHRtbDU6My41MjguMAl3dAk1MTgJd3dhCWJpZGRlcjp0ZWxhcmlhfGl4fHNvbm9iaXxzcG90eHxhcHBuZXh1c3x5YWhvb3NzcHxvcGVueHxyaHl0aG1vbmV8cHVibWF0aWMJYWRUYWcJLy9hLmpzcmRuLmNvbS9wcmViaWQvdGFncy9wMjI1MDctZHMtZGVza3RvcC5qc29uP2FjYT0xJmVudi5zZD1uYXRpb25hbHBvc3QuY29tJmVudi5nYz1DQQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
events
api.permutive.com/v2.0/batch/ 		101 B
130 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
97da4cd6fb0df53e9d206096504c732bfcad765187ea8e5963fd1cc79bb341cd

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
content-encoding
gzip
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
via
1.1 google
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=f2zk&k=ZQl3d2gJYQkzODM2CWQJdXMtZWFzdC0xZQloCWktMDZjNjhlODZkYTA0Yjc0NmIJdQllNmVkYTgyMi0wZTFmLTQ1ZTAtYTRhOS1lZjIyMzU3MTA3YTQJdgliZmMzMjRlNi03MTM3LTRhMmUtYWNmOC02MTM0NzI3NzEyMWMJdmwJMjAyMjA5MDUuMTgwMAl2dAkyMDIyMDkwNS4xODAwCXZzCTIwMjEwNTA1CXZjCTIwMjIwNDI5CXN0CTIwMjIwOTA1LjE4MjYxNAlpCWU4ZDQ1OWE3LTM5OWEtNDhlNy05ZDM4LThkMTFiYjBjZTdhZQlmCWh0dHBzOi8vbmF0aW9uYWxwb3N0LmNvbS9uZXdzL3BvbGl0aWNzL25lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwCXEJZjM2YWM4MjgtNjA4Ny00Mjk4LTk5MDItYTllYmVjZDUyMGJiCW0JMjIzNDIJYgk0MzMJZwk5NDMJdAk1MzIxCWMJNTM3NglsCTE5ODY2CXoJMTg5NDEJcwk2Njk2CXAJMjI1MDcJdwluZXdzCWNzCUlBQjEyCWN6CQlnYwlDQQlncglRQwlnZAlmYWxzZQlnbglDb3Jwb3JhdGUJbmUJaW0JbmQJaW0Jc2QJbmF0aW9uYWxwb3N0LmNvbQlzZQk2MjQzMTk3MDA5CW1jCTMwODEJbmYJaXYJcXAJNTAJcXQJMjUwMAlwbgkzOTI5CXZuCTE4MzM5NTcJdnAJMQl2ZwlwcgljaQk4YmIzNDY0MC05OTIzLTg5YWMtODg5MS03ZDc2Yzg1Mjk3ZTQJY3AJcGQJdnYJMjAyMTEyMTdfMDAwOTpwZDFfaHRtbDU6My41MjguMAl3dAk1MTgJd3doCWJpZGRlcjpub25lLGNwbTowCWFkVGFnCS8vYS5qc3Jkbi5jb20vcHJlYmlkL3RhZ3MvcDIyNTA3LWRzLWRlc2t0b3AuanNvbj9hY2E9MSZlbnYuc2Q9bmF0aW9uYWxwb3N0LmNvbSZlbnYuZ2M9Q0E
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame BECA 		376 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:17 GMT
191231-96143263832481.js
js-sec.indexww.com/ht/p/ Frame BECA 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-sec.indexww.com/ht/p/191231-96143263832481.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.29.129.7 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-29-129-7.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3eb6b450e09da3c00ba344a44a690b004402dc62ddf0d3cf3bbdec5ab33310e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:17 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Sep 2022 18:05:41 GMT
Server
Apache
ETag
"905aba-930a-5e7f1ed878108"
Vary
Accept-Encoding
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=2549
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
text/javascript
Content-Length
12789
Expires
Mon, 05 Sep 2022 19:08:46 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=n2kc&k=ZQl3ZQlhCTM4NjUJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCThiYjM0NjQwLTk5MjMtODlhYy04ODkxLTdkNzZjODUyOTdlNAljcAlwZAl2dgkyMDIxMTIxN18wMDA5OnBkMV9odG1sNTozLjUyOC4wCXd0CTUxOAl3ZQlbd2VdIGVycm9yOk5vIHZhbGlkIGJpZHMgcmVjZWl2ZWQJYWRUYWcJLy9hLmpzcmRuLmNvbS9wcmViaWQvdGFncy9wMjI1MDctZHMtZGVza3RvcC5qc29uP2FjYT0xJmVudi5zZD1uYXRpb25hbHBvc3QuY29tJmVudi5nYz1DQQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:17 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
minimal.mp4
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/pd1_html5/ Frame BECA 		843 B
987 B 		Media
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/pd1_html5/minimal.mp4
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6

Request headers

Referer
https://nationalpost.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
last-modified
Fri, 17 Dec 2021 08:10:01 GMT
etag
"1639728601"
x-hw
1662402378.dop074.dc2.t,1662402378.cds101.dc2.hn,1662402378.cds185.dc2.c
content-type
video/mp4
Content-Range
bytes 0-842/843
cache-control
max-age=81550
accept-ranges
bytes
Content-Length
843
headerstats
as-sec.casalemedia.com/ Frame BECA 		0
460 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/headerstats?s=476694&u=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/191231-96143263832481.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zTaD60BRp3cTIdSvOJzQs5c9cM2E4%2F9qFYqwkLGRktghEk7vllD0kwfw9rl5hpabdJrBMuK9eq06999jNwXqMC5iHg%2Fz7iQOd27mrvsaDugt27a3WyHTUi2koQPb8sbYQfRVInxeeVw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7461032eb8ada21d-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
bridge3.528.0_en.html
imasdk.googleapis.com/js/core/ Frame 991D 		637 KB
206 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95463
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210604
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:55:15 GMT
expires
Mon, 04 Sep 2023 15:55:15 GMT
last-modified
Mon, 29 Aug 2022 20:41:35 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame BECA 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 18:26:18 GMT
p22507-ds-desktop-os.json
a.jsrdn.com/prebid/tags/os/ Frame BECA 		11 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.jsrdn.com/prebid/tags/os/p22507-ds-desktop-os.json?aca=1&env.sd=nationalpost.com&env.gc=CA&env.se=6243197009
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
bc17ae239e85ef48d77702c4d7c42a20a9db0835c7f75540252534027c17c437

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
content-encoding
gzip
last-modified
Mon, 05 Sep 2022 17:42:31 GMT
etag
"1662399751"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-hw
1662402378.dop164.dc2.t,1662402378.cds068.dc2.hn,1662402378.cds084.dc2.c
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-max-age
3600
cache-control
max-age=83785
access-control-allow-credentials
true
access-control-allow-methods
GET, HEAD
accept-ranges
bytes
content-length
1491
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=e10n&k=ZQl3YQlhCTQwNTUJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCWIzNzVlYTVlLTJlMjAtM2QwZS01NDUzLWZjYTdmOWY3NDY3NQljcAl0ZAl2dgkyMDIxMTIxN18wMDA5OnBkMV9odG1sNTozLjUyOC4wCXd0CTcwOQlhZFRhZwkvL2EuanNyZG4uY29tL3ByZWJpZC90YWdzL29zL3AyMjUwNy1kcy1kZXNrdG9wLW9zLmpzb24_YWNhPTEmZW52LnNkPW5hdGlvbmFscG9zdC5jb20mZW52LmdjPUNBJmVudi5zZT02MjQzMTk3MDA5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
avjp
distroscale-d.openx.net/v/1.0/ Frame BECA 		106 B
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://distroscale-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=ff3a7e95-475d-414b-be5a-18008d6120fa&nocache=1662402378135&schain=1.0%2C1!distroscale.com%2C6243197009%2C1%2C%2C%2C&openrtb=%7B%22imp%22%3A%5B%7B%22video%22%3A%7B%22w%22%3A640%2C%22h%22%3A480%2C%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fogg%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%2C7%2C8%5D%2C%22api%22%3A%5B2%5D%2C%22maxduration%22%3A60%2C%22linearity%22%3A1%2C%22minduration%22%3A0%2C%22startdelay%22%3A0%2C%22placement%22%3A3%7D%7D%5D%7D&auid=557556883&vwd=640&vht=480&vos=101&vmimes=video%2Fmp4%2Cvideo%2Fogg%2Cvideo%2Fwebm%2Capplication%2Fjavascript
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
via
1.1 google
server
OXGW/0.0.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://nationalpost.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
auction
prebid-server.rubiconproject.com/openrtb2/ Frame BECA 		184 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.210.205.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-210-205-198.compute-1.amazonaws.com
Software
/
Resource Hash
20790ed4c06d4677de7626ff358c1695c69757a3122f9fed22219e9480e94044

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
content-encoding
gzip
x-prebid
pbs-java/1.97.0
content-type
application/json
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
174
expires
0
cygnus
htlb.casalemedia.com/ Frame BECA 		36 B
506 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/cygnus?s=842213&v=8.1&ac=j&sd=1&nf=1&r=%7B%22id%22%3A%2258e19f0682849e%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020%22%2C%22page%22%3A%22https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A0%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A1%2C%22allu%22%3A1%2C%22ren%22%3Atrue%2C%22version%22%3A%226.3.0%22%2C%22userIds%22%3A%5B%5D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%226987f7d938fbc2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22842213%22%2C%22sid%22%3A%22640x480%22%7D%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22video%2Fogg%22%2C%22video%2Fwebm%22%2C%22application%2Fjavascript%22%5D%2C%22protocols%22%3A%5B1%2C2%2C3%2C4%2C5%2C6%5D%2C%22api%22%3A%5B2%5D%2C%22minduration%22%3A0%2C%22maxduration%22%3A60%2C%22playerSize%22%3A%5B%5B640%2C480%5D%5D%2C%22linearity%22%3A1%2C%22startdelay%22%3A0%2C%22placement%22%3A3%2C%22w%22%3A640%2C%22h%22%3A480%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22distroscale.com%22%2C%22sid%22%3A%226243197009%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%22eids%22%3A%5B%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22a5145ca0-88b0-4e4c-aeb9-c324ab89cd12%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%2C%7B%22id%22%3A%22FALSE%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_LOOKUP%22%7D%7D%2C%7B%22id%22%3A%222022-09-05T18%3A26%3A13%22%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID_CREATED_AT%22%7D%7D%5D%7D%5D%7D%7D
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98953d0212f4abee3ef01bcc636af808be96014a7eeb17ee758343496058e0b8

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h0hirxIglmT8r%2FDEPouaADGsWFsHM3Cxc%2FBfY9nTWCqNBXreEzCx9j%2Fe0V0ssInEE6pQfq%2BXnPNGGiPylmBG8tC8CwKu%2FyavNF%2BdJCW1AzpQw6j8QSeHxs26UKQQHZirbjpswJyi"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://nationalpost.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7461032f69e35413-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36
expires
0
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=yhdf&k=ZQl3d2EJYQk0MDc5CWQJdXMtZWFzdC0xZQloCWktMDZjNjhlODZkYTA0Yjc0NmIJdQllNmVkYTgyMi0wZTFmLTQ1ZTAtYTRhOS1lZjIyMzU3MTA3YTQJdgliZmMzMjRlNi03MTM3LTRhMmUtYWNmOC02MTM0NzI3NzEyMWMJdmwJMjAyMjA5MDUuMTgwMAl2dAkyMDIyMDkwNS4xODAwCXZzCTIwMjEwNTA1CXZjCTIwMjIwNDI5CXN0CTIwMjIwOTA1LjE4MjYxNAlpCWU4ZDQ1OWE3LTM5OWEtNDhlNy05ZDM4LThkMTFiYjBjZTdhZQlmCWh0dHBzOi8vbmF0aW9uYWxwb3N0LmNvbS9uZXdzL3BvbGl0aWNzL25lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwCXEJZjM2YWM4MjgtNjA4Ny00Mjk4LTk5MDItYTllYmVjZDUyMGJiCW0JMjIzNDIJYgk0MzMJZwk5NDMJdAk1MzIxCWMJNTM3NglsCTE5ODY2CXoJMTg5NDEJcwk2Njk2CXAJMjI1MDcJdwluZXdzCWNzCUlBQjEyCWN6CQlnYwlDQQlncglRQwlnZAlmYWxzZQlnbglDb3Jwb3JhdGUJbmUJaW0JbmQJaW0Jc2QJbmF0aW9uYWxwb3N0LmNvbQlzZQk2MjQzMTk3MDA5CW1jCTMwODEJbmYJaXYJcXAJNTAJcXQJMjUwMAlwbgkzOTI5CXZuCTE4MzM5NTcJdnAJMQl2ZwlwcgljaQliMzc1ZWE1ZS0yZTIwLTNkMGUtNTQ1My1mY2E3ZjlmNzQ2NzUJY3AJdGQJdnYJMjAyMTEyMTdfMDAwOTpwZDFfaHRtbDU6My41MjguMAl3dAk3MDkJd3dhCWJpZGRlcjpvcGVueC1vc3xydWJpY29uLW9zfGl4LW9zCWFkVGFnCS8vYS5qc3Jkbi5jb20vcHJlYmlkL3RhZ3Mvb3MvcDIyNTA3LWRzLWRlc2t0b3Atb3MuanNvbj9hY2E9MSZlbnYuc2Q9bmF0aW9uYWxwb3N0LmNvbSZlbnYuZ2M9Q0EmZW52LnNlPTYyNDMxOTcwMDk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=qtng&k=ZQl3d2gJYQk0MzUxCWQJdXMtZWFzdC0xZQloCWktMDZjNjhlODZkYTA0Yjc0NmIJdQllNmVkYTgyMi0wZTFmLTQ1ZTAtYTRhOS1lZjIyMzU3MTA3YTQJdgliZmMzMjRlNi03MTM3LTRhMmUtYWNmOC02MTM0NzI3NzEyMWMJdmwJMjAyMjA5MDUuMTgwMAl2dAkyMDIyMDkwNS4xODAwCXZzCTIwMjEwNTA1CXZjCTIwMjIwNDI5CXN0CTIwMjIwOTA1LjE4MjYxNAlpCWU4ZDQ1OWE3LTM5OWEtNDhlNy05ZDM4LThkMTFiYjBjZTdhZQlmCWh0dHBzOi8vbmF0aW9uYWxwb3N0LmNvbS9uZXdzL3BvbGl0aWNzL25lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwCXEJZjM2YWM4MjgtNjA4Ny00Mjk4LTk5MDItYTllYmVjZDUyMGJiCW0JMjIzNDIJYgk0MzMJZwk5NDMJdAk1MzIxCWMJNTM3NglsCTE5ODY2CXoJMTg5NDEJcwk2Njk2CXAJMjI1MDcJdwluZXdzCWNzCUlBQjEyCWN6CQlnYwlDQQlncglRQwlnZAlmYWxzZQlnbglDb3Jwb3JhdGUJbmUJaW0JbmQJaW0Jc2QJbmF0aW9uYWxwb3N0LmNvbQlzZQk2MjQzMTk3MDA5CW1jCTMwODEJbmYJaXYJcXAJNTAJcXQJMjUwMAlwbgkzOTI5CXZuCTE4MzM5NTcJdnAJMQl2ZwlwcgljaQliMzc1ZWE1ZS0yZTIwLTNkMGUtNTQ1My1mY2E3ZjlmNzQ2NzUJY3AJdGQJdnYJMjAyMTEyMTdfMDAwOTpwZDFfaHRtbDU6My41MjguMAl3dAk3MDkJd3doCWJpZGRlcjpub25lLGNwbTowCWFkVGFnCS8vYS5qc3Jkbi5jb20vcHJlYmlkL3RhZ3Mvb3MvcDIyNTA3LWRzLWRlc2t0b3Atb3MuanNvbj9hY2E9MSZlbnYuc2Q9bmF0aW9uYWxwb3N0LmNvbSZlbnYuZ2M9Q0EmZW52LnNlPTYyNDMxOTcwMDk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
apstag.js
c.amazon-adsystem.com/aax2/ Frame 5D2D 		166 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8efa950be6d28aa1103053638a776ab8f2dcda011254bab316bc409018714e33

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 05 Sep 2022 17:36:23 GMT
via
1.1 368146333bf1a1071e8432a7d4e41e1a.cloudfront.net (CloudFront), 1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
last-modified
Thu, 01 Sep 2022 20:50:54 GMT
server
AmazonS3
age
2996
etag
W/"350e165fc9b88312c43a9ba90eba4e3d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-pop
IAD89-C3, JFK50-P1
content-encoding
gzip
x-amz-cf-id
rUQfKK5ZNOBVWFh1GS1UdS9YAEVnN0_K9o2jEAeY2hd_SnAPWcu0-w==
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 5D2D 		376 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:18 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=kozt&k=ZQl3ZQlhCTQzNjIJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCWIzNzVlYTVlLTJlMjAtM2QwZS01NDUzLWZjYTdmOWY3NDY3NQljcAl0ZAl2dgkyMDIxMTIxN18wMDA5OnBkMV9odG1sNTozLjUyOC4wCXd0CTcwOQl3ZQlbd2VdIGVycm9yOk5vIHZhbGlkIGJpZHMgcmVjZWl2ZWQJYWRUYWcJLy9hLmpzcmRuLmNvbS9wcmViaWQvdGFncy9vcy9wMjI1MDctZHMtZGVza3RvcC1vcy5qc29uP2FjYT0xJmVudi5zZD1uYXRpb25hbHBvc3QuY29tJmVudi5nYz1DQSZlbnYuc2U9NjI0MzE5NzAwOQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 5D2D 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

x-amz-version-id
tKimXuvhjexkvOlm5D.ynBWfUtiJgbbH
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
58951
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Wed, 24 Aug 2022 19:06:24 GMT
server
AmazonS3
date
Mon, 05 Sep 2022 02:03:48 GMT
vary
Accept-Encoding,Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 fa2a1404411f25eb7c3c4def0c2864e6.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
JFK50-P1
x-amz-cf-id
KZeMRmi7EJea2TWmOIotXV1LYs3AgotGV1m_xj0vptp56LnA48nT5w==
minimal.mp4
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/aps_html5/ Frame 5D2D 		843 B
975 B 		Media
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/aps_html5/minimal.mp4
Requested by
Host: nationalpost.com
URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6

Request headers

Referer
https://nationalpost.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
last-modified
Fri, 17 Dec 2021 08:10:07 GMT
etag
"1639728607"
x-hw
1662402378.dop074.dc2.t,1662402378.cds101.dc2.hn,1662402378.cds210.dc2.c
content-type
video/mp4
Content-Range
bytes 0-842/843
cache-control
max-age=18826
accept-ranges
bytes
Content-Length
843
bridge3.528.0_en.html
imasdk.googleapis.com/js/core/ Frame 1F97 		637 KB
206 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95463
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210604
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:55:15 GMT
expires
Mon, 04 Sep 2023 15:55:15 GMT
last-modified
Mon, 29 Aug 2022 20:41:35 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 5D2D 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 18:26:18 GMT
config
c.amazon-adsystem.com/cdn/prod/ Frame 5D2D 		0
310 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fnationalpost.com&pubid=510b2083-6681-4521-93bd-7d95b5afa83c
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 13:24:28 GMT
via
1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
server
Server
age
18110
x-cache
Hit from cloudfront
access-control-allow-origin
https://nationalpost.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
x-amz-cf-pop
JFK50-P1
x-amz-cf-id
CDk-FEKcFnogQMcx0OKS2sIXAobBKQ2VjDhx0bHi2DRQF0JHiB7scg==
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=10nh&k=ZQl3YQlhCTQ0NzMJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCTEwNWYyODY3LTA0YWItNDdiNi0wZTVjLWQxNjViOGRiM2Y0ZAljcAlhegl2dgkyMDIxMTIxN18wMDA5OmFwc19odG1sNTozLjUyOC4wCXd0CTYzNwlhZFRhZwkvL2MuYW1hem9uLWFkc3lzdGVtLmNvbS9lL2R0Yi9iaWQ_YXBzU2xvdElEPURlc2t0b3Amc2lkPTYyNDMxOTcwMDk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
bid
c.amazon-adsystem.com/e/dtb/ Frame 5D2D 		163 B
603 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&pid=IWoKqXin8nGZp&cb=0&ws=564x317&v=22.8.252032&t=2000&slots=%5B%7B%22id%22%3A%22Desktop%22%2C%22mt%22%3A%22v%22%7D%5D&cfgv=1&schain=1.0%2C1!distroscale.com%2C6243197009%2C1%2C%2C%2C&pubid=510b2083-6681-4521-93bd-7d95b5afa83c&gdprl=%7B%22status%22%3A%22no-cmp%22%7D&vm=%7B%22ids%22%3A%7B%22pubcommon%22%3A%225b748a72-15e5-4613-a7a4-683fef48878e%22%7D%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.52.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-52-24.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
abf54942aee1ede00d39f859a319ef865c1f0184743b2dcd38f2ba0bb97f1fc2
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
via
1.1 b4d4149b3eab97748926fd7af4eba404.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P1
x-amz-rid
K04CBAT0EJQ1VCV4SPZR
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://nationalpost.com
access-control-allow-credentials
true
strict-transport-security
max-age=47474747; includeSubDomains; preload
timing-allow-origin
*
content-length
163
x-amz-cf-id
uUguk8XkJFUV81Rn4GH_C_MW7w7Ezio06PfrgvmwHl0f306XkrbQ_g==
experiences
flowcards.mrf.io/json/ 		51 B
219 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://flowcards.mrf.io/json/experiences?site_id=1528&client_id=546dc072-3493-4c18-8137-c8bca41866b5&user_type=0&canonical_url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&referrer=&recirculation_source=&previous_page=&targeting=lcp_offender,IMG.featured-image__image%20type:primaryImage&geo=__INJECT_GEO__&session_duration=3&pageviews=1&first_visit=1662402375&page_technology=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.207 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
c58ae9a450c0b6887adcbc1b278ecdab16a6abe92c35f3e91dae50d11cbee03d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
content-encoding
gzip
x-b3-traceid
5cb5df3e91e74b4999adfd9dde73aaff
x-cache
MISS
mrf-cache-status
M
x-envoy-upstream-service-time
293
x-b3-traceid-primal
5cb5df3e91e74b4999adfd9dde73aaff
content-length
64
x-served-by
cache-yul12824-YUL
server
istio-envoy
x-timer
S1662402379.635281,VS0,VE297
vary
origin
x-req-backend
F_origin_1_croupier
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-type
application/json; charset=utf-8
x-cache-hits
0
iu3
s.amazon-adsystem.com/ Frame D758 		0
0
index.html
s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/ Frame A037 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/index.html
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.216.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
9d84e609f83ce654233e71c1a1ea7321f73479b0126d2cbbf216e18add331d23

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=86400
Content-Encoding
gzip
Content-Length
7033
Content-Type
text/html
Date
Mon, 05 Sep 2022 18:26:19 GMT
ETag
"74624bba3df780a8b81caab7762be6ba"
Last-Modified
Fri, 17 Dec 2021 08:10:51 GMT
Server
AmazonS3
x-amz-id-2
pgxsSkDzPIFiSqWyRDfWvw4OqtC/BTnHn2L/dYAsXe1dbWhqDdlzEPXdRrLBIljuHOY7AXV6UIA=
x-amz-request-id
N3PX90K9KF5C12A0
x-amz-version-id
LrhTs7Rs4.rdNZEzO6D1s6BcWsWKUsBC
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=hc7j&k=ZQl3ZQlhCTQ2MjUJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCTEwNWYyODY3LTA0YWItNDdiNi0wZTVjLWQxNjViOGRiM2Y0ZAljcAlhegl2dgkyMDIxMTIxN18wMDA5OmFwc19odG1sNTozLjUyOC4wCXd0CTYzNwl3ZQlbd2VdIGVycm9yOk5vIHZhbGlkIGJpZHMgcmVjZWl2ZWQJYWRUYWcJLy9jLmFtYXpvbi1hZHN5c3RlbS5jb20vZS9kdGIvYmlkP2Fwc1Nsb3RJRD1EZXNrdG9wJnNpZD02MjQzMTk3MDA5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:18 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
metrics
api.permutive.com/v2.0/internal/ 		2 B
37 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/internal/metrics?k=21ec23a2-b38a-456e-b801-e5877a041482
Requested by
Host: 23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
URL: https://23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app/23dc09d6-b664-425a-a76e-0eed6a6cc102-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
content-type
text/plain

Response headers

date
Mon, 05 Sep 2022 18:26:18 GMT
content-encoding
gzip
server
Permutive
content-type
text/plain;charset=utf-8
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22
via
1.1 google
recirculation.php
events.newsroom.bi/ 		12 B
528 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.newsroom.bi/recirculation.php
Requested by
Host: sdk.mrf.io
URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1528
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
188.40.92.96 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
haproxy01.cl03.k8s.mrf.io
Software
istio-envoy /
Resource Hash
a2702f6a67d243b8c2451ed8022b8fd0a6701cd104781ad922dc25fc6aa6fc3b

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-expose-headers
Content-Length,Content-Range
cache-control
private,no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
12
recirculation.php
events.newsroom.bi/ 		12 B
528 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.newsroom.bi/recirculation.php
Requested by
Host: sdk.mrf.io
URL: https://sdk.mrf.io/statics/marfeel-sdk.js?id=1528
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
188.40.92.96 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
haproxy01.cl03.k8s.mrf.io
Software
istio-envoy /
Resource Hash
a2702f6a67d243b8c2451ed8022b8fd0a6701cd104781ad922dc25fc6aa6fc3b

Request headers

Referer
https://nationalpost.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://nationalpost.com
access-control-expose-headers
Content-Length,Content-Range
cache-control
private,no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-length
12
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame A037 		376 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s3-us-west-2.amazonaws.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:19 GMT
minimal.mp4
s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/ Frame A037 		843 B
1 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/minimal.mp4
Requested by
Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.216.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6

Request headers

Referer
https://s3-us-west-2.amazonaws.com/distroscale-public/vplayer-parallel/20211217_0009/ima_html5/index.html
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 05 Sep 2022 18:26:20 GMT
Last-Modified
Fri, 17 Dec 2021 08:10:51 GMT
Server
AmazonS3
x-amz-request-id
J2NWG0DYW8G75AFD
ETag
"fb62001afaa95ed461f35992d7431867"
x-amz-version-id
.Eu1js7x6D21f0ccB7gEFoo2n70w.7Se
Content-Range
bytes 0-842/843
Cache-Control
max-age=86400
Accept-Ranges
bytes
Content-Type
video/mp4
Content-Length
843
x-amz-id-2
mYulI+ptzSLUfXdaSIkLhwLuDxK3PS0KF8jt8aDMt6y7b6W412rBlVBAixEGaR3Om5MAqF96qVs=
bridge3.528.0_en.html
imasdk.googleapis.com/js/core/ Frame 476A 		637 KB
206 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s3-us-west-2.amazonaws.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95464
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210604
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:55:15 GMT
expires
Mon, 04 Sep 2023 15:55:15 GMT
last-modified
Mon, 29 Aug 2022 20:41:35 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame A037 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s3-us-west-2.amazonaws.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 18:26:19 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=cuzg&k=ZQl3YQlhCTUwNzQJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCTNhOTBmZTdjLTEzZDctMWY2ZS05ODAzLTFjMGExN2VkN2U4ZQljcAlnZwl2dgkyMDIxMTIxN18wMDA5OmltYV9odG1sNTozLjUyOC4wCXd0CTY1MglhZFRhZwkvL3B1YmFkcy5nLmRvdWJsZWNsaWNrLm5ldC9nYW1wYWQvYWRzP2l1PS8zNDIzMDEwOSwzMDgxLzIyNTA3Xzg4NTgwNjk4OTcmZGVzY3JpcHRpb25fdXJsPWh0dHBzJTNBJTJGJTJGbmF0aW9uYWxwb3N0LmNvbSUyRm5ld3MlMkZwb2xpdGljcyUyRm5lYXJseS0xMzAwMC1jYW5hZGlhbnMtcG90ZW50aWFsbHktdmljdGltcy1vZi1jZXJiLWZyYXVkLWFmdGVyLWhhY2tlcnMtYWNjZXNzZWQtdGhlaXItbXljcmEtYWNjb3VudC1pbi0yMDIwJnRmY2Q9MCZucGE9MCZzej02NDB4NDgwJTdDMTI4MHg3MjAlN0MxOTIweDEwODAlN0M0MDB4MzAwJmN1c3RfcGFyYW1zPWRzbWNtJTNEMSUyNmRzZCUzRG5hdGlvbmFscG9zdC5jb20mZ2RmcF9yZXE9MSZvdXRwdXQ9dmFzdCZ1bnZpZXdlZF9wb3NpdGlvbl9zdGFydD0xJmVudj12cCZpbXBsPXMmY29ycmVsYXRvcj03OTM5NTYmZ2Rwcj0wJmdkcHJfY29uc2VudD0mdXNfcHJpdmFjeT0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:19 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
integrator.js
adservice.google.com/adsid/ Frame A037 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=s3-us-west-2.amazonaws.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s3-us-west-2.amazonaws.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
pubads.g.doubleclick.net/gampad/ Frame 476A 		156 B
142 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F34230109%2C3081%2F22507_8858069897&description_url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&tfcd=0&npa=0&sz=640x480%7C1280x720%7C1920x1080%7C400x300&cust_params=dsmcm%3D1%26dsd%3Dnationalpost.com&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=3294494240715507&gdpr=0&gdpr_consent&us_privacy&vpa=auto&vpmute=1&sdkv=h.3.528.0&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=3163591266&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.528.0&media_url=https%3A%2F%2Fs3-us-west-2.amazonaws.com%2Fdistroscale-public%2Fvplayer-parallel%2F20211217_0009%2Fima_html5%2Fminimal.mp4&sid=93848493-5443-4EE6-B929-7DB8FE85C2A4&nel=0&eid=44752711%2C44754420%2C44760950%2C44765701&ref=https%3A%2F%2Fnationalpost.com%2F&url=https%3A%2F%2Fnationalpost.com%2F&dlt=1662402378999&idt=241&dt=1662402379270&scor=3131332710661382&ged=ve4_td0_tt0_pd0_la0_er0.0.154.300_vi0.0.317.564_vp100_eb24427
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.65.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
index.html
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/ Frame 5C2A 		21 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
9d84e609f83ce654233e71c1a1ea7321f73479b0126d2cbbf216e18add331d23

Request headers

Referer
https://nationalpost.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=63474
content-encoding
gzip
content-length
7033
content-type
text/html
date
Mon, 05 Sep 2022 18:26:19 GMT
etag
"1639728651"
last-modified
Fri, 17 Dec 2021 08:10:51 GMT
x-hw
1662402379.dop074.dc2.t,1662402379.cds101.dc2.hn,1662402379.cds173.dc2.c
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 5C2A 		376 KB
125 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
128229
x-xss-protection
0
expires
Mon, 05 Sep 2022 18:26:19 GMT
minimal.mp4
c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/ Frame 5C2A 		843 B
964 B 		Media
General
Check archive.org
Download Go to
Full URL
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/minimal.mp4
Requested by
Host: c5x8i7c7.ssl.hwcdn.net
URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
205.185.216.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
/
Resource Hash
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6

Request headers

Referer
https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ima_html5/index.html
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Range
bytes=0-

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
last-modified
Fri, 17 Dec 2021 08:10:51 GMT
etag
"1639728651"
x-hw
1662402379.dop074.dc2.t,1662402379.cds101.dc2.hn,1662402379.cds060.dc2.c
content-type
video/mp4
Content-Range
bytes 0-842/843
cache-control
max-age=55945
accept-ranges
bytes
Content-Length
843
bridge3.528.0_en.html
imasdk.googleapis.com/js/core/ Frame 919C 		637 KB
206 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c5x8i7c7.ssl.hwcdn.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
95464
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
210604
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sun, 04 Sep 2022 15:55:15 GMT
expires
Mon, 04 Sep 2023 15:55:15 GMT
last-modified
Mon, 29 Aug 2022 20:41:35 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 5C2A 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2006 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 05 Sep 2022 18:26:19 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=nnu8&k=ZQl3YQlhCTU1OTEJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCTlkYjEzZDdiLTY0NmYtNzFkYy05OGZlLTFkODFiYjhmNGU0MAljcAlyYgl2dgkyMDIxMTIxN18wMDA5OmltYV9odG1sNTozLjUyOC4wCXd0CTE4NQlhZFRhZwkvL3ZpZGVvLWFkcy5ydWJpY29ucHJvamVjdC5jb20vdmlkZW8vMTY1NzgvMTM1OTg4LzE0NDAwNDYvMjAzL3Zhc3QueG1sP3RnX2MubGFuZ3VhZ2U9ZW4md2lkdGg9NTY0JmhlaWdodD0zMTcmcnBfc2NoYWluPTEuMCwxIWRpc3Ryb3NjYWxlLmNvbSw2MjQzMTk3MDA5LDEsLCwmdGdfaS5kb21haW49bmF0aW9uYWxwb3N0LmNvbSZyZj1odHRwcyUzQSUyRiUyRm5hdGlvbmFscG9zdC5jb20lMkZuZXdzJTJGcG9saXRpY3MlMkZuZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMCZ1c19wcml2YWN5PSZnZHByPTAmZ2Rwcl9jb25zZW50PQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:19 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
integrator.js
adservice.google.com/adsid/ Frame 5C2A 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=c5x8i7c7.ssl.hwcdn.net
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2002 Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 05 Sep 2022 18:26:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
vast.xml
video-ads.rubiconproject.com/video/16578/135988/1440046/203/ Frame 919C 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video-ads.rubiconproject.com/video/16578/135988/1440046/203/vast.xml?tg_c.language=en&width=564&height=317&rp_schain=1.0,1!distroscale.com,6243197009,1,,,&tg_i.domain=nationalpost.com&rf=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&us_privacy=&gdpr=0&gdpr_consent=
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.217.28.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-28-180.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 / PHP/5.4.16
Resource Hash
127de201f02eebb179b938df00ae738418ab549d7cc36c929f6756159afb63d1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 05 Sep 2022 18:26:19 GMT
Content-Encoding
gzip
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By
PHP/5.4.16
Vary
Accept-Encoding
Access-Control-Allow-Methods
POST, GET, PUT, OPTIONS, PATCH, DELETE
Content-Type
text/xml
Access-Control-Allow-Origin
https://imasdk.googleapis.com
Cache-Control
public, must-revalidate, max-age=0, s-maxage=600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
X-Accept-Charset,X-Accept,Content-Type
Content-Length
1040
Expires
Mon, 05 Sep 2022 18:26:19 GMT
csi
csi.gstatic.com/ Frame 919C 		0
327 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~l7p3gdle&c=8120224028378&slotId=4060112014189&fb=ima_html5-lima&sdkv=h.3.528.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=2.0&vmfc=1&vhc=0&ghmsh_eids=44754420%2C44760950%2C44765701
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.528.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4001:c0a::5e Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:20 GMT
last-modified
Wed, 21 Jan 2004 19:51:30 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
loader.js
imasdk.googleapis.com/js/sdkloader/ Frame 5841 		55 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/loader.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:822::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
82fa3bfda70106507e30ed360a21f48281f689ddd8cfe416483cc970249a6dad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:21:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
310
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20087
x-xss-protection
0
last-modified
Mon, 29 Aug 2022 20:45:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=900
accept-ranges
bytes
expires
Mon, 05 Sep 2022 18:36:09 GMT
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=er5g&k=ZQl3aAlhCTU4NjMJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCTlkYjEzZDdiLTY0NmYtNzFkYy05OGZlLTFkODFiYjhmNGU0MAljcAlyYgl2dgkyMDIxMTIxN18wMDA5OmltYV9odG1sNTozLjUyOC4wCXd0CTE4NQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:19 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
bridge-31047.js
video-ads.rubiconproject.com/video/ Frame 5841 		65 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://video-ads.rubiconproject.com/video/bridge-31047.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.217.28.180 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-217-28-180.deploy.static.akamaitechnologies.com
Software
Apache/2.4.6 (CentOS) PHP/5.4.16 /
Resource Hash
f5ac6348585afe084ad84bb4b456717fd946101219e1f3c16f266745dc80b0d4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

Date
Mon, 05 Sep 2022 18:26:19 GMT
Content-Encoding
gzip
Last-Modified
Mon, 20 Jun 2022 14:26:23 GMT
Server
Apache/2.4.6 (CentOS) PHP/5.4.16
ETag
"1021f-5e1e1e36cc1c0-gzip"
Vary
Accept-Encoding
Access-Control-Allow-Methods
POST, GET, PUT, OPTIONS, PATCH, DELETE
Content-Type
application/javascript
Access-Control-Allow-Origin
Access-Control-Allow-Credentials
true
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
X-Accept-Charset,X-Accept,Content-Type
Content-Length
20215
vast.xml
optimized-by.rubiconproject.com/a/api/ Frame 5841 		28 B
397 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://optimized-by.rubiconproject.com/a/api/vast.xml?gdpr=0&gdpr_consent=&account_id=16578&site_id=135988&zone_id=1440046&size_id=203&tg_c.language=en&width=564&height=317&rp_schain=1.0,1!distroscale.com,6243197009,1,,,&tg_i.domain=montrealgazette.com&rf=https://montrealgazette.com/opinion/opinion-its-no-wonder-nurses-are-leaving-quebecs-public-system&p_window.depth=1&p_window.url=https%3A%2F%2Fnationalpost.com%2F&p_window.w=564&p_window.h=317&p_aso.video.api=2&p_aso.video.mimes=application/javascript,video/mp4&tk_vpaid=1&cb=4575075799235158&rp_secure=1
Requested by
Host: video-ads.rubiconproject.com
URL: https://video-ads.rubiconproject.com/video/bridge-31047.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
204.236.250.205 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-204-236-250-205.compute-1.amazonaws.com
Software
nginx/1.21.4 /
Resource Hash
d06c733ba42b81cd66c7fcaabc75b51c59292cdbccdcfb6a88bf2b57d262047b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://c5x8i7c7.ssl.hwcdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:20 GMT
server
nginx/1.21.4
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
https://c5x8i7c7.ssl.hwcdn.net
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-type
application/xml
content-length
28
expires
Wed, 17 Sep 1975 21:32:10 GMT
143.240d43258d90d6650346.css
cdn.viafoura.net/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/143.240d43258d90d6650346.css
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d6ee074c798e32dab8e257f029f2a971c78e51f04d781c33601bf6dbfe9c8cb1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428133
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:35 GMT
server
AmazonS3
etag
W/"357847d6ef7c60eb79d104cce803d828"
vary
Accept-Encoding
x-amz-version-id
l6S8EOSgeFF7kShO58R5weLb6nwn5.yP
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
text/css; charset=utf-8
x-amz-cf-id
GaOKdUFTsKfUNKZQ9HKXvHtZRdtWy4-cGhowktSw1SAHHsgGcmlx-w==
trending_articles_js.210a489c117f35f4fdda.js
cdn.viafoura.net/chunks/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/trending_articles_js.210a489c117f35f4fdda.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5dc68de6610ca122274be56dd55630347a6109baf19a6af9c74092e9a114bdd5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428133
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:22 GMT
server
AmazonS3
etag
W/"f02ce301088255d11c590eef94fd3241"
vary
Accept-Encoding
x-amz-version-id
qpOMYfvwn9WuacCoUevyvU0M_9.PYLjx
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
6Q1cLRiH2M14yiXbZ2Hj2C1tAEr5L1WOCYWpYc-3H3dQDiVUKec8eQ==
trending_articles-module-js.d47af3b00db339afac40.js
cdn.viafoura.net/chunks/vuex_store/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/vuex_store/trending_articles-module-js.d47af3b00db339afac40.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c8460b70ae22e99c9d6f2cc1c7a81e4731ba284eca97cb5b285d831688ed513f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428133
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:18 GMT
server
AmazonS3
etag
W/"54300fdcd1cafb7607e4dc090fc75b80"
vary
Accept-Encoding
x-amz-version-id
x_08LuqX2FOrBHcWdtwk8.XNsYQUCFXn
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
1Hkd-xOXi1m4CxiIjCxmxIuRTNN6aqSdUqG3jXJ82eUiHrbtCRyhTg==
csi
csi.gstatic.com/ Frame 919C 		0
0
1.gif
i.jsrdn.com/i/ 		42 B
281 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.jsrdn.com/i/1.gif?r=2ijw&k=ZQl3ZQlhCTY0NTQJZAl1cy1lYXN0LTFlCWgJaS0wNmM2OGU4NmRhMDRiNzQ2Ygl1CWU2ZWRhODIyLTBlMWYtNDVlMC1hNGE5LWVmMjIzNTcxMDdhNAl2CWJmYzMyNGU2LTcxMzctNGEyZS1hY2Y4LTYxMzQ3Mjc3MTIxYwl2bAkyMDIyMDkwNS4xODAwCXZ0CTIwMjIwOTA1LjE4MDAJdnMJMjAyMTA1MDUJdmMJMjAyMjA0MjkJc3QJMjAyMjA5MDUuMTgyNjE0CWkJZThkNDU5YTctMzk5YS00OGU3LTlkMzgtOGQxMWJiMGNlN2FlCWYJaHR0cHM6Ly9uYXRpb25hbHBvc3QuY29tL25ld3MvcG9saXRpY3MvbmVhcmx5LTEzMDAwLWNhbmFkaWFucy1wb3RlbnRpYWxseS12aWN0aW1zLW9mLWNlcmItZnJhdWQtYWZ0ZXItaGFja2Vycy1hY2Nlc3NlZC10aGVpci1teWNyYS1hY2NvdW50LWluLTIwMjAJcQlmMzZhYzgyOC02MDg3LTQyOTgtOTkwMi1hOWViZWNkNTIwYmIJbQkyMjM0MgliCTQzMwlnCTk0Mwl0CTUzMjEJYwk1Mzc2CWwJMTk4NjYJegkxODk0MQlzCTY2OTYJcAkyMjUwNwl3CW5ld3MJY3MJSUFCMTIJY3oJCWdjCUNBCWdyCVFDCWdkCWZhbHNlCWduCUNvcnBvcmF0ZQluZQlpbQluZAlpbQlzZAluYXRpb25hbHBvc3QuY29tCXNlCTYyNDMxOTcwMDkJbWMJMzA4MQluZglpdglxcAk1MAlxdAkyNTAwCXBuCTM5MjkJdm4JMTgzMzk1Nwl2cAkxCXZnCXByCWNpCTlkYjEzZDdiLTY0NmYtNzFkYy05OGZlLTFkODFiYjhmNGU0MAljcAlyYgl2dgkyMDIxMTIxN18wMDA5OmltYV9odG1sNTozLjUyOC4wCXd0CTE4NQl3ZQlbOTAxXSBhZE1hbmFnZXJFcnJvciBzdGFnZTppOkFuIHVuZXhwZWN0ZWQgZXJyb3Igb2NjdXJyZWQgd2l0aGluIHRoZSBWUEFJRCBjcmVhdGl2ZS4gUmVmZXIgdG8gdGhlIGlubmVyIGVycm9yIGZvciBtb3JlIGluZm8uCWFkCSxzeXM6UnViaWNvbixhaWQ6MSx0aXRsZTpWUEFJRCBXcmFwcGVyLGR1cjozMCxhcGlmdzpWUEFJRAlhZFRhZwkvL3ZpZGVvLWFkcy5ydWJpY29ucHJvamVjdC5jb20vdmlkZW8vMTY1NzgvMTM1OTg4LzE0NDAwNDYvMjAzL3Zhc3QueG1sP3RnX2MubGFuZ3VhZ2U9ZW4md2lkdGg9NTY0JmhlaWdodD0zMTcmcnBfc2NoYWluPTEuMCwxIWRpc3Ryb3NjYWxlLmNvbSw2MjQzMTk3MDA5LDEsLCwmdGdfaS5kb21haW49bmF0aW9uYWxwb3N0LmNvbSZyZj1odHRwcyUzQSUyRiUyRm5hdGlvbmFscG9zdC5jb20lMkZuZXdzJTJGcG9saXRpY3MlMkZuZWFybHktMTMwMDAtY2FuYWRpYW5zLXBvdGVudGlhbGx5LXZpY3RpbXMtb2YtY2VyYi1mcmF1ZC1hZnRlci1oYWNrZXJzLWFjY2Vzc2VkLXRoZWlyLW15Y3JhLWFjY291bnQtaW4tMjAyMCZ1c19wcml2YWN5PSZnZHByPTAmZ2Rwcl9jb25zZW50PQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.214.50.196 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-214-50-196.compute-1.amazonaws.com
Software
Apache /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:20 GMT
server
Apache
p3p
CP="NOI DSP COR CUR ADM DEV PSA PSD OUR BUS COM NAV INT"
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type
image/gif
content-length
42
expires
Mon, 26 Jul 1997 05:00:00 GMT
trendingrecommended
livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-05d38950df07/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-05d38950df07/trendingrecommended?limit=6&content_container_window_days=7&content_window_hours=3&sorted_by=total_visible_contents
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.250.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-204-250-37.compute-1.amazonaws.com
Software
/
Resource Hash
2f406054918d33be52abc54ba3ba4b5615bf26ed13cb31e65957ba00519f3aba

Request headers

Accept
application/json
Referer
https://nationalpost.com/
X-UNIQUE-ID
e92eb1d8-c4e3-45c9-8160-0e3805bd8a54
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type
application/json;charset=utf-8

Response headers

access-control-allow-origin
https://nationalpost.com
date
Mon, 05 Sep 2022 18:26:20 GMT
content-encoding
gzip
access-control-allow-credentials
true
content-length
1873
content-type
application/json
trendingrecommended
livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-05d38950df07/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-05d38950df07/trendingrecommended?limit=6&content_container_window_days=7&content_window_hours=3&sorted_by=total_visible_contents
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.204.250.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-204-250-37.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-unique-id
Access-Control-Request-Method
GET
Origin
https://nationalpost.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,X-REQUEST-SIGNATURE,content-type,X-UNIQUE-ID
access-control-allow-methods
POST,PUT,PATCH,DELETE,GET
access-control-allow-origin
https://nationalpost.com
access-control-max-age
43200
content-length
0
date
Mon, 05 Sep 2022 18:26:20 GMT
p
sb.scorecardresearch.com/ 		43 B
357 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=22807838&ns_type=hidden&ns_st_sv=5.4.0.161011&ns_st_smv=5.6&ns_st_it=r&ns_st_id=1662402375237&ns_st_ec=2&ns_st_sp=1&ns_st_sc=1&ns_st_psq=1&ns_st_asq=1&ns_st_sq=1&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=pause&ns_st_po=5311&ns_st_cl=77900&ns_st_mp=js_api&ns_st_mv=5.4.0.161011&ns_st_pn=1&ns_st_tp=0&ns_st_ci=1833957&ns_st_pt=5311&ns_st_dpt=5311&ns_st_ipt=5311&ns_st_et=5311&ns_st_det=5311&ns_st_upc=5311&ns_st_dupc=5311&ns_st_iupc=5311&ns_st_upa=5311&ns_st_dupa=5311&ns_st_iupa=5311&ns_st_lpc=5311&ns_st_dlpc=5311&ns_st_lpa=5311&ns_st_dlpa=5311&ns_st_pa=5311&ns_ts=1662402380549&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=1&ns_st_pp=1&ns_st_br=0&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=distroscale&c3=news&c4=*null&c6=*null&c7=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&c9=&distroscale_guid=c_5321_6696_e8d459a7-399a-48e7-9d38-8d11bb0ce7ae
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-77.jfk50.r.cloudfront.net
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:20 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
content-length
43
x-amz-cf-id
Ly1FYE3J-XlA_owVD3OtmPryt820z_ww0eYqioCXAi2f4nwBb_2FBw==
x-cache
Miss from cloudfront
content-type
image/gif
p
sb.scorecardresearch.com/ 		43 B
359 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=22807838&ns_type=hidden&ns_st_sv=5.4.0.161011&ns_st_smv=5.6&ns_st_it=r&ns_st_id=1662402375237&ns_st_ec=3&ns_st_sp=1&ns_st_sc=1&ns_st_psq=2&ns_st_asq=2&ns_st_sq=2&ns_st_ppc=1&ns_st_apc=1&ns_st_spc=1&ns_st_cn=1&ns_st_ev=play&ns_st_po=5311&ns_st_cl=77900&ns_st_mp=js_api&ns_st_mv=5.4.0.161011&ns_st_pn=1&ns_st_tp=0&ns_st_ci=1833957&ns_st_pt=5311&ns_st_dpt=0&ns_st_ipt=0&ns_st_et=5312&ns_st_det=1&ns_st_upc=5311&ns_st_dupc=0&ns_st_iupc=0&ns_st_upa=5311&ns_st_dupa=0&ns_st_iupa=0&ns_st_lpc=5311&ns_st_dlpc=0&ns_st_lpa=5311&ns_st_dlpa=0&ns_st_pa=5311&ns_ts=1662402380550&ns_st_bc=0&ns_st_dbc=0&ns_st_bt=0&ns_st_dbt=0&ns_st_bp=0&ns_st_skc=0&ns_st_dskc=0&ns_st_ska=0&ns_st_dska=0&ns_st_skd=0&ns_st_skt=0&ns_st_dskt=0&ns_st_pc=1&ns_st_dpc=0&ns_st_pp=1&ns_st_br=0&ns_st_ub=0&ns_st_ki=1200000&ns_st_pr=*null&ns_st_sn=*null&ns_st_en=*null&ns_st_ep=*null&ns_st_ct=vc11&ns_st_ge=*null&ns_st_st=*null&ns_st_ce=*null&ns_st_ia=*null&ns_st_ddt=*null&ns_st_tdt=*null&ns_st_pu=distroscale&c3=news&c4=*null&c6=*null&c7=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020&c8=Nearly%2013%2C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%20CRA%20accounts%20in%202020%20%7C%20National%20Post&c9=&distroscale_guid=c_5321_6696_e8d459a7-399a-48e7-9d38-8d11bb0ce7ae
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-77.jfk50.r.cloudfront.net
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Mon, 05 Sep 2022 18:26:20 GMT
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
content-length
43
x-amz-cf-id
cEU7ROFHDoN_wY_VtPCAbcQ5JFycex7zBN9xxDIyvbA1EbJZGETxuQ==
x-cache
Miss from cloudfront
content-type
image/gif
pixel;r=1976209641;labels=cm.content;event=refresh;rf=0;a=p-w9vzu-sGKCA0U;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hacke...
pixel.quantserve.com/ 		35 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.quantserve.com/pixel;r=1976209641;labels=cm.content;event=refresh;rf=0;a=p-w9vzu-sGKCA0U;url=https%3A%2F%2Fnationalpost.com%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020;uht=2;fpan=0;fpa=P0-429207354-1662402374809;pbc=;ns=0;ce=1;qjs=1;qv=087c24cc-20220902090643;cm=;gdpr=0;ref=;d=nationalpost.com;dst=0;et=1662402380555;tzo=0;ogl=site_name.nationalpost%2Ctype.article%2Ctitle.Nearly%2013%252C000%20Canadians%20potentially%20victims%20of%20CERB%20fraud%20after%20hackers%20accessed%2Cimage.https%3A%2F%2Fsmartcdn%252Egprod%252Epostmedia%252Edigital%2Fnationalpost%2Fwp-content%2Fuploads%2F2022%2F08%2Cimage%3Awidth.750%2Cimage%3Aheight.1000%2Curl.https%3A%2F%2Fnationalpost%252Ecom%2Fnews%2Fpolitics%2Fnearly-13000-canadians-potentially-victim;sxl=5;sxc=5;ses=51b0790d-c48b-408a-be55-d70b17525112
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:b08a:1dc5:659b:4055 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 05 Sep 2022 18:26:20 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
145.4699927e96ec45f5f859.css
cdn.viafoura.net/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/145.4699927e96ec45f5f859.css
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4afc4a53b4794e979cde7eb664f0fbae7469528549950545d185fb05434af024

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428133
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:35 GMT
server
AmazonS3
etag
W/"fe0f9595a9791a46228c2a8fea5edb3b"
vary
Accept-Encoding
x-amz-version-id
ngtL42yKpR9hoa2fLhq1UOnY45rbz1O1
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
text/css; charset=utf-8
x-amz-cf-id
AygZwKqkQshz8U-rVCMiGCorMW9yR1Npegm7Zr-NgVOhpMmnM3OOzQ==
vendors~content_recirculation_js.a27aa5c4dc80ee008c71.js
cdn.viafoura.net/chunks/ 		139 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/vendors~content_recirculation_js.a27aa5c4dc80ee008c71.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1fe3fac08d88de6c6dcd9aa76a8bc502d7bdff729270eafef275997bc2d28ff2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428133
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:22 GMT
server
AmazonS3
etag
W/"6c6c383702d0a638ab35d7fff3e5bfbd"
vary
Accept-Encoding
x-amz-version-id
HthRbvYCrpVKtr5BIWmoFAmVQ6dyiWUx
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
F9NGwXHAn5AtiZHyxny95kOMR-NvDQOX7GrVvDFffeyEgd7rPwQU7w==
35.eaa9d0b7b6f00cc1ed6a.css
cdn.viafoura.net/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/35.eaa9d0b7b6f00cc1ed6a.css
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
511feb67170fd1699ba78b3b37c81119b5e4a357adfbfe56d42709ccfef7dc25

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428133
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:36 GMT
server
AmazonS3
etag
W/"a6061296416047038f0d2ba81dc4075d"
vary
Accept-Encoding
x-amz-version-id
g02W5hYxGW7X52kxL_4e5m8FngNQzdba
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
text/css; charset=utf-8
x-amz-cf-id
_OxsG8NvivG_MX56q01A7Bn4d6eh9p0TCGhXSu4D8Jgyn3ar3634Sw==
content_recirculation_js.32014f52635e7d99513a.js
cdn.viafoura.net/chunks/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/chunks/content_recirculation_js.32014f52635e7d99513a.js
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:9000:21dd:3600:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
671e88c62a81bcb199af405fd4d880bcae019ca3237a428ff45c7dc4a1c9acee

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://nationalpost.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36

Response headers

date
Wed, 31 Aug 2022 19:30:48 GMT
content-encoding
br
age
428133
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 31 Aug 2022 19:30:21 GMT
server
AmazonS3
etag
W/"eacabb97d0a3c368958ec6e93606ac68"
vary
Accept-Encoding
x-amz-version-id
ZqTkT15jVq1VN2r_9MVMFneoWbAGZITB
via
1.1 4e3df844337032b56b8434990b0f76ca.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
EWR53-C2
content-type
application/javascript; charset=utf-8
x-amz-cf-id
5DGw_jMI_s4jy7xcf5RCzsSJoTwSNC8XakMAOuTy5gr_yTFpeVtJQg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
btlr.sharethrough.com
URL
https://btlr.sharethrough.com/t6oivhQt/v1?placement_key=D2abA1Rp6kBk6UGfedAGLUhB&bidId=_AHiK6p3H&instant_play_capable=true&hbSource=indexExchange&hbVersion=2.3.0&cbust=1662402373631&secure=true&ttduid=a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
Domain
s.amazon-adsystem.com
URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_n-LoopMe_pm-db5_n-simpli.fi_ym_bf_rbd_rx_n-Outbrain
Domain
csi.gstatic.com
URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~l7p3gdq8&c=8120224028378&slotId=4060112014189&fb=ima_html5-lima&sdkv=h.3.528.0&mrd=4&aab=1&itv=1&uet=2&met.4=err.l7p3ge6y&aec=901&rec=loaded-1%7Cshow_ad-1%7CskippableStateChanged-1%7Cerror-1

Verdicts & Comments Add Verdict or Comment

164 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| setNptTechAdblockerCookie object| script object| LRNameSpace object| LoginRadiusDefaults function| LoginRadiusUtility function| LoginRadiusApiFramework function| setLoginRadiusDefaultSchema function| setLoginRadiusModuleFunctions function| LoginRadiusHooksModel function| SetLoginRadiusCommonFunctions function| LoginRadiusControllers function| LoginRadiusV2 function| FormValidator object| hash object| modern_script_elem object| legacy_script_elem object| ytAdTargetingLoadEvent function| script_onload string| locSrc object| ytVideoAdTargetingConfig object| webpackJsonpFrontEndModules object| tp object| FrontEndModules object| googletag object| aax object| permutive object| apstag function| Krux function| BlockAdBlock object| blockAdBlock object| ggeac object| google_tag_data object| google_js_reporting_queue object| headertag object| Criteo function| headertag_render object| pbjs function| sovrn_render boolean| apstagLOADED object| webpackChunkdjango_content_services object| __permutive undefined| google_measure_js_timing object| __iasPET object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_128 object| Criteo_128 object| diagPixSentCodes object| __iasAdRefreshConfig object| Sailthru object| PublisherCommonId string| iasScores object| vf object| vfQ object| dataLayer object| KruxDataLayer object| mParticle object| gtm_data_layer object| mpOneTrustKit object| GoogleTagManagerKit function| OptanonWrapper object| dl_mparticle object| mp_data_layer object| COMSCORE function| udm_ object| _comscore string| ds_checkpoint object| vx object| B64 function| pad object| B64URL object| _qevents number| norm object| _vfP object| core boolean| vfLoaded function| setImmediate function| clearImmediate object| regeneratorRuntime object| viafoura object| google_tag_manager function| postscribe object| google_tag_manager_external function| onYouTubeIframeAPIReady object| Ribn function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| _typeof boolean| pnFullTPVersion number| pnInitPerformance boolean| pnHasPolyfilled object| pn string| __tpVersion object| SWG function| ___tp string| GoogleAnalyticsObject function| ga function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| PianoESPConfig string| url function| ds_ct495775 object| replaced string| ct3p function| vxtracke8d459a7-399a-48e7-9d38-8d11bb0ce7ae function| dvptrack function| tdValidator object| googleToken object| googleIMState function| processGoogleToken function| e function| t object| marfeel function| fbq function| _fbq function| autotrack function| gtag function| ds_trace_e8d459a7-399a-48e7-9d38-8d11bb0ce7ae number| google_unique_id object| gaGlobal object| gaplugins object| gaData function| _ga_originalSendHitTask object| GoogleGcLKhOms function| vxvideojsinit function| ds_dvp_next function| ds_dvp_previous number| tmpval function| ds_ctwrap820901 function| ds_float_close object| PARSELY object| ns_ object| webpackChunk_marfeel_marfeel_sdk object| __mrfCompass object| google_image_requests number| google_global_correlator object| closure_lm_883205 object| closure_lm_800199 object| closure_lm_20856

211 Cookies

Domain/Path Name / Value
app2.cision.com/ Name: JSESSIONID
Value: 35DE5C8A5FCFA1289587AC310A380870
.cision.com/ Name: __cf_bm
Value: L53bMnGZqjqgFy0X5glEu8pBwy9FalGX9mA6urEpuWo-1662402371-0-Af5UJz08rJfVf1rSgej2qZ23d4FpprB1jGc9/FVeNIAG2kPcm3mNoTR4l9KHOpV2ugnldaauli3KKI5izOHmEZI=
.adsrvr.org/ Name: TDID
Value: a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
nationalpost.com/ Name: aasd
Value: 1%7C1662402373477
.nationalpost.com/ Name: permutive-id
Value: a161c2b3-1387-440f-b59f-da9c85d45339
nationalpost.com/ Name: __aaxsc
Value: 2
nationalpost.com/ Name: sailthru_pageviews
Value: 1
.23dc09d6-b664-425a-a76e-0eed6a6cc102.prmutv.co/ Name: pxid
Value: dff5658c-53a1-4c60-a42d-50b695c91157
.openx.net/ Name: i
Value: 2776a1d4-b0c1-0b4b-29ef-129e736195d8|1662402373
nationalpost.com/ Name: political-ad-opt-out
Value: {"data":false,"exp":604800000,"ts":1662402373713,"mac":1298746264}
nationalpost.com/ Name: __adblocker
Value: false
.criteo.com/ Name: uid
Value: d04e5d27-6a7d-4645-ac96-95c12a98d896
.lijit.com/ Name: ljt_reader
Value: FRESbBZH1ezf_uvkQiiWfS6Y
.aaxads.com/ Name: aax-vsid
Value: 3054039731454855000V10
nationalpost.com/ Name: sailthru_content
Value: 8dd662fa88f22e32b599f60ca3b40392
nationalpost.com/ Name: sailthru_visitor
Value: d74c999c-7ff4-48f7-8e29-f9632114ee0d
nationalpost.com/ Name: x-id
Value: {"data":{"adLight":false,"id":"74d9swziex3rsndjocuvrhzfx947usxd","updated":1662402373953},"exp":604800000,"ts":1662402373953,"mac":-783131063}
fem.gprod.postmedia.digital/ Name: x-id
Value: {"data":{"adLight":false,"id":"74d9swziex3rsndjocuvrhzfx947usxd","updated":1662402373953},"exp":604800000,"ts":1662402373954,"mac":-783131032}
.yahoo.com/ Name: A3
Value: d=AQABBEU_FmMCEDjFCU6uWwuPTJangIea1rgFEgEBAQGQF2MgYwAAAAAA_eMAAA&S=AQAAAtDBArPLQs-IvT8dBS0fUWI
.adnxs.com/ Name: uuid2
Value: 4032320738726574262
.media.net/ Name: visitor-id
Value: 3054039741454857000V10
.emxdgt.com/ Name: uid
Value: 53591662402374007993a3
.aaxads.com/ Name: 055AAX
Value: 3cf6f712-b246-0e5c-1076-a418a5a934f9~~1
.zemanta.com/ Name: zuid
Value: PLFDKqO-3RxnE7C8itNt
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YxY-RgAE-bZcqQBN
.doubleclick.net/ Name: IDE
Value: AHWqTUmSkCCVFRmVQLq7WQZz3XU9shOurDvtfOPl0rMRI9ZLNF7W_1Ssa_pHv2xJyHk
.emxdgt.com/ Name: apn_id
Value: 4032320738726574262
.openx.net/ Name: univ_id
Value: 537072971|a5145ca0-88b0-4e4c-aeb9-c324ab89cd12|1662402374083293
.pubmatic.com/ Name: KADUSERCOOKIE
Value: D9369CA5-B8F4-4D72-BB18-B9B4D206204F
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 158984:2
.pubmatic.com/ Name: DPSync3
Value: 1662422400%3A174%7C1663545600%3A197_201%7C1662940800%3A164
.pubmatic.com/ Name: SyncRTB3
Value: 1663545600%3A22_3_48_54_13_165_178_21_166_56_104_55_233_240_5_71_7_231_176_234_220_8_99%7C1662940800%3A15_2_38_223%7C1663632000%3A35%7C1664928000%3A224%7C1663200000%3A63
.aaxads.com/ Name: 023AAX
Value: 4032320738726574262~~1
.turn.com/ Name: uid
Value: 2758493619497113667
.amazon-adsystem.com/ Name: ad-id
Value: A6EidiFqXEVvthQAGjNH5RM
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.mfadsrvr.com/ Name: tuuid
Value: 648dfd80-5793-4326-80c2-ef74a1d94944
.mfadsrvr.com/ Name: c
Value: 1662402374
.mfadsrvr.com/ Name: tuuid_lu
Value: 1662402374
.bidswitch.net/ Name: tuuid
Value: 114cb03c-984e-472c-86ef-eff5c043abf4
.bidswitch.net/ Name: c
Value: 1662402374
.bidswitch.net/ Name: tuuid_lu
Value: 1662402374
.aaxads.com/ Name: 172AAX
Value: 4032320738726574262brt53591662402374007993a3~~1
.viafoura.co/ Name: VfSess
Value: a1ncreunid3gg62odio62qjesf
.viafoura.co/ Name: vfThirdpartyCookiesEnabled
Value: true
.mfadsrvr.com/ Name: ssh
Value: !medianet,1662402374
.analytics.yahoo.com/ Name: IDSYNC
Value: "18za~26zu:18z8~26zu"
.quantserve.com/ Name: mc
Value: 63163f46-4d6dd-0064e-988c3
.creativecdn.com/ Name: u
Value: jKp84PibmTAX9uA4k7JP
.creativecdn.com/ Name: ts
Value: 1662402374
.adgrx.com/ Name: ADGRX_UID
Value: 3975656e-2d48-11ed-b5ba-2ee251714aca
.nationalpost.com/ Name: _pprv
Value: %7B%22consent%22%3A%7B%220%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%221%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%222%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%223%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%224%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%225%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%226%22%3A%7B%22mode%22%3A%22opt-in%22%7D%2C%227%22%3A%7B%22mode%22%3A%22opt-in%22%7D%7D%7D
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.rlcdn.com/ Name: pxrc
Value: CMb+2JgGEgUI6AcQABIFCOhHEAASBgi46wEQAA==
.jsrdn.com/ Name: u
Value: e6eda822-0e1f-45e0-a4a9-ef22357107a4
.deepintent.com/ Name: CDIUSER
Value: di_250dbdc8757c45e9bfab4
.pubmatic.com/ Name: KRTBCOOKIE_218
Value: 4056-YxY-RgAE-bZcqQBN&KRTB&22978-YxY-RgAE-bZcqQBN&KRTB&23194-YxY-RgAE-bZcqQBN&KRTB&23209-YxY-RgAE-bZcqQBN
.nationalpost.com/ Name: _pctx
Value: %7Bu%7DN4IgDghg5gpgagSxgdwJIBMQC4QBsDsYAzFAJwBmyAngPbkAW%2BAtkQEwgA0IArgM4wAnXtgB23XLi59BAZQAuEOX2wgIImiM4heCOTAyjxuAL5A
.owneriq.net/ Name: si
Value: Q7156887741677165914P
.owneriq.net/ Name: pmc
Value: 1
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-01b440bc-8c21-41ac-74ad-948fddcadfee.%2F2YI%2Fql21UJ4V4HsLAVzsNvIXK2q%2B3CBWJ5KJWQiJ%2FE
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AAbRAvIwhQax0rZSP3crf7pU4mbQ.abKBRV3nk01Zfwbn95cFk%2Fcaw26g%2FPeKOHSMgag2Wns
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-3975656e-2d48-11ed-b5ba-2ee251714aca&KRTB&23275-3975656e-2d48-11ed-b5ba-2ee251714aca
.acuityplatform.com/ Name: auid
Value: 690798747565
.acuityplatform.com/ Name: aum
Value: "OikKAfqbdXNlck1hdGNoQnlVc2VyTWF0Y2hpbmdJZE1hcPqANvqNdXNlck1hdGNoaW5nSWTMkWxhc3REcm9wVGltZU1pbGxpcyUBQUNcclaumGxhc3RTdWNjZXNzZnVsTWF0Y2hNaWxsaXMlAUFDXHJWro90aGlyZFBhcnR5VXNlcklkIfv7hnZlcnNpb27C+w=="
.nationalpost.com/ Name: _pcid
Value: %7B%22browserId%22%3A%22l7p3g9fwrmzeawnf%22%7D
nationalpost.com/ Name: __pnahc
Value: 0
.mathtag.com/ Name: uuid
Value: 5d8e6316-3f46-4300-9c36-e08cab2310c1
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-134a6419-450f-4543-8f4e-e0949ee3912d&KRTB&23340-134a6419-450f-4543-8f4e-e0949ee3912d
.w55c.net/ Name: wfivefivec
Value: Tk410fV91OvgNw5
.ipredictive.com/ Name: cu
Value: 5e5d81cf-122b-4a9c-9108-7114f8719535|1662402374379
.sitescout.com/ Name: ssi
Value: f27f0552-a74b-4ecc-88aa-c6c22e2d032a#1662402374379
.adform.net/ Name: C
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_469
Value: 8273-690798747565
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-AbRAvIwhQax0rZSP3crf7pU4mbQ
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:df576316-3f46-4a00-aa04-f79bbd66aad7&KRTB&16736-uid:df576316-3f46-4a00-aa04-f79bbd66aad7&KRTB&23019-uid:df576316-3f46-4a00-aa04-f79bbd66aad7&KRTB&23208-uid:df576316-3f46-4a00-aa04-f79bbd66aad7
.bidr.io/ Name: bito
Value: AAD6807GLH8AAA614xveyA
.bidr.io/ Name: bitoIsSecure
Value: ok
.adform.net/ Name: uid
Value: 273704926017452642
beacon.lynx.cognitivlabs.com/ Name: UID
Value: 58b11284-4c4c-4ba8-a6f8-fdcbb471f914
beacon.lynx.cognitivlabs.com/ Name: ss
Value: jn8253Uf2tN0YMQB6t0cmft7vkxKjsjr%2FF96q1ATmmmlAJ9WIITo1y41EoBiA2RQ3bQHb%2FuFPZGG0CEdLHzzrw%3D%3D
.w55c.net/ Name: matchpubmatic
Value: 5
.simpli.fi/ Name: suid
Value: 05EED659B2D148A3817D415113CAFFFA
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:Tk410fV91OvgNw5
.aaxads.com/ Name: 209AAX
Value: D9369CA5-B8F4-4D72-BB18-B9B4D206204F~~1
.pubmatic.com/ Name: KRTBCOOKIE_286
Value: 5193-Q7156887741677165914&KRTB&22521-Q7156887741677165914
.csync.loopme.me/ Name: viewer_token
Value: c6b153a6-c1d7-49ea-9334-3537a91983b3
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-092afed4-7c33-48da-ae97-84a34a7748d6-005%22%2C%22nxtrdr%22%3Afalse%7D
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&KRTB&22918-a5145ca0-88b0-4e4c-aeb9-c324ab89cd12&KRTB&23031-a5145ca0-88b0-4e4c-aeb9-c324ab89cd12
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-2758493619497113667&KRTB&23150-2758493619497113667
.piano.io/ Name: __cf_bm
Value: I4ezGemWxzNMJkM8mAWYVgzwtBX5E28YtW9KP8e6Hsc-1662402374-0-AT7WY+7cAnP2cAZqMlFdqU8ZicC4n7W0GsSSipE4GGjzizIsR793+FjzeYQoadtBD7NaeoX8oTOVYqdBJN2Ioyc=
.pippio.com/ Name: did
Value: 5aubV_dCoFWAMaEV
.pippio.com/ Name: didts
Value: 1662402374
.pippio.com/ Name: nnls
Value:
.tribalfusion.com/ Name: ANON_ID
Value: aAnseFqO2c9U2OqnverGyMB8fI4ZbcD3ISuAUYZbXc1JAp8CRx74THaFFwhSXGmWLrtxdNM7SGZdfY7nVnSvZaOY
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-5e5d81cf-122b-4a9c-9108-7114f8719535&KRTB&23011-5e5d81cf-122b-4a9c-9108-7114f8719535&KRTB&23355-5e5d81cf-122b-4a9c-9108-7114f8719535
.mxptint.net/ Name: mxpim
Value: R1B331_F5BEBE1A_3BDBEA52.1.000000000000000063163F46
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEGseGz_aAmJizJkrmNQWSGc&KRTB&16514-CAESEGseGz_aAmJizJkrmNQWSGc&KRTB&23025-CAESEGseGz_aAmJizJkrmNQWSGc&KRTB&23386-CAESEGseGz_aAmJizJkrmNQWSGc
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 1923-BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4&KRTB&19420-BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4&KRTB&22979-BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4&KRTB&23403-BQZyCABTdwgeAScIV1FuDgMDd1seDHsGUAbJFUm4
.pubmatic.com/ Name: KRTBCOOKIE_57
Value: 22776-4032320738726574262&KRTB&23339-4032320738726574262
.pswec.com/ Name: tuuid
Value: c66f65b1-dcab-4b0a-9fe6-272db7b54da8
.pswec.com/ Name: c
Value: 1662402374
.pswec.com/ Name: tuuid_lu
Value: 1662402374
.media.net/ Name: data-mf
Value: 648dfd80-5793-4326-80c2-ef74a1d94944~~1
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:05EED659B2D148A3817D415113CAFFFA
.nationalpost.com/ Name: __tbc
Value: %7Bkpex%7DfoHxL6m6vCdPwjS_k_EFSHOe6k4HhNW5v2yVhXSPnBxjeGlnmsfCiFVX7ZOHfHjL
.nationalpost.com/ Name: __pat
Value: -14400000
.nationalpost.com/ Name: __pvi
Value: %7B%22id%22%3A%22v-2022-09-05-18-26-14-368-JZ65kjvbCYVzh3j4-d4d023b1ada0511d9a6b136d034308db%22%2C%22domain%22%3A%22.nationalpost.com%22%2C%22time%22%3A1662402374593%7D
.nationalpost.com/ Name: xbc
Value: %7Bkpex%7DcJSo_7TQfjPanfxQuO0JObTLbIyRICBTlZu_9z2XTfDkeuHwpzA5k4Yrrnpvyexrt2WYf8jZt37FglgCL-6Zfb0cWNQs2gJGZB5dGnicw44rLhCMtLtgZwKynKwbbpmj
.dotomi.com/ Name: DotomiTest
Value: 6bb16993b48f0e71
.aaxads.com/ Name: 141AAX
Value: PLFDKqO-3RxnE7C8itNt~~1
.nationalpost.com/ Name: cto_bundle
Value: JIHFel9HdWdSM1d5aVJIRVNGVDFuRmZiUkZaVjNUUkFGVGw5Qm9Cc0glMkZnT2p3N2RiSnYlMkJpOXE3aVIwdGpWeUhUQ3BhYW9WbTFVdWV2VDhTdDB1UlMlMkZ5eWhrJTJCZXZmSkNJSGhRYlc2ZHRpWHglMkZtZHVZTUs3ampzemtNJTJGSFpGSCUyRjVCVld1azNabWhCYUlnMiUyQld2V3oyaWNhOTdtZGxmdUVDdlF2dXduU2t3Y0I3N3NVJTNE
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-092afed4-7c33-48da-ae97-84a34a7748d6-005%22%7D
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-273704926017452642&KRTB&23263-273704926017452642
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R1B331_F5BEBE1A_3BDBEA52&KRTB&23092-R1B331_F5BEBE1A_3BDBEA52
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-f27f0552-a74b-4ecc-88aa-c6c22e2d032a-63163f46-4341
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-RX-092afed4-7c33-48da-ae97-84a34a7748d6-005&KRTB&17107-RX-092afed4-7c33-48da-ae97-84a34a7748d6-005
.nationalpost.com/ Name: mprtcl-v4_4662F03F
Value: {'gs':{'ie':1|'dt':'us1-99b65fde89a1a145894d2d51d283cc83'|'av':'1.0.0'|'cgid':'ae473834-c423-48e0-83fa-f0fb53768646'|'das':'70d5c37e-89a2-4d8c-835f-9959020ad018'|'csm':'WyIyNTU5NDAwNDk3NDI5MDI2ODk2Il0='|'sid':'ABD28419-31CA-477B-9157-9186BCE4EB1E'|'les':1662402374401|'ssd':1662402374047}|'l':1|'2559400497429026896':{'fst':1662402374178|'ui':'eyIwIjoiNzRkOXN3emlleDNyc25kam9jdXZyaHpmeDk0N3VzeGQifQ=='}|'cu':'2559400497429026896'}
.media.net/ Name: data-rbh
Value: jKp84PibmTAX9uA4k7JP~~1
.scorecardresearch.com/ Name: UID
Value: 1A27cf7d60cadffb68aa4ea1662402374
nationalpost.com/ Name: qcSxc
Value: 1662402374816
.nrich.ai/ Name: _nauid
Value: 470ca248-9f37-4938-bef6-321cf2e74cb8
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AAAE4HKEElTsqQNjDf7VAAAAAAA&KRTB&22713-AAAE4HKEElTsqQNjDf7VAAAAAAA&KRTB&22715-AAAE4HKEElTsqQNjDf7VAAAAAAA
.pippio.com/ Name: pxrc
Value: CMb+2JgGEgQIAhAAEgYI7OsBEAA=
.nationalpost.com/ Name: _gid
Value: GA1.2.1272909826.1662402375
.nationalpost.com/ Name: _gat_UA-238413164-9
Value: 1
.lijit.com/ Name: ljtrtbexp
Value: eJyrVjI0U7IyNDMzNjM0tDQ30VGyMEDlG6NJW6LyTVDkawGL4BA1
.nationalpost.com/ Name: _gat_UA-138335866-30
Value: 1
.nationalpost.com/ Name: _gat_UA-213173459-3
Value: 1
.openx.net/ Name: pd
Value: v2|1662402373.1|iKbwvPvMgahEgKkWg2gy.mmuYeSf8ke
.nationalpost.com/ Name: _gat_UA-138335866-2
Value: 1
.3lift.com/ Name: tluid
Value: 4314556371279844782841
.sharethrough.com/ Name: stx_user_id
Value: 78924e43-1d47-4869-b9e8-0023b61d48e4
.krxd.net/ Name: _kuid_
Value: PD7B02vD
.nationalpost.com/ Name: _ga_7GC5VRWDF9
Value: GS1.1.1662402374.1.0.1662402374.0.0.0
.nationalpost.com/ Name: _ga
Value: GA1.1.1120338599.1662402375
.media.net/ Name: data-bs
Value: 114cb03c-984e-472c-86ef-eff5c043abf4~~1
.nationalpost.com/ Name: __qca
Value: P0-429207354-1662402374809
.linksynergy.com/ Name: rmuid
Value: 8653acb5-d071-498f-9a51-45637a346203
.linksynergy.com/ Name: icts
Value: 2022-09-05T18:26:15Z
.quantserve.com/ Name: d
Value: ENMBEgGDJ_ijDejbEA
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-114cb03c-984e-472c-86ef-eff5c043abf4
.pubmatic.com/ Name: PugT
Value: 1662402375
.nationalpost.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020%22%2C%22sref%22:%22%22%2C%22sts%22:1662402375136%2C%22slts%22:0}
.nationalpost.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=7215d0fc65e8de9c10af68d5fe101d26%22%2C%22session_count%22:1%2C%22last_session_ts%22:1662402375136}
nationalpost.com/ Name: _vfz
Value: nationalpost%2Ecom.00000000-0000-4000-8000-05d38950df07.1662402375.1.medium=direct|source=|sharer_uuid=|terms=
.nationalpost.com/ Name: _vfa
Value: nationalpost%2Ecom.00000000-0000-4000-8000-05d38950df07.e92eb1d8-c4e3-45c9-8160-0e3805bd8a54.1662402375.1662402375.1662402375.1
.rlcdn.com/ Name: rlas3
Value: AFBmrtk19vqKBMroGfYU0RVnfirkVzZtyWMHc4BAGFo=
.owneriq.net/ Name: p2
Value: sv
.sitescout.com/ Name: _ssuma
Value: eyI0NSI6MTY2MjQwMjM3NDUzOCwiNDgiOjE2NjI0MDIzNzUxOTAsIjM5IjoxNjYyNDAyMzc1MTkwLCIxNyI6MTY2MjQwMjM3NTI0MiwiNyI6MTY2MjQwMjM3NTE5MH0
.nationalpost.com/ Name: ___nrbic
Value: %7B%22previousVisit%22%3A1662402375%2C%22currentVisitStarted%22%3A1662402375%2C%22sessionId%22%3A%22570e1019-4f2c-4861-a48d-c7a453cc7457%22%2C%22sessionVars%22%3A%5B%5D%2C%22visitedInThisSession%22%3Atrue%2C%22pagesViewed%22%3A1%2C%22landingPage%22%3A%22https%3A//nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020%22%2C%22referrer%22%3A%22%22%7D
.nationalpost.com/ Name: ___nrbi
Value: %7B%22firstVisit%22%3A1662402375%2C%22userId%22%3A%22546dc072-3493-4c18-8137-c8bca41866b5%22%2C%22userVars%22%3A%5B%5D%2C%22futurePreviousVisit%22%3A1662402375%2C%22timesVisited%22%3A1%7D
.nationalpost.com/ Name: compass_uid
Value: 546dc072-3493-4c18-8137-c8bca41866b5
.nationalpost.com/ Name: _ga_72QH41ZTMR
Value: GS1.1.1662402375.1.0.1662402375.60.0.0
.tapad.com/ Name: TapAd_TS
Value: 1662402375272
.tapad.com/ Name: TapAd_DID
Value: 8b17354c-fb99-429b-9fcd-dc33a7cb4ba6
.lijit.com/ Name: _ljtrtb_43
Value: 6lb1rO8D8KzxUaCsuAHpquxT8P_xXPyiv1amiIXk
.lijit.com/ Name: _ljtrtb_3
Value: 5d8e6316-3f46-4300-9c36-e08cab2310c1
.rubiconproject.com/ Name: khaos
Value: L7P3GA77-14-DC4F
.rubiconproject.com/ Name: audit
Value: 1|hB2xTNJPv/H77wSPte7ptYEGPqIZOc0FlNN5VtBpr/QeECEUBMheilhItCnd9qy9R2uRBtnWE30kEa5N2k7U1SEEFoCDRlfY/fl9UxTBA2KsMyW2j+tLvKMcNyKzNUHRdNagGyTJzJG9+gdfTu7zmcF1c4dRQ9Az
.adsrvr.org/ Name: TDCPM
Value: CAESFwoIcHVibWF0aWMSCwiI_ZjhxN2HOxAFEhsKDHNoYXJldGhyb3VnaBILCMa6ievE3Yc7EAUYASABKAIyCwjGsoyY292HOxAFOAFaDHNoYXJldGhyb3VnaGAC
.lijit.com/ Name: ljtrtb
Value: eJyrVjJWslIyTbFINTM2NNM1TjMx0zUxNjDQtUw2NtNNNbBITkwyMjY0SDZU0lEyAak1y0kyLPK3cLHwrqoITXQuLnX0KCgsrQixCIiviAiozCwzTMzN9IzIVqoFAEd%2BGl8%3D
.lijit.com/ Name: _ljtrtb_80
Value: L7P3GA77-14-DC4F
.nationalpost.com/ Name: _fbp
Value: fb.1.1662402375413.2068803609
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.spotxchange.com/ Name: audience
Value: 3a1c23db-2d48-11ed-903d-170bbb690503
.facebook.com/ Name: fr
Value: 01XOlMpJmudNV9wKH..BjFj9H...1.0.BjFj9H.
.nationalpost.com/ Name: _vfb
Value: nationalpost%2Ecom.00000000-0000-4000-8000-05d38950df07.2..1662402375....
.smartadserver.com/ Name: pid
Value: 691582321626813154
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: csync
Value: 127:AAD6807GLH8AAA614xveyA
.viafoura.co/ Name: vfDeviceId
Value: 1d25d7a9-237e-4dcd-8e81-0767129f54b1
events.newsroom.bi/ Name: 1528_u
Value: 546dc072-3493-4c18-8137-c8bca41866b5
events.newsroom.bi/ Name: 1528_s
Value: 570e1019-4f2c-4861-a48d-c7a453cc7457
events.newsroom.bi/ Name: 1528_lv
Value: null
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: b807d3d24bdaca65861859529a9e5196
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQSLIwME8xTjEySUpJTE40M7UwM7QwtTQ1sky0TDU1tDRjAIJkMXt3EA0FAEYoCZE%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBIFrN3B1JQAAAMmwEA"
.eyeota.net/ Name: mako_uid
Value: 1830ee72ff4-10cb0000010a5a1e
.eyeota.net/ Name: SERVERID
Value: 23070~DM
.contextweb.com/ Name: V
Value: JhZ9L514tjrH
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1fxp|7dN.0.AAD6807GLH8AAA614xveyA
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: fb794b748d40b705
.nationalpost.com/ Name: __gads
Value: ID=a72eb7629b80d5db:T=1662402374:S=ALNI_MaG5ZEIoVbEExEraDshD_N8NH1cuQ
.nationalpost.com/ Name: __gpi
Value: UID=000007fd53faf469:T=1662402374:RT=1662402374:S=ALNI_MaU4wHcLzfBc_QuIl36hDMQ9OpRdg
.casalemedia.com/ Name: CMID
Value: YxY-R-sDvI8TTtYUEMh6VAAA
.casalemedia.com/ Name: CMPS
Value: 026
.casalemedia.com/ Name: CMPRO
Value: 026
.technoratimedia.com/ Name: tads_uid
Value: F829E28F45B747739186F624E4FC1B4E
.technoratimedia.com/ Name: tads_uid_cd
Value: 20220905142615-0400
.technoratimedia.com/ Name: tads_zora
Value: 2
.technoratimedia.com/ Name: tads_uidp_73
Value: AAD6807GLH8AAA614xveyA
.ml314.com/ Name: u
Value: aHR0cHM6Ly9jZG4ua3J4ZC5uZXQvcGFydG5lcmpzL3hkaS9wcm94eS4zZDIxMDBmZDcxMDcyNjJlY2I1NWNlNjg0N2YwMWZhNS5odG1sIyFreGNpZD11ZXBuMTg1NjUma3h0PWh0dHBzJTNBJTJGJTJGbmF0aW9uYWxwb3N0LmNvbSZreGNsPWNkbiZreHA9
.ml314.com/ Name: pi
Value: 3629847580089778247
.agkn.com/ Name: ab
Value: 0001%3AV595Rql3wDNnhgHzaK%2FSilMMsTyuNrV8
.pubmatic.com/ Name: KRTBCOOKIE_699
Value: 22727-AAD6807GLH8AAA614xveyA
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2C%ss(GBP!]tbPl1M>e)ZlrFUfJ+tGXxoDa<.Fb>Ny6*^#.7FP2[_(SeRi0c?/WX5jO=h3If)y3KL9D3I?+F>dtt1
.casalemedia.com/ Name: CMTS
Value: 032
.pubmatic.com/ Name: SPugT
Value: 1662402354
.tremorhub.com/ Name: tvid
Value: 8c2956378ae34c04a761e19572d9eee2
.tremorhub.com/ Name: tvv
Value: 1
.go.sonobi.com/ Name: __uis
Value: 623e5cf8-0a54-4a73-9c12-9b7c2f22b512
.go.sonobi.com/ Name: _usd_nationalpost.com
Value: e87c9012-4bf7-4f95-b94c-9c5cd7aeead0
.go.sonobi.com/ Name: __uih
Value: 1
.go.sonobi.com/ Name: __uir_bw
Value: 1
.go.sonobi.com/ Name: __uir_mm
Value: 1
.go.sonobi.com/ Name: __uir_td
Value: 1
.go.sonobi.com/ Name: HAPLB8A
Value: s8750|YxY8z
.adnxs.com/ Name: icu
Value: ChgIybE_EAoYASABKAEwyf7YmAY4AUABSAEKGAiwvU8QChgBIAEoATDF_tiYBjgBQAFIARDJ_tiYBhgB

37 Console Messages

Source Level URL
Text
security error URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://fem.gprod.postmedia.digital/v65.0/fem.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
network error URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Message:
Failed to load resource: the server responded with a status of 451 ()
worker error URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
worker error URL: https://nationalpost.com/news/politics/nearly-13000-canadians-potentially-victims-of-cerb-fraud-after-hackers-accessed-their-mycra-account-in-2020
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c.aaxads.com/aax.js?pub=AAX24X4M7&hst=nationalpost.com&ver=1.2
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://static.criteo.net/js/ld/publishertag.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://js-sec.indexww.com/ht/p/184635-225789216445563.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c.amazon-adsystem.com/aax2/apstag.js(Line 1)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://cdn.krxd.net/ctjs/controltag.js.387e8802bbd0d9fbfa52c1546d7297df(Line 4)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js(Line 17)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://tpc.googlesyndication.com/sodar/sodar2.js(Line 31)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://tpc.googlesyndication.com/sodar/sodar2.js(Line 31)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022083001.js(Line 9)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://connect.facebook.net/en_US/fbevents.js(Line 23)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://connect.facebook.net/en_US/fbevents.js(Line 23)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 567)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 528)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 528)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 567)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 528)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 528)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 567)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 528)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 528)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c.amazon-adsystem.com/aax2/apstag.js(Line 1)
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.
security error URL: https://c5x8i7c7.ssl.hwcdn.net/vplayer-parallel/20211217_0009/ds_vplayer_detached.min.js
Message:
The source list for the Content Security Policy directive 'default-src' contains an invalid source: ''unsafe-dynamic''. It will be ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * 'unsafe-eval' 'unsafe-dynamic' 'unsafe-inline' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

23dc09d6-b664-425a-a76e-0eed6a6cc102.edge.permutive.app
23dc09d6-b664-425a-a76e-0eed6a6cc102.prmutv.co
5ew8d-b3mmu.ads.tremorhub.com
8b64d97d00ca1f5e3b3110228482b120.safeframe.googlesyndication.com
a.jsrdn.com
a.tribalfusion.com
aa.agkn.com
ad.turn.com
ads.pubmatic.com
adservice.google.ca
adservice.google.com
ajax.googleapis.com
ak.sail-horizon.com
analytics.google.com
ap.lijit.com
apex.go.sonobi.com
api.permutive.com
api.rlcdn.com
api.sail-personalize.com
api.viafoura.co
app2.cision.com
as-sec.casalemedia.com
assets.ribn.com
auth.lrcontent.com
b1sync.zemanta.com
beacon.krxd.net
beacon.lynx.cognitivlabs.com
bh.contextweb.com
bidder.criteo.com
btlr.sharethrough.com
buy.tinypass.com
c.aaxads.com
c.amazon-adsystem.com
c.jsrdn.com
c1.adform.net
c2.piano.io
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
c5x8i7c7.ssl.hwcdn.net
cdn.adsafeprotected.com
cdn.krxd.net
cdn.parsely.com
cdn.permutive.com
cdn.tinypass.com
cdn.viafoura.net
cdnjs.cloudflare.com
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
config.lrcontent.com
connect.facebook.net
consumer.krxd.net
contextual.media.net
creativecdn.com
cs.emxdgt.com
csi.gstatic.com
csync.loopme.me
dcs-static.gprod.postmedia.digital
dis.criteo.com
distroscale-d.openx.net
dsp.nrich.ai
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
events.newsroom.bi
experience.tinypass.com
fem.gprod.postmedia.digital
flowcards.mrf.io
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlesync.permutive.com
gum.criteo.com
hbopenbid.pubmatic.com
hbx.media.net
htlb.casalemedia.com
i.jsrdn.com
i.viafoura.co
ib.adnxs.com
id.rlcdn.com
identity.mparticle.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imasdk.googleapis.com
js-sec.indexww.com
jssdkcdns.mparticle.com
jssdks.mparticle.com
l3.aaxads.com
livecomments.viafoura.co
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
ml314.com
mug.criteo.com
nationalpost.com
notifications.viafoura.co
optimized-by.rubiconproject.com
p1.parsely.com
pagead2.googlesyndication.com
pippio.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.adsafeprotected.com
pixel.quantserve.com
pixel.tapad.com
pm.w55c.net
pmp.mxptint.net
postmedia-d.openx.net
postmedia.hub.loginradius.com
pr-bh.ybp.yahoo.com
prebid-server.rubiconproject.com
ps.eyeota.net
pubads.g.doubleclick.net
pubmatic-match.dotomi.com
px.owneriq.net
pxl.qccerttest.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.mfadsrvr.com
rtb.openx.net
rules.quantcount.com
s.amazon-adsystem.com
s.jsrdn.com
s.tribalfusion.com
s0.2mdn.net
s3-us-west-2.amazonaws.com
sb.scorecardresearch.com
sdk.mrf.io
search.spotxchange.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
smartcdn.gprod.postmedia.digital
ssum-sec.casalemedia.com
stags.bluekai.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.ipredictive.com
sync.mathtag.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
t.pswec.com
tag.1rx.io
tags.rd.linksynergy.com
tpc.googlesyndication.com
u.openx.net
u12097671.ct.sendgrid.net
um.simpli.fi
ums.acuityplatform.com
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
video-ads.rubiconproject.com
www.aaxdetect.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.npttech.com
x.bidswitch.net
btlr.sharethrough.com
csi.gstatic.com
s.amazon-adsystem.com
104.18.18.126
104.18.19.126
104.19.150.54
104.36.115.109
104.36.115.111
104.36.115.114
107.178.246.49
107.178.254.65
108.138.128.77
108.139.47.129
108.139.52.24
13.225.214.50
13.225.214.51
13.226.25.39
141.148.45.191
142.250.64.66
142.250.65.194
15.197.193.217
151.101.2.207
151.101.66.133
151.101.66.207
151.101.66.49
167.89.118.28
169.197.150.8
173.231.184.20
178.250.0.157
18.204.250.37
18.215.140.171
18.235.217.239
184.29.128.213
184.29.128.24
184.29.129.7
185.167.164.43
185.184.8.90
188.40.92.96
192.35.249.127
192.35.249.142
198.148.27.140
199.127.204.142
199.187.193.199
2001:4860:4802:34::178
2001:4860:4802:34::181
204.2.255.233
204.236.250.205
205.185.216.10
205.185.216.42
207.198.113.86
216.200.232.249
23.1.200.83
23.197.37.29
23.21.236.46
23.21.59.154
23.217.18.198
23.217.28.180
23.217.29.148
23.217.30.202
23.217.43.215
23.34.248.177
23.92.190.69
2600:1f18:44f0:4864:b609:1375:60a5:e0dc
2600:1f18:4e9:5a01:19f8:d00:d1ab:5f75
2600:1f18:612b:4232:404:2bd9:b8a8:362
2600:9000:21dd:3600:8:2ae1:d740:93a1
2600:9000:21dd:400:6:44e3:f8c0:93a1
2600:9000:21dd:6800:11:615:7240:93a1
2600:9000:23ca:3000:7:75d4:e40:93a1
2606:4700:10::6816:49e8
2606:4700:10::ac43:835
2606:4700:3032::ac43:bf95
2606:4700:4400::6812:230b
2606:4700::6810:f015
2606:4700::6811:180e
2606:4700::6811:b6b1
2606:4700::6812:451
2606:4700::6812:5f3c
2606:4700::6813:ac6c
2606:ae80:1471:17::1080
2607:f8b0:4001:c0a::5e
2607:f8b0:4004:c06::9a
2607:f8b0:4006:807::2002
2607:f8b0:4006:808::200a
2607:f8b0:4006:809::2002
2607:f8b0:4006:80b::2001
2607:f8b0:4006:80c::2002
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81e::2004
2607:f8b0:4006:81e::200a
2607:f8b0:4006:81f::2003
2607:f8b0:4006:820::2002
2607:f8b0:4006:820::2008
2607:f8b0:4006:821::2003
2607:f8b0:4006:821::2006
2607:f8b0:4006:822::200a
2620:100:a001::4
2620:100:a001::c
2620:112:f002:bbbb::21
2620:116:800b:21:b08a:1dc5:659b:4055
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:181:face:b00c:0:25de
2a04:4e42:400::645
2a04:4e42:600::645
2a04:4e42::645
3.214.50.196
3.224.21.15
3.230.217.116
34.107.254.252
34.111.234.236
34.111.249.109
34.117.54.29
34.120.155.137
34.133.71.175
34.149.157.221
34.194.161.83
34.196.96.235
34.197.192.192
34.98.64.218
34.98.67.3
35.169.125.112
35.190.60.146
35.207.24.140
35.211.178.172
35.227.252.103
35.241.9.51
35.71.139.29
44.199.168.235
44.209.207.157
44.210.205.198
51.68.39.188
52.205.223.187
52.206.176.232
52.218.216.144
52.4.169.124
52.4.33.45
52.45.33.138
52.45.87.68
52.46.151.131
54.230.163.28
54.243.198.75
63.251.114.182
64.74.236.255
67.226.210.221
68.67.178.10
68.67.179.153
69.166.1.15
69.90.254.78
72.44.36.54
74.119.119.129
74.119.119.150
75.2.40.13
8.28.7.81
8.28.7.83
8.28.7.84
8.43.72.98
02f0f55e9b67dc13c26475a6d285dd13febd09128f48cb59bbd7d62073669a7c
04142857a43c3bf04f03b182ac95d7a519e9c85ec50f44247edd23f951232d98
048968c6d38c394e2b7f848c6b0155af214fd68fdc97df109e5233974c9def9c
068a5938941f955fa3d722412552496ecd26b823c764e81c9fa97500ccca5e08
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07275140ea3f47293d4f8a51d785a766eb1c94e4ae087f7c60c5bd611328ac86
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b5bcd5e455fe140dfa582f1f66284a5af4f1de829a3341cca1720cc6b02d8ad
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e8f14055778572523749dac4a91cca0326c88bfac607ac705a57f1aae91d83d
106b200355126d8985af1cf084f580e2a2c31760b1bb0695c61cd1841ccc3ac6
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11b360963cee2563b6f93fc397a436c1c5b8ace543f35a9bb76095bd40ceccb2
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
127de201f02eebb179b938df00ae738418ab549d7cc36c929f6756159afb63d1
1403aa4c8bf4ff7f9c70c5caf1f901e20358352c4480b0012c583db01aea8e5b
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
15b54a90686829d59ef0c2bc6a9e2e82b6a11536be56acf2b4ff414b081c891d
15ce85c85762492a8b5f07665999d854af04470347c9698d9f186e0849b3f05c
16f0657fcf8192f39158391e7f6b3f4e2c0b30a2b08b0d2c99aa76f5e7b1a480
17b6c419a7f65afd0e75266dcace486b79ceae9242177feaa960dda92816c4cb
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1aa4d55e3601b2a646f69b1133331c9235d6fd21e16cbb9b11e42a2c48dec694
1b6dfbc0392b3e04e6f10a39a7c097635148b6bc998c13ffbda40d5b3df488c8
1ed4a787e0f6813387f0edbbf3e86597961f764753d93d48e084b18f90983cf0
1f15676ee75f87fd704916039b36f7bdb125cedca7f8f14987c9d34a6beebfdf
1fb82c9bb456f6d5336430ebb3d5b1e596ceb303ee99690f0c9187aa13a0cd43
1fe3fac08d88de6c6dcd9aa76a8bc502d7bdff729270eafef275997bc2d28ff2
20790ed4c06d4677de7626ff358c1695c69757a3122f9fed22219e9480e94044
2425b660230bb48d5acfa6dc31dc7d417c427523544e605e23272bb135c6b658
24fb15a65abfb973ff2004f5eaaf6661720869a7cc4837df7dfb54a45eb7751c
2510ed81c525ffb3948c9e103bc6d56f036e45346a0d4c6e481602c223c74ba5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
269c614f28c2a9470a6f1c3642a1734986a949f9272a0ce52e1c9d7eb888028f
27d7b573de36acef9ddbf975de05251f5219d2e4b8424288aae62aa57d5a6396
2a647bbfb5c6723ca10f9833ae08d3381b0061f982959571e56a55d7768cb7a5
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
2beb4966a47048142ff5b93c710bafe5c888fa3733a8f38094363a542ee5a38d
2e8c01b60beeee6e8cd9d8eacb279ca992f4528dcf3562e76b48d6abb743819f
2e8db71249f82bb7584f1a2b6744275d18a4b5940ec8d48da133c65e81d5a23b
2f406054918d33be52abc54ba3ba4b5615bf26ed13cb31e65957ba00519f3aba
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3021dbc38c2dfd3da4cda6c72c24bc160cfc2ff37cb8acb9b2d16ba5da750274
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
325f52363629bbbffc2a15baea39bd8b41d961fde9ed579c7246d2466a67594e
32cf0a8fe53899cf276cb12df8c8f5f1558bfb49a803502eda8296818dafef6f
3302399a73c776a578acb294da4e6550f2005064a0b63956a8f6183e5b22c47f
335c52c7dc4f7e3a35a5f7f80daa871f33660ce85b493ebf396372ffc01f17bc
33e939a950bdbf1eaa9373978a3d4a7d2e438adac741f373650db4e67478b0a2
35700fd4dc1a4008ab66bc0e57c19689f6daca9368bfd2a6beea1b86dc0159d8
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
3766e73dd0411446249f9d4b6562182f380f3abe44e861903fa7ae869ef63637
37da4b71617ed7bac9f388a0b8f1334b8f3c6fbadc1510cb9ce5bab13de9e5ed
388e958dd7973a01f0392a2bdb6e5433b6f243488c479af17178eee4590714c6
390db02cdedc7d3edfb67a21ec3d19bc735a70c55f773273d26a2549925efa67
3923294932c548e1b567b0ac489bcc851a67789a470bc100ecf6760dcb4e7ff0
39b6a19464f16eb6efa94935d0ab5a0c86bf1e8916aeb19d568598c547122842
3b8e2dc664ad7fbb8435f6d509111dd94edfb86194bc1fa761a78795fd2a39af
3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9
3c2f71bfe1e4fbf520bbc1081f5addbfd8f6afd3491cf0eb284975e128fa5b3c
3c74ef042bfcf702752741a8c0fd1e1f8c691dc3b270a2c2f1739365596dc71c
3cd4a7897ee87950e5a3dacdc72cd2f78b03bfbd0de2573d742af2851aa83ef6
3d698e31208d0183fe977949e81a884f2f71ff20d92ae8c3832768a9ff037ad4
3dbf60ceccdb53078aafba7c52593670b5dd6d9257817e7f5387ff882cfab6a6
3e1795114336feb198f0cc3fd4ebeb25bede9124fee982f4deb0fee52f26d555
3eb0f6e4f509e0bbf9aa348aa5cb22e08095ea1bf8730eb407b39ed39f07c3c7
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3ffa6d54106feb1bc10c78fe010acccbc13eee047bbec19d4d3a635a025048ed
40dff71379e1db338222188af399e3991fdcf9b4a6605574808e39f5501eb5db
40e562e806ce113ae7879d0dd76db82797b5c274794751c260381f2c8b283641
41a79bd8e8df7d819d0c9c77e35aca49d229400992a97a136ef57d6768307d52
42e8aa892f98807c2b3f49f7c83002b605e357c9463e8a3fbaeffa805fae5bcc
4305ee3720747e1631b4966ec20feefc21bfe8dc9ce0c3f92e5d2ffc16846596
43475f06474226d187c62dae8ece3fc5d425487c06e8ccd8f5706c095bc038cc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
447eb00b6d62951a05e29ecab51b29122c21d4e6b59dd3d69952bfe6f5741220
4488b028a1fd5484471be21f9680aba82a92b9b56d2fd6f4d34fac44ab7086b8
478e6af52fb68e56ea81b5b785d63530428644c5f656abef360da891644c3243
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4afc4a53b4794e979cde7eb664f0fbae7469528549950545d185fb05434af024
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4baa280c316f80216c7d9dcb64f308726f23cfe4fd4ada8d36aee7c3ea101108
4bef0d2ce9ddd3dcd15889345ea8e4ae1eb38c2bcf50bcd76daed2dc63f0a424
4c81a618f5d53d3380ec72a4c754c3e4fdda31319bb82126f5702f652101ccf6
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f150bfe51e4ef18abef9570c3e6dc3c31a38130e6b779912014f7bf66f723b7
4f49e616d278a16d9cd55a6d5fe19c99ebd37d7d3848d14422190618b67011e0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
511feb67170fd1699ba78b3b37c81119b5e4a357adfbfe56d42709ccfef7dc25
515717e02c9cb8921544241462fa5fc4d6527e9b38bcc9b434d536a50329057b
52b01da32564c38a203ddd2b1a5b974eb2b31cf014245bed84e65771e90a4e91
52b74d98ab88a9aa9b379755c7850c63be30b6a23e56742a238c4a06db5d5e92
539b6a3aa366b330fefa27834c08720cd7e26c871e9eca9048387568899b3c89
541cfb7b64391ec90ea061be62a9e35b0c05c279c42afa79dac13d292ab71d6e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a4d3db85ff98894b08eb0dd28cdfd2365fd592cba74b263299b97295d2fdde
54d22e3cfe61d7d3c91a2b45d4e0bf68f444e4ee4cd875cee9a5084dd13af0db
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55a73cf3fb80e00430807e11f2eea59f28ab090e87a96fbeea2d5bbde2f8fc4e
561dcd35e7af10512106c11b6550f32713388356d88af8dee0afef9164c74d5c
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
574ee49322b85bbad4ad7717b04996355985fa03bb32fa98f3a6e15866a794ad
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
59816d7d3bb39f8ff81c61236994c9c2f39d1b56c3481c58ce77041242dcdc77
59a2e53b65cc36c0668ccbbb3198f71fff616a016cb44981fa5d82727aefd04a
5d046d38a35eef7bc96561c4fcd138273e334256e8794d653af811fa48c10532
5dc68de6610ca122274be56dd55630347a6109baf19a6af9c74092e9a114bdd5
5e6572ecaf3d41396ec6ad7deb8013b5a576bda7c600403066f1611ae3983450
5ea71bd07e560ea69f4bf12e5e48de530ce4a977ee361ed45ddcb581b060fd6c
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
619a9c51ba467534bf3f9591f20ccca11a846dcb623c3e83a27363d16aad7911
61a2b2588acde0ccae626edbff25bbe32c1ff43cc0d89859c4ef48af507cd356
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
659a8dee04b272c247129ff6513d23c16f4f9c183b5d64e7347815af8861a2a4
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
66dfe2ea916a284ce1824a074a9801d236fc375d3c3b7b59b660a22d252d0e11
671e88c62a81bcb199af405fd4d880bcae019ca3237a428ff45c7dc4a1c9acee
67372d9e5e23d711951cbfb5f8096954bfdc0d8866a48f233035af7ecc6b4f34
68910a4e5f85bcaf85782e3e6779e311e94ebff60a39fc8df48c5b1b071e05ea
68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c
694e6a3916a4091669a4d51c0f386163410c72315c5894ffa56456488a7117ce
6a0f07fac6fc58958b0e670e2d2927901e052938b2162c1553817aa4cbf5de2f
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bde9c925714f94fdaf6c4047379535fee158807108bcc53b8a40489fd627a05
6e3717c11e421a2267e1ab728461aeed493cbfdfe18e0448895effd0ec2454c2
6f69cfd72aad99cf8bcf52820772a316d3dfde1099b601006399144edbd386e3
70c53858886ce263e568de278e69566d76dff86b588700f10ebbce73e5a3ce51
719cad5bbadf88b575216439c854bdf2fda467462bf20782794cfd1bf2272d37
71f27f30bcea1929b2e4fb409abe0baf4029759e1deb3ee316e21016463dff61
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
73ce21104cbd5c5d38a7f58633f41f6aaf3cf9bb58d2166935871115df10086f
73f5cb8f7a137847e41aeb849588174535651b6e140d8b13575f46fff0c496a2
7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b
7681b74a0284c422ae2c92a9f63996d28e60a1c7afea7604f7e3ec1b36600b34
7862d1c86b425f5ccb25574e9490d9b1c80da5057ab556dfddf656ec05f14c08
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
79ac0a4f29873d7d66aa02765ae1c687af9685330ebe55210ab474058277668a
7beb96ef759b267b4159270a64ca009646a2e9a725882896b3dd431198b92058
7edc2145499b5a0f0e46cc2359d2f89e799518b959058a27b683183a64f056dc
7f4d33761cc0ddac9571bb77e972978376bf6776d0ca072c2660a374e09453ff
7f9694a5641741d04e1c98eb1011059826aa5feb34e47d2b2f95bdb47cb0c2f5
7ff8fb6c90b74da9aecce0b570db2cce7146fa67781c992381bc2c8065ca5e2c
81258da3ba59ff849aa0e0cd526b5b947667e44879de7d0f83fb1e53c27fcba8
82fa3bfda70106507e30ed360a21f48281f689ddd8cfe416483cc970249a6dad
8314def528e4754680a52208233bae39f52790f2614e4fdcd718c21d0154a171
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
837a36a83a7b0b74bb97e024a71398237be9ea134574460ef337d0ed99d3d9e5
848304b19734ea306b7d88fb7628d9b748077e13ed4b951eb1385238d55378d1
8512a94c30dc7fda4931ae11fc195ee3f2cbad5dff1dc2567cf3725c33093b2d
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8693aa2d6442bba7224236e021765c95fe40f7cfc6b6c9afd8c717c665f8a365
86cfb92760978f2c1c23f37303692dd2de3d35956777be1342fbac7408477662
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
89eaf9fe3a76b7ac4b5ce4663db06d9a9c4ee560adac393068ae3d044371d887
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8ddf9e8fa96d1bbbeaf292ca94fc082dde61e4a6be90c87f8b2609fd88edbd4d
8e7b1ea43c38e710e203681c158fc706a16773927a62bfc4a45e525bb366f2bb
8efa950be6d28aa1103053638a776ab8f2dcda011254bab316bc409018714e33
90e125c512e72bee59bf8c3e6fd8233830709d4bb22c5791aa626ef2653a2127
93481c95be23e8d522247e1617c9051b4b7c2d0e9ddfa89603a9a0199cdc4686
9381b0e8f1f70b87fc2e0866144a623037b946a0e830a8e7b1a545078c827320
9685145fc6691742536e349a2953828a84fd729012f34f00cb09b8a26f713b6f
9713a012c5f41fc2a4ef34953967ef5098f28bbd384eedb1ffad25112b722589
972e3f1f6fcaf89d68e9b9b42c05ce6740d4abf4a095bb27d119917ba844a19c
974e6ec4ca8356d74ab0e4b2b53e852db9f890e2ab241cf5a3a657d7cbe6f2eb
975a64dc9bbc5e1884ba8ca2e76d9b2791d16d5c9f3619bf30477cd21a8636d2
977abdea1124eea9afbb2114e08e99a30022e7d08b538dc4481e7a64a7e6555b
97da4cd6fb0df53e9d206096504c732bfcad765187ea8e5963fd1cc79bb341cd
98953d0212f4abee3ef01bcc636af808be96014a7eeb17ee758343496058e0b8
98ad7bed720031871213cd7ad063c68b321f3861706045fe2b74f1e94b200452
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
996c0c2e6691c26dfa2703541f6bad3134cda09a55536bd70bf41fde5501ff43
9cb29040edfd7b02c034e5711b5ec5312a40b7788d8ae6e971977d3ec564b216
9d84e609f83ce654233e71c1a1ea7321f73479b0126d2cbbf216e18add331d23
9e1d9f6798d15664d962b766aae6544109f67703a61824d67c13deec359b809c
9f09cb53c823d609859ec739d0d7e059688900803f428ec2fd07f790ed72f809
9f4e7e56746300091e10a8cd8c5886566bb421f8046874c65195a4f05c081a58
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04c0b06b152b513b151c413bef83373f47bf11d36290d5d0b49e4ebfb2c299f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a19191270ce5a7955e94f0bbe46e8c783943630af611659eb0de9fa2e5056fbc
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2702f6a67d243b8c2451ed8022b8fd0a6701cd104781ad922dc25fc6aa6fc3b
a3050fe845f18ff7093ef9b4c56fb489911c0cedd50ef10dcf8397c78a6793c0
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a8491eef7a148fe6f54a2231e2fb6f99da356b7b81f7104c73a7621aa44a3087
a986de9daab1766415bb999b48ae7e3d192a614d31795d120cd99d2d937bc7a9
ab798a2b9d9af3f73b2ddd9b393e845bbba955c0d16badf2e86b6c2f8154a145
abf54942aee1ede00d39f859a319ef865c1f0184743b2dcd38f2ba0bb97f1fc2
ad27e9e87b75a750b0bd9d26576b3d356ce2478183947309b853103631284c84
b05a93021da761b1bea15409ad1f43a3fc15b39186b3871d9b7dd4dc0c9135ef
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1b74ea07c463aedbea9edda89204250207897ec3622ebef4786cc81edae4f23
b2f5d76dff8d61897d454f56b16b76dac58461493014a94b05b97d017a6af0ff
b34923fbe5567884d4cf4851faeed85c30a6d104fec9fab6b2270853511d42ae
b460d56dd27b62df333537db25d28e7e5ace33535bf4c7d7d767bdbc687a8dd9
b510ee91066f77f938f78422378a73f44818d0ee661c0ccb5ad398cc7dd6b080
b5b3b28d63eca9bcfd4072c253336a581ec36b9a6c8752247623509a4b9a4972
b67c0df70996e39d38d10a35c8397ed7d1af28e391daeaed63551f711e81ef41
b6dc85459fbb9d03f478d91eae99e6627e04c8f805b08e4b97423ffbc3870d9d
b969062e9d8f77e55dfc37bb35728e3401c636595aaf97e4e68ce300bfa2b293
ba5b291d1beefc87ceee1a1f2d7169cab742c7d472d6937d6e2e457376c0e892
bab9222ec3618d9d7de41f11035637c50caefccbb32ff6e16192a8181704a1ab
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbe74c62945bca0d7d29f9784c7462326fb4f8100313f320468c67a947a267ad
bc17ae239e85ef48d77702c4d7c42a20a9db0835c7f75540252534027c17c437
bc81b04f27e11aa58c1eda13a7bbc0a0ee81dfe47e962ff0f82a25d428c80a41
bcdb1de77d2b08299869059ba0bfd2b8063291bd5d2993ca37c39b2e352c3065
bd42ab1e963caae23b78541c50e8b5d8146d0c6b2151fcfcfa938c17c417f68e
be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e
be39f7c8d9e0ecb9341608717214dd699a781be039aa3b02c30bb5ce5161217b
be54ac8b9843afcd92dea7b3e72306efec71ba3b6365f679f179c7ca4a0aea9f
becabc47bfe658f4ca9806acd04c1c50c7eae97bab13e3f0f0b2b72084190fdb
c1e9510079704b81b083e51700f25a88ddd444272ae498f3b5cd06deb164bfd1
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c2d469baa886cea25fd133ff11c745fadaede424400670c5132c58428597e1f4
c4489e1a8bf30763b0cd218bfeebb12a642a63518c8afbaf34793032ffd60657
c4866c723c789cf04a4900008e83e9a923d0209e0ee11f32a679c3ece024e103
c5117ec6b60c1f3e2f9fc2cbeaf38fcb4687229794227bc9d2d08ff784e1ef2a
c58ae9a450c0b6887adcbc1b278ecdab16a6abe92c35f3e91dae50d11cbee03d
c6a46e6314ccf738fb16d7a57f7e8819a0a98b1d89f0f8ff516325d8fbfc5512
c6b0566df39e9011007c8dd2ad2ea4b06bd883422e422fcc9ddccab47b4ddeee
c81cab8c63d469329c0e0724770c6c8622f0d5d1fb8b6f919b6d7dddfadba190
c8460b70ae22e99c9d6f2cc1c7a81e4731ba284eca97cb5b285d831688ed513f
ca7bce9264a3918442d3e653b968361223ede24753232c713ead830aa5446722
ccd1149b55756840bd2d81d09562a1afaa2ae87108a457ac59a75ab1661e9797
cdee55a0f2c8717df6ca320512ab57001f4f9c30e6c6738b244c681bf8ec8e85
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d04f867c0d2fc8341972332239452b47758a664391fcbea84ea2a0832ef94b12
d06c733ba42b81cd66c7fcaabc75b51c59292cdbccdcfb6a88bf2b57d262047b
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d16d95885d5401bc5249bf643ab9db38f48d82c8756810c466b18ef7ab3a2360
d1872ace7c3af8a214bec239d58ad3d4f3e0d5eee7a18bb416aa9cd28fff233d
d18fa36a3ece055c565786bbe35e4803eed28dcd504e2d344625430d23a64b4f
d22c2b457592d1f744afe93fdca6657e1985e47f0fade89674ae45ebce1d6428
d27a268d63e4a18800c7d12e7f9e73ed496c8f265fcd92913a0f6566727ece35
d2b400c65cddf356b9056899cc2e34c1df2964e5437eed73e184634679cbbe77
d2c43641d163bddadbc85f08f1f97d737fbf31a06108fc350ba366b1919f1a37
d355afb9705c3f8651f6a1f813b4670b758d59a17783830f534e7a8839c5b666
d457d35d10a7a69cd98dbcf77dc115ca88966b41b69df6afeed15ced4603ca5e
d47f317138ec8083450b63c742957db8398eb19bae70913819b81dda472b6283
d6b10e6c3a812d3cb7081fa6014bc5aa6f8fbee831adbddc5df3bb5da8e1ac05
d6ee074c798e32dab8e257f029f2a971c78e51f04d781c33601bf6dbfe9c8cb1
d82b3b69ed27853344397a159429cced7fa5019fa56412c0a3d627471ef709ef
d85f14c7c6e7b5d4958cee60d4d39f4f12f37e0102920a7962e0e49bc2cadd17
dafb664b5a843f25925218894253be4adedce11b5b3a23728558d43e3f5437ed
db09be9f62f5bbe15eebcf8e9f3d5e69943108ecc54302628e002932317f56b2
db767a462a27b61a3eb028e6ffbdfe4a90c8bff7e33df4fc68096e37c93f44f5
dc326385f91e0481b086edfbc7c95d483be92ff2a96b7167328171baa94d0b3d
dc37d5357099d1475d55c28ddcdc1c218ca37890be4a4b33e8e9413114c5ae0f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd0ee9d51ca2c512e266d55defce610c5f871636964ce9225c81bfc01005c7a3
dda36ab0dda2b7ba616e824e0dd455eb222bf9fee24984c74e19df9fa962758e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
dfe97873104215ca01b106410421739f29b4acb5f7abe60650d3e7d35d0bc70c
e176f0cb3b3de1abda11f417b24482f2ebe28ff88c90c5d4e8f8ec5dc6b34858
e33e8dbb70116e525d2735623c7ba33377c84e4edf973af889b76eb522b7d0f7
e3981b1db3de18ae74a074167e1d1bcab1b1762ff521ec6469c9543a690453de
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cfbea8b949617fca1e6c39560085b2517fdf8f304436c0bf3ace35cadc813a
e3eb6b450e09da3c00ba344a44a690b004402dc62ddf0d3cf3bbdec5ab33310e
e5bab9427ec1d36c811e3ca40b2a1014b330dea0fc48b787041c572e1fdc4f28
e630144de5164d63c4edd05a2539b27aca7dbcff4b2674dea434d2c485613525
e6968810a584fb545efd0cdcdab0e20645b8416d465b7f1673a99a1185728f28
e7bf408b843ca7aa804181c498f63c058475d0e4b2baca867ed8c63616145cca
e851345505ee432c9397d60e5d91929ab4e5921f75c91f359b0939a879304b7a
e8fc7f1624adcfdcb70b286ee9e5c09fb3befa7258352d75f9544b55d89b8c37
e9bca797e35294210a471d8fedbcb73598cecbdb14fc19b93eae0f1b5ccffdf5
ea896e2d9d40ccdd7043192c7b1516e369a47df43f1863e3044f4e9aa73a6f31
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecb5989b209f16e77692f8b74270af5b4df0f9dddf0c486c6631fb45d12bdb7d
ecca70c597dd7dc67f362e2aa4ab68f99741ad38169333e83f69fd74e8621a78
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f04ce2a5a12a869d71d84af1de91f022ec292ff70b479144cc63966642b60c3a
f1c72c8e63b81ff94a28ac894b7f584530ba9b23017426cd1244dd278f6486df
f4828ba3976b70d890fb3f6c2d7a117d71b57fa0bb5b7ca5239b1e4ddc81c479
f5ac6348585afe084ad84bb4b456717fd946101219e1f3c16f266745dc80b0d4
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6188add36e8cf36585300840eade35fea02cbcd9a512cce7db22fe89f8e14eb
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7a4a046540cd7b682afc0d129cbbdea16081d1a54dfd3385115725f960c54c9
fa682cc7087c31e8c5515ea514077e7b55113767968f984bf84a8bd54107ff10
fd68be38c91e82a7cda9ce4ee58bcbcc645d65e95b2892763394f9633a396d2e
ffebdc58de729df0709318a479c4d18c71d1ff441d5f1e7da98fad4d96ba5111