www.lesoleil.com Open in urlscan Pro
2600:9000:236e:e600:1d:9f81:51c0:93a1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b9...
Submission: On April 18 via api (April 18th 2022, 4:09:29 pm UTC) from US — Scanned from DE

Summary HTTP 146 Redirects Links 110 Behaviour Indicators

Summary

This website contacted 43 IPs in 5 countries across 25 domains to perform 146 HTTP transactions. The main IP is 2600:9000:236e:e600:1d:9f81:51c0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is www.lesoleil.com. The Cisco Umbrella rank of the primary domain is 310802.
TLS certificate: Issued by Amazon on March 1st 2022. Valid for: a year.

This is the only time www.lesoleil.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2600:9000:236... 2600:9000:236e:e600:1d:9f81:51c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
17	13.32.121.5 13.32.121.5	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
7	108.138.7.49 108.138.7.49	16509 (AMAZON-02) (AMAZON-02)
3	35.227.246.163 35.227.246.163	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1 2	37.252.172.250 37.252.172.250	29990 (ASN-APPNEX) (ASN-APPNEX)
4	108.138.17.13 108.138.17.13	16509 (AMAZON-02) (AMAZON-02)
6	18.66.139.67 18.66.139.67	16509 (AMAZON-02) (AMAZON-02)
5	13.32.121.54 13.32.121.54	16509 (AMAZON-02) (AMAZON-02)
11	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	108.138.3.177 108.138.3.177	16509 (AMAZON-02) (AMAZON-02)
1	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	13.32.99.4 13.32.99.4	16509 (AMAZON-02) (AMAZON-02)
7	18.66.122.46 18.66.122.46	16509 (AMAZON-02) (AMAZON-02)
14	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:4700:20:... 2606:4700:20::681a:a13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223c:4400:11:9cfd:9400:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	35.227.201.248 35.227.201.248	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c09::9c	15169 (GOOGLE) (GOOGLE)
1	185.86.137.113 185.86.137.113	201081 (SMARTADSE...) (SMARTADSERVER)
2 2	96.16.141.156 96.16.141.156	16625 (AKAMAI-AS) (AKAMAI-AS)
4	23.205.235.133 23.205.235.133	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	185.86.139.113 185.86.139.113	201081 (SMARTADSE...) (SMARTADSERVER)
1 2	2600:1f18:612... 2600:1f18:612b:4216:25d9:1223:9f5d:e330	14618 (AMAZON-AES) (AMAZON-AES)
1	8.2.111.137 8.2.111.137	46636 (NATCOWEB) (NATCOWEB)
1	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700:20:... 2606:4700:20::ac43:4adc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	8.39.36.142 8.39.36.142	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2600:1f18:612... 2600:1f18:612b:4200:2ae2:c11e:eaf6:5e5d	14618 (AMAZON-AES) (AMAZON-AES)
1	54.173.181.170 54.173.181.170	14618 (AMAZON-AES) (AMAZON-AES)
1	35.227.225.220 35.227.225.220	15169 (GOOGLE) (GOOGLE)
146	43

1 2600:9000:236e:e600:1d:9f81:51c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.lesoleil.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 13.32.121.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-5.fra60.r.cloudfront.net

gcm-production2.omerloclients.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 108.138.7.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-49.fra56.r.cloudfront.net

images.omerlocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.246.163 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 163.246.227.35.bc.googleusercontent.com

rdc.m32.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.250 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.138.17.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-13.fra56.r.cloudfront.net

static.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.66.139.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-139-67.fra60.r.cloudfront.net

analytics360.omerloclients.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.32.121.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-54.fra60.r.cloudfront.net

gcm.omerlocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.138.3.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-3-177.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-4.fra60.r.cloudfront.net

weather.omerloclients.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 18.66.122.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-46.fra60.r.cloudfront.net

sb.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:a13 (United States)

ASN13335 (CLOUDFLARENET, US)

loader.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
popup.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:4400:11:9cfd:9400:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.customer.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.201.248 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 248.201.227.35.bc.googleusercontent.com

geoloc.m32.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c09::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.113 (France)

ASN201081 (SMARTADSERVER, FR)

ww1772.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 96.16.141.156 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-141-156.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.113 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

sync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4216:25d9:1223:9f5d:e330 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

scm.publishers.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.2.111.137 (United States)

ASN46636 (NATCOWEB, US)

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.143.3 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::ac43:4adc (United States)

ASN13335 (CLOUDFLARENET, US)

activity.wisepops.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.39.36.142 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel-us-west.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4200:2ae2:c11e:eaf6:5e5d (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

pc213-6jd3k.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.181.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-181-170.compute-1.amazonaws.com

ads.freeskreen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.225.220 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 220.225.227.35.bc.googleusercontent.com

track.customer.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	omerloclients.com gcm-production2.omerloclients.com — Cisco Umbrella Rank: 602474 analytics360.omerloclients.com — Cisco Umbrella Rank: 655158 weather.omerloclients.com — Cisco Umbrella Rank: 629438	794 KB
19	google.com news.google.com — Cisco Umbrella Rank: 4741 apis.google.com — Cisco Umbrella Rank: 102 www.google.com — Cisco Umbrella Rank: 4 play.google.com — Cisco Umbrella Rank: 31	106 KB
14	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	21 KB
12	freeskreen.com static.freeskreen.com — Cisco Umbrella Rank: 46673 sb.freeskreen.com — Cisco Umbrella Rank: 36072 ads.freeskreen.com — Cisco Umbrella Rank: 45195	158 KB
12	omerlocdn.com images.omerlocdn.com — Cisco Umbrella Rank: 453043 gcm.omerlocdn.com — Cisco Umbrella Rank: 518920	617 KB
11	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	125 KB
10	rubiconproject.com 2 redirects secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1117 eus.rubiconproject.com — Cisco Umbrella Rank: 567 token.rubiconproject.com — Cisco Umbrella Rank: 675 pixel-us-west.rubiconproject.com — Cisco Umbrella Rank: 4599 pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 2538	22 KB
10	gstatic.com fonts.gstatic.com www.gstatic.com	316 KB
5	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 stats.g.doubleclick.net — Cisco Umbrella Rank: 95	152 KB
4	wisepops.com loader.wisepops.com — Cisco Umbrella Rank: 12858 activity.wisepops.com — Cisco Umbrella Rank: 14119 popup.wisepops.com — Cisco Umbrella Rank: 14204	23 KB
4	m32.media rdc.m32.media — Cisco Umbrella Rank: 25991 geoloc.m32.media — Cisco Umbrella Rank: 27787	34 KB
3	tremorhub.com 1 redirects scm.publishers.tremorhub.com — Cisco Umbrella Rank: 52371 pc213-6jd3k.ads.tremorhub.com	969 B
3	smartadserver.com 1 redirects ww1772.smartadserver.com — Cisco Umbrella Rank: 52771 sync.smartadserver.com — Cisco Umbrella Rank: 1463	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	315 B
2	google.de www.google.de — Cisco Umbrella Rank: 5383	608 B
2	customer.io assets.customer.io — Cisco Umbrella Rank: 19311 track.customer.io — Cisco Umbrella Rank: 14359	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	114 KB
2	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 302	40 KB
2	adnxs.com 1 redirects secure.adnxs.com — Cisco Umbrella Rank: 438	2 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46 ajax.googleapis.com — Cisco Umbrella Rank: 282	34 KB
1	exelator.com loadeu.exelator.com — Cisco Umbrella Rank: 7475	324 B
1	admanmedia.com cs.admanmedia.com — Cisco Umbrella Rank: 1260	225 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 436	2 KB
1	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 461	132 KB
1	lesoleil.com www.lesoleil.com — Cisco Umbrella Rank: 310802	22 KB
146	25

	Domain	Requested by
17	gcm-production2.omerloclients.com	www.lesoleil.com gcm-production2.omerloclients.com
14	www.google-analytics.com	www.googletagmanager.com gcm-production2.omerloclients.com www.lesoleil.com
11	www.googletagmanager.com	gcm-production2.omerloclients.com www.googletagmanager.com www.lesoleil.com
9	news.google.com	www.lesoleil.com news.google.com www.gstatic.com
7	play.google.com	www.gstatic.com
7	sb.freeskreen.com	static.freeskreen.com www.lesoleil.com
7	images.omerlocdn.com	www.lesoleil.com
7	fonts.gstatic.com	fonts.googleapis.com news.google.com
6	analytics360.omerloclients.com	gcm-production2.omerloclients.com
5	gcm.omerlocdn.com	gcm-production2.omerloclients.com
4	eus.rubiconproject.com	sb.freeskreen.com eus.rubiconproject.com ww1772.smartadserver.com
4	static.freeskreen.com	gcm-production2.omerloclients.com www.lesoleil.com
3	www.gstatic.com	news.google.com www.gstatic.com
3	securepubads.g.doubleclick.net	rdc.m32.media securepubads.g.doubleclick.net gcm-production2.omerloclients.com
3	rdc.m32.media	www.lesoleil.com rdc.m32.media
2	www.facebook.com	www.lesoleil.com
2	token.rubiconproject.com	eus.rubiconproject.com
2	www.google.de	www.lesoleil.com
2	www.google.com	www.lesoleil.com
2	activity.wisepops.com	gcm-production2.omerloclients.com
2	scm.publishers.tremorhub.com	1 redirects www.lesoleil.com
2	sync.smartadserver.com	1 redirects www.lesoleil.com
2	secure-assets.rubiconproject.com	2 redirects
2	stats.g.doubleclick.net	gcm-production2.omerloclients.com
2	connect.facebook.net	www.lesoleil.com connect.facebook.net
2	c.amazon-adsystem.com	rdc.m32.media gcm-production2.omerloclients.com
2	secure.adnxs.com	1 redirects www.lesoleil.com
1	track.customer.io
1	ads.freeskreen.com	ajax.googleapis.com
1	pc213-6jd3k.ads.tremorhub.com	ajax.googleapis.com
1	pixel-eu.rubiconproject.com	eus.rubiconproject.com
1	pixel-us-west.rubiconproject.com	eus.rubiconproject.com
1	popup.wisepops.com	gcm-production2.omerloclients.com
1	ajax.googleapis.com	www.lesoleil.com
1	loadeu.exelator.com	www.lesoleil.com
1	cs.admanmedia.com	www.lesoleil.com
1	ww1772.smartadserver.com	sb.freeskreen.com
1	geoloc.m32.media	gcm-production2.omerloclients.com
1	cdn.jsdelivr.net	gcm-production2.omerloclients.com
1	assets.customer.io	www.lesoleil.com
1	loader.wisepops.com	www.lesoleil.com
1	weather.omerloclients.com	gcm-production2.omerloclients.com
1	ads.pubmatic.com	rdc.m32.media
1	apis.google.com	www.lesoleil.com
1	fonts.googleapis.com	www.lesoleil.com
1	www.lesoleil.com
146	46

This site contains links to these domains. Also see Links.

Domain
www.lenouvelliste.ca
www.ledroit.com
www.lequotidien.com
www.latribune.ca
www.lavoixdelest.ca
www.facebook.com
twitter.com
www.linkedin.com
www.instagram.com
ca.linkedin.com
www.pinterest.com
www.monsamedi.com
jeuxdesprit.ca
necrologie.cn2i.ca
zonecarriere.ca
www.omerlo.com

Subject Issuer	Validity	Valid
redirect.gc.media Amazon	`2022-03-01` - `2023-03-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.omerlocdn.com Amazon	`2021-10-02` - `2022-10-31`	a year	crt.sh
*.m32.media Sectigo RSA Domain Validation Secure Server CA	`2021-12-16` - `2023-01-16`	a year	crt.sh
*.news.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.freeskreen.com Amazon	`2021-12-19` - `2023-01-16`	a year	crt.sh
*.omerloclients.com Amazon	`2022-01-20` - `2023-02-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-25` - `2022-04-25`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-28` - `2022-05-27`	a year	crt.sh
*.customer.io Amazon	`2021-12-20` - `2023-01-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-17` - `2023-04-04`	a year	crt.sh
*.admanmedia.com Go Daddy Secure Certificate Authority - G2	`2021-04-20` - `2022-05-22`	a year	crt.sh
*.exelator.com DigiCert TLS RSA SHA256 2020 CA1	`2021-06-02` - `2022-06-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.tremorhub.com Amazon	`2022-03-24` - `2023-04-22`	a year	crt.sh
api.customer.io GTS CA 1D4	`2022-03-26` - `2022-06-24`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Frame ID: 18A8EC5AB63A8193483734BCA251693D
Requests: 105 HTTP requests in this frame

Frame: https://news.google.com/swg/_/ui/v1/serviceiframe?_=458416&publicationId=lesoleil.com
Frame ID: 0FB1A53082EBEC782FE8662CB1F20C57
Requests: 12 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Frame ID: 29F3D51290415A32AFE4E54D4339A0F8
Requests: 4 HTTP requests in this frame

Frame: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Frame ID: A1DB4B6E410266E54F226E1483AFDC36
Requests: 11 HTTP requests in this frame

Frame: https://sb.freeskreen.com/t.gif?tm=1650298158&p=2973&c=5318&ttm=1650298157575&s=&d=&v=&t=4d3d9046-d273-43e3-9c54-f4ae1376905b&co=null&pr=null&ci=null&dm=null&flc=2022&slc=&e=AdOpened&m=2&x=null
Frame ID: 8F865445B0F21CBFF68E3351CA4066FD
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Frame ID: ABBDF9C69AD5A9AD1097AA17B12EE997
Requests: 4 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: C212F677E8D810A4B512C1754DF0AF65
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Une cyberattaque «sophistiquée» contre Rideau Hall, selon des documents internes | Politique | Actualités | Le Soleil - Québec

Detected technologies

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/platform\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

146
Requests

97 %
HTTPS

47 %
IPv6

25
Domains

46
Subdomains

43
IPs

5
Countries

2719 kB
Transfer

8904 kB
Size

19
Cookies

110 Outgoing links

These are links going to different origins than the main page.

URL: https://www.lenouvelliste.ca/

Search URL Search Domain Scan URL

URL: https://www.ledroit.com/

Search URL Search Domain Scan URL

URL: https://www.lequotidien.com/

Search URL Search Domain Scan URL

URL: https://www.latribune.ca/

Search URL Search Domain Scan URL

URL: https://www.lavoixdelest.ca/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fdominique-anglade-denonce-le-double-standard-impose-aux-femmes-politiques-e4f5c9c51d74a12ccccc5e8f5fb22670%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fdominique-anglade-denonce-le-double-standard-impose-aux-femmes-politiques-e4f5c9c51d74a12ccccc5e8f5fb22670%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fdominique-anglade-denonce-le-double-standard-impose-aux-femmes-politiques-e4f5c9c51d74a12ccccc5e8f5fb22670%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F16%2Fqs-veut-mettre-fin-aux-listes-dattente-en-sante-mentale-eb407f4217f5becc0eeec63e7c581e70%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F16%2Fqs-veut-mettre-fin-aux-listes-dattente-en-sante-mentale-eb407f4217f5becc0eeec63e7c581e70%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F16%2Fqs-veut-mettre-fin-aux-listes-dattente-en-sante-mentale-eb407f4217f5becc0eeec63e7c581e70%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F15%2Fle-depute-de-la-caq-denis-tardif-annonce-quil-ne-sera-pas-candidat-a-sa-reelection-eea34e3d348e2345f22789db4c1062bb%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F15%2Fle-depute-de-la-caq-denis-tardif-annonce-quil-ne-sera-pas-candidat-a-sa-reelection-eea34e3d348e2345f22789db4c1062bb%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F15%2Fle-depute-de-la-caq-denis-tardif-annonce-quil-ne-sera-pas-candidat-a-sa-reelection-eea34e3d348e2345f22789db4c1062bb%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F16%2Fracisme-systemique-ca-cree-de-la-haine-184eb63a23c4e1ed098c6de979250384%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F16%2Fracisme-systemique-ca-cree-de-la-haine-184eb63a23c4e1ed098c6de979250384%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F16%2Fracisme-systemique-ca-cree-de-la-haine-184eb63a23c4e1ed098c6de979250384%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/follow?screen_name=obosse

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F15%2Fle-dernier-combat-de-la-deputee-dorion-8c3d8cfc991057bf49986793acb233ca%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F15%2Fle-dernier-combat-de-la-deputee-dorion-8c3d8cfc991057bf49986793acb233ca%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F15%2Fle-dernier-combat-de-la-deputee-dorion-8c3d8cfc991057bf49986793acb233ca%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F14%2Floi-15-adoptee-sur-la-protection-de-la-jeunesse-linteret-de-lenfant-devra-primer-087287e38dc85e5d2231548c5cd00675%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F14%2Floi-15-adoptee-sur-la-protection-de-la-jeunesse-linteret-de-lenfant-devra-primer-087287e38dc85e5d2231548c5cd00675%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F14%2Floi-15-adoptee-sur-la-protection-de-la-jeunesse-linteret-de-lenfant-devra-primer-087287e38dc85e5d2231548c5cd00675%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F14%2Fles-candidats-a-la-direction-du-parti-conservateur-croiseront-le-fer-les-11-et-25-mai-af04f4dd0d779b55009d269e5ee03e5a%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F14%2Fles-candidats-a-la-direction-du-parti-conservateur-croiseront-le-fer-les-11-et-25-mai-af04f4dd0d779b55009d269e5ee03e5a%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F14%2Fles-candidats-a-la-direction-du-parti-conservateur-croiseront-le-fer-les-11-et-25-mai-af04f4dd0d779b55009d269e5ee03e5a%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Floi-sur-linterdiction-des-hydrocarbures-duhaime-contre-mais-samson-sest-abstenue-9465c7ad53e32b18da99bcd645b0c72f%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Floi-sur-linterdiction-des-hydrocarbures-duhaime-contre-mais-samson-sest-abstenue-9465c7ad53e32b18da99bcd645b0c72f%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Floi-sur-linterdiction-des-hydrocarbures-duhaime-contre-mais-samson-sest-abstenue-9465c7ad53e32b18da99bcd645b0c72f%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fla-caq-soupconne-les-partis-dopposition-de-comploter-pour-bloquer-le-parlement-8b27c2c4b91bc93678a257e02019fad5%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fla-caq-soupconne-les-partis-dopposition-de-comploter-pour-bloquer-le-parlement-8b27c2c4b91bc93678a257e02019fad5%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fla-caq-soupconne-les-partis-dopposition-de-comploter-pour-bloquer-le-parlement-8b27c2c4b91bc93678a257e02019fad5%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fpas-de-nouvelle-mesure-pour-paques-laisse-entendre-legault-9df34c71b6f45e15f89bec414b51928b%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fpas-de-nouvelle-mesure-pour-paques-laisse-entendre-legault-9df34c71b6f45e15f89bec414b51928b%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fpas-de-nouvelle-mesure-pour-paques-laisse-entendre-legault-9df34c71b6f45e15f89bec414b51928b%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fjean-charest-ferait-il-gagner-des-points-aux-conservateurs-650e4544683d71c750dab6c32d241859%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fjean-charest-ferait-il-gagner-des-points-aux-conservateurs-650e4544683d71c750dab6c32d241859%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2Fjean-charest-ferait-il-gagner-des-points-aux-conservateurs-650e4544683d71c750dab6c32d241859%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2F600-millions--pour-construire-et-renover-des-infrastructures-municipales-au-quebec-4c56e64c1c42872d37ef3efad15626fe%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2F600-millions--pour-construire-et-renover-des-infrastructures-municipales-au-quebec-4c56e64c1c42872d37ef3efad15626fe%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F13%2F600-millions--pour-construire-et-renover-des-infrastructures-municipales-au-quebec-4c56e64c1c42872d37ef3efad15626fe%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/follow?screen_name=EmiPelletier

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fmanque-de-communication-pour-le-plq-manque-de-jeunes-pour-qs-afb592bd1a87aa2363a64726c120b97e%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fmanque-de-communication-pour-le-plq-manque-de-jeunes-pour-qs-afb592bd1a87aa2363a64726c120b97e%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fmanque-de-communication-pour-le-plq-manque-de-jeunes-pour-qs-afb592bd1a87aa2363a64726c120b97e%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fduhaime-participera-au-debat-des-chefs-on-est-dans-la-cour-des-grands-597e6eeb578f10a85c86174a18eca770%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fduhaime-participera-au-debat-des-chefs-on-est-dans-la-cour-des-grands-597e6eeb578f10a85c86174a18eca770%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fduhaime-participera-au-debat-des-chefs-on-est-dans-la-cour-des-grands-597e6eeb578f10a85c86174a18eca770%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/follow?screen_name=Thomas8Laberge

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fle-chateau-fort-pequiste-de-marie-victorin-tombe-aux-mains-de-la-caq-c6cf4c2620a7b158e2709d30d3bfab2f%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fle-chateau-fort-pequiste-de-marie-victorin-tombe-aux-mains-de-la-caq-c6cf4c2620a7b158e2709d30d3bfab2f%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F12%2Fle-chateau-fort-pequiste-de-marie-victorin-tombe-aux-mains-de-la-caq-c6cf4c2620a7b158e2709d30d3bfab2f%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fex-colistiere-de-jackie-smith-madeleine-cloutier-candidate-a-linvestiture-de-qs-dans-taschereau-24878423d548c50b4ff24addcb8f364b%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fex-colistiere-de-jackie-smith-madeleine-cloutier-candidate-a-linvestiture-de-qs-dans-taschereau-24878423d548c50b4ff24addcb8f364b%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fex-colistiere-de-jackie-smith-madeleine-cloutier-candidate-a-linvestiture-de-qs-dans-taschereau-24878423d548c50b4ff24addcb8f364b%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Ffreeland-defend-un-budget-responsable-et-porteur-de-transition-energetique-ca335ec818712b35035ac8d9fbf325af%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Ffreeland-defend-un-budget-responsable-et-porteur-de-transition-energetique-ca335ec818712b35035ac8d9fbf325af%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Ffreeland-defend-un-budget-responsable-et-porteur-de-transition-energetique-ca335ec818712b35035ac8d9fbf325af%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Flegault-on-est-rendu-dans-les-egouts-4fd56bb161582960b73d699fcf72cf77%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Flegault-on-est-rendu-dans-les-egouts-4fd56bb161582960b73d699fcf72cf77%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Flegault-on-est-rendu-dans-les-egouts-4fd56bb161582960b73d699fcf72cf77%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fvehicules-electriques-annonce-du-premier-ministre-trudeau-lundi-a-victoria-03b7f9f2e7229a9ca8add7c44abd3ec2%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fvehicules-electriques-annonce-du-premier-ministre-trudeau-lundi-a-victoria-03b7f9f2e7229a9ca8add7c44abd3ec2%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fvehicules-electriques-annonce-du-premier-ministre-trudeau-lundi-a-victoria-03b7f9f2e7229a9ca8add7c44abd3ec2%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fmacron-et-melenchon-se-disputent-les-votes-des-expatries-au-quebec-3ae632540cd936111391949a44894098%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fmacron-et-melenchon-se-disputent-les-votes-des-expatries-au-quebec-3ae632540cd936111391949a44894098%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F11%2Fmacron-et-melenchon-se-disputent-les-votes-des-expatries-au-quebec-3ae632540cd936111391949a44894098%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fles-liberaux-federaux-prevoient-se-reunir-en-congres-en-mai-2023-27e60836eed63935ed4f5a180a2ba712%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fles-liberaux-federaux-prevoient-se-reunir-en-congres-en-mai-2023-27e60836eed63935ed4f5a180a2ba712%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fles-liberaux-federaux-prevoient-se-reunir-en-congres-en-mai-2023-27e60836eed63935ed4f5a180a2ba712%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fprojet-de-loi-2-la-reforme-du-droit-de-la-famille-sera-t-elle-abandonnee-6374b79d75df1a2219a846d79cb436e2%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fprojet-de-loi-2-la-reforme-du-droit-de-la-famille-sera-t-elle-abandonnee-6374b79d75df1a2219a846d79cb436e2%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fprojet-de-loi-2-la-reforme-du-droit-de-la-famille-sera-t-elle-abandonnee-6374b79d75df1a2219a846d79cb436e2%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fvoter-ou-ne-pas-voter-ce-qui-motive-les-electeurs-et-ceux-qui-sabstiennent-15aa074b1dbffe4be7a8de6d22be9b06%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fvoter-ou-ne-pas-voter-ce-qui-motive-les-electeurs-et-ceux-qui-sabstiennent-15aa074b1dbffe4be7a8de6d22be9b06%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F10%2Fvoter-ou-ne-pas-voter-ce-qui-motive-les-electeurs-et-ceux-qui-sabstiennent-15aa074b1dbffe4be7a8de6d22be9b06%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fles-francais-de-montreal-sont-nombreux-a-aller-voter-malgre-la-meteo-cdab31cc4a55f87ef271bf0142c27508%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fles-francais-de-montreal-sont-nombreux-a-aller-voter-malgre-la-meteo-cdab31cc4a55f87ef271bf0142c27508%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fles-francais-de-montreal-sont-nombreux-a-aller-voter-malgre-la-meteo-cdab31cc4a55f87ef271bf0142c27508%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fpierre-poilievre-attire-les-foules-mais-convaincra-t-il-les-membres-du-parti-eee63801b278363aa9bbc7dbe5389e81%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fpierre-poilievre-attire-les-foules-mais-convaincra-t-il-les-membres-du-parti-eee63801b278363aa9bbc7dbe5389e81%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fpierre-poilievre-attire-les-foules-mais-convaincra-t-il-les-membres-du-parti-eee63801b278363aa9bbc7dbe5389e81%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fcharest-veut-etre-aux-communes-rapidement-sil-devient-chef-d019a44791cfd9de430ad40bd1689b24%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fcharest-veut-etre-aux-communes-rapidement-sil-devient-chef-d019a44791cfd9de430ad40bd1689b24%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F09%2Fcharest-veut-etre-aux-communes-rapidement-sil-devient-chef-d019a44791cfd9de430ad40bd1689b24%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fdes-syndicats-de-fonctionnaires-preoccupes-par-le-budget-federal-2cd7d91d8886f5545d4940b9d94ea5c7%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fdes-syndicats-de-fonctionnaires-preoccupes-par-le-budget-federal-2cd7d91d8886f5545d4940b9d94ea5c7%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fdes-syndicats-de-fonctionnaires-preoccupes-par-le-budget-federal-2cd7d91d8886f5545d4940b9d94ea5c7%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fbudget-federal-une-victoire-pour-le-monde-municipal-selon-la-fcm-a48f5ae68132d80bbc2cf8baa602d5eb%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fbudget-federal-une-victoire-pour-le-monde-municipal-selon-la-fcm-a48f5ae68132d80bbc2cf8baa602d5eb%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fbudget-federal-une-victoire-pour-le-monde-municipal-selon-la-fcm-a48f5ae68132d80bbc2cf8baa602d5eb%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/follow?screen_name=JulienPaquette

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fle-budget-quasi-unique-de-chrystia-freeland-880f6de77c5c4e18c6cd4c34d9a78376%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dfacebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fle-budget-quasi-unique-de-chrystia-freeland-880f6de77c5c4e18c6cd4c34d9a78376%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dtwitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F08%2Fle-budget-quasi-unique-de-chrystia-freeland-880f6de77c5c4e18c6cd4c34d9a78376%3Futm_campaign%3Dlesoleil%26utm_medium%3Darticle_share%26utm_source%3Dlinkedin

Search URL Search Domain Scan URL

URL: https://www.facebook.com/lesoleildequebec

Search URL Search Domain Scan URL

URL: https://twitter.com/cyblesoleil

Search URL Search Domain Scan URL

URL: https://www.instagram.com/lesoleildequebec

Search URL Search Domain Scan URL

URL: https://ca.linkedin.com/company/journal-le-soleil

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/lesoleilquebec

Search URL Search Domain Scan URL

URL: http://www.monsamedi.com/faq/
Title: Foire aux questions

Search URL Search Domain Scan URL

URL: https://jeuxdesprit.ca/fr/
Title: Jeux d'esprit

Search URL Search Domain Scan URL

URL: https://necrologie.cn2i.ca/ls
Title: Avis de décès

Search URL Search Domain Scan URL

URL: http://zonecarriere.ca/
Title: ZoneCarriere.ca

Search URL Search Domain Scan URL

URL: https://zonecarriere.ca/lescoops
Title: Nos emplois

Search URL Search Domain Scan URL

URL: http://www.omerlo.com/
Title: Omerlo

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://secure.adnxs.com/seg?add=10369596&t=1&_=1650298156850 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D10369596%26t%3D1%26_%3D1650298156850

Request Chain 77

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west HTTP 301
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west

Request Chain 78

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D HTTP 302
https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1

Request Chain 79

https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D HTTP 302
https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D

Request Chain 106

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=smartadserver&endpoint=eu HTTP 301
https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu

146 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34 Show response
www.lesoleil.com/2022/04/17/ 116 KB
22 KB 686ms
663ms Document
text/html 2600:9000:236e:e600:1d:9f81:51c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:236e:e600:1d:9f81:51c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.18.0 / Express Express
Resource Hash: 21a98238ae8ce94d2ff7cc80bfbde428de1125f33d89bf11e9cee8112635567f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=1800
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 18 Apr 2022 16:09:15 GMT
server: nginx/1.18.0
vary: Accept-Encoding
via: 1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront)
x-amz-cf-id: buH2WyFMWSFoYRBpYU7LbtGKAqG6HBWnAsl-KrDlpgPMLIFlKh3Kvw==
x-amz-cf-pop: FRA60-P1
x-cache: Miss from cloudfront
x-fastboot-path: /2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
x-powered-by: Express Express

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 52ms
20ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Volkhov:400,400i,700,700i|Work+Sans:400,500,600,700|Open+Sans:400,600,700

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

33409666cfa50a4190ab5ad64c4dbec668dd90226908ab4c898e1a34583d9fae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 18 Apr 2022 16:09:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 18 Apr 2022 16:09:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 18 Apr 2022 16:09:16 GMT

GET
H2 200 vendor-28af8159f07dcc477d43d0424c21cad7.css
gcm-production2.omerloclients.com/assets/ 74 KB
14 KB 44ms
10ms Stylesheet
text/css 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gcm-production2.omerloclients.com/assets/vendor-28af8159f07dcc477d43d0424c21cad7.css
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: dc7a8eb4fbb940aafff5ffd4a09c4e4e2bc84de5738354f1914e8d91e87cad94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 04:36:05 GMT
content-encoding: gzip
etag: W/"128ec-17d4c885792"
last-modified: Tue, 23 Nov 2021 11:22:23 GMT
server: nginx/1.18.0
age: 12569591
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: 0rD65GPDGg7LzY_Lm3eddvMZo0ILjFvXZpRR_oREjKr7WGoJy_z4qQ==

GET
H2 200 gcm-812b771098a82a5fc69d7c580758d6a7.css
gcm-production2.omerloclients.com/assets/ 122 KB
20 KB 50ms
16ms Stylesheet
text/css 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gcm-production2.omerloclients.com/assets/gcm-812b771098a82a5fc69d7c580758d6a7.css
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 3d4d62f3b219f0bf8e1a4f667501c6a8e2c9060c6f49bc2dc9e70fb23733674a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 18:06:33 GMT
content-encoding: gzip
etag: W/"1e641-17e45291647"
last-modified: Mon, 10 Jan 2022 18:03:47 GMT
server: nginx/1.18.0
age: 8460163
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: h8T2CA_V7NBaeJ10bADHkYsNOvBzgSbRA-R63rMoLDd5v8C0H2sYIA==

GET
H2 200 coop-logo-df9a1385e5da4d9d4501d27d07f56fc3.svg
gcm-production2.omerloclients.com/assets/images/ 5 KB
2 KB 50ms
17ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/coop-logo-df9a1385e5da4d9d4501d27d07f56fc3.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: a9f52ff38b671059aaf2f8f95b7b15a14ec9c5ebbe68163c572d72787d7ffa15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 06 Sep 2021 19:50:06 GMT
content-encoding: gzip
etag: W/"12d3-17bbc6ffeb2"
last-modified: Mon, 06 Sep 2021 18:47:41 GMT
server: nginx/1.18.0
age: 19340350
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: bMN-mlZX72iqQQjShotzykunaSlJ1X6-uew0f3iiVMw3UOPHyQbkCg==

GET
H2 200 img-logo-lesoleil-58b9b973b021d2739e18eea6fd81ac59.svg
gcm-production2.omerloclients.com/assets/images/sites/ 6 KB
2 KB 50ms
17ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/sites/img-logo-lesoleil-58b9b973b021d2739e18eea6fd81ac59.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 572848c8c30c46020959ee57e4e945b9525619ee1496c0250a3164a6976b5101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 14:21:17 GMT
content-encoding: gzip
etag: W/"1650-17feee3b526"
last-modified: Sun, 03 Apr 2022 10:06:14 GMT
server: nginx/1.18.0
age: 1302479
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: 5Z5MMDVpS7IPxq6XwNDfWwpCRb_25zsUsbLR4SJeJjqFHcwxQ5ruJA==

GET
H2 200 img-logo-lenouvelliste-01c7f7010aa5dc051b3c34b5aaea17fc.svg
gcm-production2.omerloclients.com/assets/images/sites/ 7 KB
3 KB 43ms
11ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/sites/img-logo-lenouvelliste-01c7f7010aa5dc051b3c34b5aaea17fc.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: c38398144d1be0acf7b2200b31f6ecdf4f89f2f6550f89a7886c2ce9c17b0287

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 25 Jul 2021 01:02:11 GMT
content-encoding: gzip
etag: W/"1bfe-17acd537ab5"
last-modified: Thu, 22 Jul 2021 08:27:18 GMT
server: nginx/1.18.0
age: 23123225
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: JsUeuUYSkhGCeqkrPe9BPc6QWSVhQnak5pQumxQCa-whT-9AmZCLVQ==

GET
H2 200 img-logo-ledroit-b9a581ca6b6f8487ec51bd37d839bad9.svg
gcm-production2.omerloclients.com/assets/images/sites/ 5 KB
2 KB 50ms
17ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/sites/img-logo-ledroit-b9a581ca6b6f8487ec51bd37d839bad9.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: da741b0c80dfaf7527a9e787d8a0a6ab3a1c35b2b6e696979744287f8b34c62c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 14:54:40 GMT
content-encoding: gzip
etag: W/"158d-17c4a3cc3b3"
last-modified: Mon, 04 Oct 2021 07:37:48 GMT
server: nginx/1.18.0
age: 16938875
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: 9bMXv0-tGRvP0PF-TLsvB2er2zZNLyqtILL7Wa1P13Z5uzHNSzrAWg==

GET
H2 200 img-logo-lequotidien-c669f875f82835c27a416201322cbd8f.svg
gcm-production2.omerloclients.com/assets/images/sites/ 7 KB
3 KB 14ms
14ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/sites/img-logo-lequotidien-c669f875f82835c27a416201322cbd8f.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 44ea0066992762110b18880e58f968fa5dc3af9a051c057a5e689bed7d47158d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 30 Aug 2021 04:37:00 GMT
content-encoding: gzip
etag: W/"1bd1-17b7c357f08"
last-modified: Wed, 25 Aug 2021 07:28:05 GMT
server: nginx/1.18.0
age: 19999936
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: jvn5Wy6kn3hbByUC_ENpxaIyKoELrG3vQI9UHWqe-0MCc_t1EWvqqA==

GET
H2 200 img-logo-latribune-48da3f5a325b8d303ce470ff85ceeb02.svg
gcm-production2.omerloclients.com/assets/images/sites/ 6 KB
3 KB 15ms
15ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/sites/img-logo-latribune-48da3f5a325b8d303ce470ff85ceeb02.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: ec98c39f5c2d07120b2958675d626739610d6f8759a923a08b3392043d30f095

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 10 Apr 2022 23:19:46 GMT
content-encoding: gzip
etag: W/"19f6-18014a3d901"
last-modified: Sun, 10 Apr 2022 18:02:03 GMT
server: nginx/1.18.0
age: 665370
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: ioHy9bEbu5FD2KKDYhIhEOjwqXSzMVxBeGgq11T9vu2LwOmFUCEe0A==

GET
H2 200 img-logo-lavoixdelest-9cc995367a9139c0ee90098a7de975f9.svg
gcm-production2.omerloclients.com/assets/images/sites/ 7 KB
3 KB 15ms
14ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/sites/img-logo-lavoixdelest-9cc995367a9139c0ee90098a7de975f9.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: b369199a64f2c100cfba46ea9b4bdfc807bd7a164307905edfcdd381f06d0526

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 19:02:21 GMT
content-encoding: gzip
etag: W/"1d9f-17ff06dffaf"
last-modified: Sun, 03 Apr 2022 17:16:55 GMT
server: nginx/1.18.0
age: 1285615
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: f-5UrJScGegtgSNZmVuT9MA0cwA0Hyr8he2ZTYybVV6H86UAStvqIQ==

GET
H2 200 img-logo-lesoleil-color-a569ac6604937f1507ff859e83dc76ad.svg
gcm-production2.omerloclients.com/assets/images/sites/ 6 KB
2 KB 15ms
15ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/sites/img-logo-lesoleil-color-a569ac6604937f1507ff859e83dc76ad.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 05cc12ba65eab7b80323c9495fcddf6d89a85ea33c32c8ed8eaa3947253160bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sun, 23 Jan 2022 19:39:03 GMT
content-encoding: gzip
age: 7331413
x-powered-by: Express
x-cache: Hit from cloudfront
content-length: 2054
last-modified: Sat, 22 Jan 2022 10:32:10 GMT
server: nginx/1.18.0
etag: W/"1633-17e8157ef9b"
vary: Accept-Encoding
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: p2hXCL_oeA6x4-BPc4AEq4oKSp0KV3QY-l6TWm12lF_239f-OYVRzQ==

GET
H2 200 bg-container-d7a130296c43dbdfbabcf81949969a84.png
gcm-production2.omerloclients.com/assets/images/ 218 B
570 B 13ms
13ms Image
image/png 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/bg-container-d7a130296c43dbdfbabcf81949969a84.png
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/gcm-812b771098a82a5fc69d7c580758d6a7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 157f9a1d6165ed3c8d9a331da4ff096ee0acef49d0e87bbcdcffe69b1c4031d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gcm-production2.omerloclients.com/assets/gcm-812b771098a82a5fc69d7c580758d6a7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 31 Dec 2021 07:07:21 GMT
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
etag: W/"da-17e05f1be36"
last-modified: Wed, 29 Dec 2021 11:27:16 GMT
server: nginx/1.18.0
age: 9363715
x-powered-by: Express
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 218
x-amz-cf-id: PVj6LcYeig7nqg3ZlhPYoAAtoZznU08hCvJPM7M8rUKFxqizG7xNww==

GET
H2 200 SlGQmQieoJcKemNecTUEhQ.woff2
fonts.gstatic.com/s/volkhov/v15/ 27 KB
27 KB 61ms
10ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/volkhov/v15/SlGQmQieoJcKemNecTUEhQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Volkhov:400,400i,700,700i|Work+Sans:400,500,600,700|Open+Sans:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

772fa5a279ecad537bea7d71690183408a9aff38f71a094a2dff5698c724d9f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.lesoleil.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 22:14:32 GMT
x-content-type-options: nosniff
age: 582884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27436
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 19:36:56 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Apr 2023 22:14:32 GMT

GET
H2 200 QGYsz_wNahGAdqQ43Rh_fKDp.woff2
fonts.gstatic.com/s/worksans/v16/ 47 KB
48 KB 85ms
35ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/worksans/v16/QGYsz_wNahGAdqQ43Rh_fKDp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Volkhov:400,400i,700,700i|Work+Sans:400,500,600,700|Open+Sans:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.lesoleil.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 16 Apr 2022 22:32:21 GMT
x-content-type-options: nosniff
age: 149815
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48480
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:24:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 16 Apr 2023 22:32:21 GMT

GET
H2 200 SlGVmQieoJcKemNeeY4hkHNSbQ.woff2
fonts.gstatic.com/s/volkhov/v15/ 26 KB
27 KB 73ms
23ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/volkhov/v15/SlGVmQieoJcKemNeeY4hkHNSbQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Volkhov:400,400i,700,700i|Work+Sans:400,500,600,700|Open+Sans:400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6659edd30afbce2323bb2b3443be4e8a5258d1260d0e68fd99df4d828f0ff718

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.lesoleil.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 22:22:05 GMT
x-content-type-options: nosniff
age: 582431
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27036
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 19:37:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Apr 2023 22:22:05 GMT

GET
H2 200 resize
images.omerlocdn.com/ 38 KB
39 KB 1043ms
999ms Image
image/webp 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.omerlocdn.com/resize?url=https%3A%2F%2Fgcm.omerlocdn.com%2Fproduction%2Fglobal%2Ffiles%2Fimage%2F09902be2-1059-47ad-84dc-51a333c88493.jpg&width=1024&type=webp&stripmeta=true
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: nginx/1.18.0 /
Resource Hash: f014ab6831432be7cd3c191b88d6d3b4c1a05ba510620d0f202e02c59a016726

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA56-P6
x-ratelimit-remaining: 100
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, s-maxage=31536000, max-age=31536000, no-transform
x-ratelimit-reset: 1
x-ratelimit-limit: 101
content-length: 39166
x-amz-cf-id: xugBicLZzZBohN9WSBXAVMhP_vxYkXErbwpRIHFZoc5K0GLUSvryLw==
expires: Tue, 18 Apr 2023 16:09:16 GMT

GET
H2 200 polyfill-shared-b88b9ba0dd77cb5a179cf3e1dbfec274.js Show response
gcm-production2.omerloclients.com/assets/ 14 KB
6 KB 12ms
11ms Script
application/javascript 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gcm-production2.omerloclients.com/assets/polyfill-shared-b88b9ba0dd77cb5a179cf3e1dbfec274.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: e0c5465f459500c3eacbdf79bde16c8ea7d9881422dd11ac7be5f62b61fa2e16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 24 Nov 2021 05:18:56 GMT
content-encoding: gzip
etag: W/"371c-17d46f700c2"
last-modified: Mon, 22 Nov 2021 09:25:32 GMT
server: nginx/1.18.0
age: 12567020
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: ha20u11RBzV0G4FZ3gzpFjd02VtLI_S16IDXN0SP0wCNgqRjt6bJ4g==

GET
H2 200 polyfill-evergreen-5d35460e29df71f4aefc2033b0532cf8.js Show response
gcm-production2.omerloclients.com/assets/ 275 B
665 B 17ms
16ms Script
application/javascript 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gcm-production2.omerloclients.com/assets/polyfill-evergreen-5d35460e29df71f4aefc2033b0532cf8.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: e08b0ff7f2bb5dee049a32dab138af86d7eb7a613c98f61cf08eb703ebc5908e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 22 Sep 2021 20:51:02 GMT
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
etag: W/"113-17c0f4332f6"
last-modified: Wed, 22 Sep 2021 20:47:14 GMT
server: nginx/1.18.0
age: 17954294
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 275
x-amz-cf-id: Jfa1aETV2Igs5mRfZEzRAyIlbroNawE1PyRfaNEn6h6rfyaWyw3m-Q==

GET
H2 200 vendor-d06260cb0611cf721d8848baa7d70649.js Show response
gcm-production2.omerloclients.com/assets/ 3 MB
559 KB 17ms
17ms Script
application/javascript 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: b102fc918f837700d56d7582ee5e8d1ab8e5b85d072cc4a245c4e81174a3e99e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:24:11 GMT
content-encoding: gzip
etag: W/"33874a-17f8904813b"
last-modified: Mon, 14 Mar 2022 15:20:48 GMT
server: nginx/1.18.0
age: 3026705
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: s48cRXueHLgvje4HQmlOTuiUPn2eB1gxELRI1hY0GIbmCcSrE23Bvw==

GET
H2 200 gcm-cf94cdba30fe416e11754f25d5939190.js Show response
gcm-production2.omerloclients.com/assets/ 1 MB
141 KB 76ms
36ms Script
application/javascript 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gcm-production2.omerloclients.com/assets/gcm-cf94cdba30fe416e11754f25d5939190.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 25cbc8a8357f893fe7ee7d5d12b33daccd8f3244b86efb92575051cba51f655d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 15:32:37 GMT
content-encoding: gzip
etag: W/"105527-17f89041e84"
last-modified: Mon, 14 Mar 2022 15:20:22 GMT
server: nginx/1.18.0
age: 3026199
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: SMWtkr105Q4nqDqPAmyPQisAy8s1DbyH9o_XsNRpt2YeR2Ny5MpLQQ==

GET
H2 200 madops.js Show response
rdc.m32.media/ 56 KB
16 KB 194ms
115ms Script
application/javascript 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/madops.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: 48314bca6a877c6ca70c34c4bd60020b3074cc017979239086489a16d1cee26b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:16 GMT
content-encoding: gzip
last-modified: Fri, 15 Apr 2022 18:41:15 GMT
server: nginx/1.10.3
etag: W/"6259bc4b-df7f"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900, public
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google
expires: Mon, 18 Apr 2022 16:24:16 GMT

GET
H2 200 swg-gaa.js Show response
news.google.com/swg/js/v1/ 65 KB
17 KB 86ms
8ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-gaa.js

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf604a2452aa95b02d12e3d2873cd1847fdc1508234277f42788e84b93dafe83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 15:59:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17265
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:24:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 16:49:45 GMT

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 145 KB
45 KB 89ms
11ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

420cf4b339a69a9a3ffafbebd48db71dcdaf2ce3f74cadc2351ebc899e9b5f46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 15:56:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45620
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:24:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 16:46:43 GMT

GET
H2 200 platform.js Show response
apis.google.com/js/ 52 KB
21 KB 76ms
17ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/platform.js

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

da1240738eef80e8630a5749b9258e33d7669859ba8a5ed1da81978092ed03af

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20361
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
date: Mon, 18 Apr 2022 16:09:16 GMT
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "7f7a2546d54bb430"
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 18 Apr 2022 16:09:16 GMT

GET
H3 200 custom.json Show response
rdc.m32.media/adops/custom_files/lesoleil.com/ 3 KB
1007 B 132ms
117ms XHR
application/json 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/adops/custom_files/lesoleil.com/custom.json
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: 8399e9c702512d0a428f47ac6e07fd6fbce30ab3d386829835530639caebb211

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: gzip
last-modified: Mon, 18 Apr 2022 10:43:40 GMT
server: nginx/1.10.3
etag: W/"625d40dc-b18"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google
expires: Mon, 18 Apr 2022 16:24:17 GMT

GET sw.js
www.lesoleil.com/ Frame 0
0

GET
H2 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 12ms
11ms Stylesheet
text/css 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bde06a0400c168573473e2de967d842eec383f2f755aef4ec017b2f333e7ff85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:05:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6457
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 22:09:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 16:55:59 GMT

GET
H3 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 25ms
24ms Other
image/svg+xml 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 15:54:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 16:44:46 GMT

GET
H3 200 entitlements Show response
news.google.com/swg/_/api/v1/publication/lesoleil.com/ 2 B
60 B 92ms
91ms Fetch
application/json 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/lesoleil.com/entitlements

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: https://www.lesoleil.com
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce Show response
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=10369596&t=1&_=1650298156850
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D10369596%26t%3D1%26_%3D1650298156850

0
1019 B

13ms
11ms

Script
application/javascript

37.252.172.250
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D10369596%26t%3D1%26_%3D1650298156850

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

HTTP/1.1

Server

37.252.172.250 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 16:09:17 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1fbc7e38-3ddf-43ba-86ad-19a2cd5d14d2
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 18 Apr 2022 16:09:17 GMT
X-Proxy-Origin: 138.199.38.132; 138.199.38.132; 538.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9616e0e0-6390-468e-bdbc-31253eca022c
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D10369596%26t%3D1%26_%3D1650298156850
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK freeskreen.min.js Show response
static.freeskreen.com/publisher/2973/ 4 KB
2 KB 68ms
21ms Script
text/javascript 108.138.17.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/publisher/2973/freeskreen.min.js?_=1650298156851
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9a9741eec47b8cad398506cff0b397017e4707746190f950ded4401f8dd175b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: Jl9ghJ5IuzfWxgaN2aXcWlNlGYpEbpEJ
Content-Encoding: gzip
Last-Modified: Fri, 25 May 2018 13:15:49 GMT
Server: AmazonS3
Age: 44476
ETag: "53ed200bdd4043b8fb2ad88e5f0cde22"
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
Connection: keep-alive
Date: Mon, 18 Apr 2022 03:48:02 GMT
X-Amz-Cf-Pop: FRA56-P7
Accept-Ranges: bytes
Content-Length: 1632
X-Amz-Cf-Id: Y2jYf8ZMRbeHZoK4W7tDlJ2eHaPLZwoxduUrA4iVw9fT5jk6AnvdrA==

OPTIONS
H2 200 view
analytics360.omerloclients.com/ Frame 0
0 326ms
286ms Preflight
application/json 18.66.139.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics360.omerloclients.com/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-67.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.lesoleil.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Mon, 18 Apr 2022 16:09:17 GMT
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-apigw-id: QyL_KEgQoAMFSqQ=
x-amz-cf-id: QfNYGMQeOqqXbBiP_AX0b4qiZMOqraJ61oEtstlXp_4fTTcls8f5UA==
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: 9edf19ad-c160-47d6-bef0-45874b5cc3ce
x-cache: Miss from cloudfront

GET
H2 200 banner-bg-aadabdd7c953b85a935465a10d47c51c.jpg
gcm-production2.omerloclients.com/assets/images/paywall/ 20 KB
21 KB 12ms
12ms Image
image/jpeg 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/paywall/banner-bg-aadabdd7c953b85a935465a10d47c51c.jpg
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/gcm-812b771098a82a5fc69d7c580758d6a7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 604e7027286c010d4f0b64291b51b80b9d4df493077cd40e72c4da0db8580bbd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gcm-production2.omerloclients.com/assets/gcm-812b771098a82a5fc69d7c580758d6a7.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 08 Jan 2022 20:26:44 GMT
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
etag: W/"5166-17e37836f17"
last-modified: Sat, 08 Jan 2022 02:27:47 GMT
server: nginx/1.18.0
age: 8624553
x-powered-by: Express
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
content-length: 20838
x-amz-cf-id: duVrSjpfwsaz-kZRkpgVADEPfqVPjHgnqNn-1K9n1SKCxW5dUd-YdQ==

GET
H2 200 cf2b5b903b414656c2d16992c6bf0c34.json Show response
gcm.omerlocdn.com/production/lesoleil/related-contents/ 7 KB
8 KB 141ms
102ms Fetch
application/json 13.32.121.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gcm.omerlocdn.com/production/lesoleil/related-contents/cf2b5b903b414656c2d16992c6bf0c34.json

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-54.fra60.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

5d09b874a86b9b73767b7e9a63d6172d99f3b411943760a5c8838614ceaa726b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self'
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 82670
cross-origin-window-policy: deny
x-cache: Hit from cloudfront
content-length: 7272
x-xss-protection: 1; mode=block
x-request-id: Fua-PgF2LjqSY-k6LvIS
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
date: Sun, 17 Apr 2022 17:11:27 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: iZPw4v0kSyVWpDUkgCGtRtUCN9nZBIgKKkCnfo9M0k7tavuDxVofgw==

GET
H2 200 popular-news.json Show response
gcm.omerlocdn.com/production/lesoleil/ 68 KB
68 KB 47ms
11ms Fetch
application/json 13.32.121.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gcm.omerlocdn.com/production/lesoleil/popular-news.json?media=web

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-54.fra60.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

209812faa749c2e8a6345e7bdf92a174329c8fee04ceeff0de543bcc12e958e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self'
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 233
cross-origin-window-policy: deny
x-cache: Hit from cloudfront
content-length: 69326
x-xss-protection: 1; mode=block
x-request-id: FucJN6SqCW-BJnZAaziR
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
date: Mon, 18 Apr 2022 16:05:23 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: jBj8kRPUnnTwM4PV-hXJWlA4FoNgYlzZiy-4P2IqimrlrdVdOFI7cw==

GET
H2 200 contents.json Show response
gcm.omerlocdn.com/production/global/ 49 KB
49 KB 46ms
11ms Fetch
application/json 13.32.121.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gcm.omerlocdn.com/production/global/contents.json?nb=30&organizations=lesoleil&templates=sponsored&types=article%2Cdossier

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-54.fra60.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

ad705785599c3fb1d7e101eea1747d4f1c7ff9c4c8e74cd7f03d5c2d1f0f34c4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self'
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 70
cross-origin-window-policy: deny
x-cache: Hit from cloudfront
content-length: 49898
x-xss-protection: 1; mode=block
x-request-id: FucJXdBU0Y7MmeZAbeaB
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
date: Mon, 18 Apr 2022 16:08:07 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: 9TrB9u_jB4sbpL4i7Y5GDECiz0nghGqI2-t59HwM_Wq26G9MzHfjcA==

GET
H2 200 politique.json Show response
gcm.omerlocdn.com/production/lesoleil/site/sections/actualite/ 57 KB
58 KB 565ms
543ms Fetch
application/json 13.32.121.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gcm.omerlocdn.com/production/lesoleil/site/sections/actualite/politique.json

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-54.fra60.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

2cc0e95ec73aac5db61e54d0220192b8722217a769f9d3c87ff8fc994a6d0f50

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self'
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: FRA60-P1
cross-origin-window-policy: deny
x-cache: Miss from cloudfront
content-length: 58732
x-xss-protection: 1; mode=block
x-request-id: FucJbkSQhKIb-CI_AEHy
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
date: Mon, 18 Apr 2022 16:09:17 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=900
etag: 6126BCB
x-amz-cf-id: 4wXbAqeX1pOLH47mLkuoNaW9BOFw17M46OzceIsS7YLqbsi5Qzq5aw==

GET
H2 200 pages Show response
gcm.omerlocdn.com/production/lesoleil/ 142 KB
143 KB 23ms
11ms Fetch
application/json 13.32.121.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gcm.omerlocdn.com/production/lesoleil/pages

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-54.fra60.r.cloudfront.net

Software

nginx/1.18.0 /

Resource Hash

a21d0870a736a7bf9869b1e72767c210b0785c99226c0c17d0a7773693616a08

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src 'self'
via: 1.1 9ef1b108656dc6d0707b168b862883dc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
age: 3245
cross-origin-window-policy: deny
x-cache: Hit from cloudfront
content-length: 145567
x-xss-protection: 1; mode=block
x-request-id: FucGerip6FusbyRAPZ7R
server: nginx/1.18.0
x-frame-options: SAMEORIGIN
date: Mon, 18 Apr 2022 15:15:12 GMT
x-download-options: noopen
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: PGLvSyulDvGZ_Jfjbj6ksrWdhEPbKxGD41D2bau_roNW6k-gvmQT4w==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 189 KB
59 KB 66ms
29ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MRPMG73

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4ed1b460ce0c6cc6c4a994071beb40412026adbec9f726201371d826401505a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60265
x-xss-protection: 0
expires: Mon, 18 Apr 2022 16:09:17 GMT

POST
H2 201 view Show response
analytics360.omerloclients.com/ 8 B
388 B 318ms
310ms Fetch
application/json 18.66.139.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics360.omerloclients.com/view
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-67.fra60.r.cloudfront.net
Software: /
Resource Hash: bebe9f7520f45e551824558d8c8291c429a32f508c9a6a42b9bfa91a062e53de

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
X-Api-Key: 556e98ed302e4c53b6bc3ee69ebdd39f
Content-Type: application/json

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: eda94606-c738-407c-a272-b7aeb6fd9285
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-amzn-trace-id: Root=1-625d8d2d-61fcc8a0799558b73485462f;Sampled=0
x-amz-apigw-id: QyL_NHowoAMFgJw=
content-length: 8
x-amz-cf-id: w2qNv_rFNexlh_kvQJXS3Bg2iPHDY_PlDl7v_CV3v2Ksgd5HAWlO5A==

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 77ms
20ms Script
application/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 6RTeJ.t3xDSJXjTxhAMtPfr9IcIsozAE
content-encoding: gzip
etag: 4abd427e43cd6822329a2c05539e321f
age: 114
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 04TMCK0XK34MTZBFVGGP
date: Mon, 18 Apr 2022 16:07:22 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a2eae5bb517678c9d6b43a2731b4462e.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: GGVngn8gbffzFWpfOiRqdoEwAmmf13bWw_KIWzTPsvOx4yxuzUGmTg==

GET
H3 200 m32pixel.js Show response
rdc.m32.media/ 61 KB
17 KB 197ms
121ms Script
application/javascript 35.227.246.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rdc.m32.media/m32pixel.js
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.246.163 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 163.246.227.35.bc.googleusercontent.com
Software: nginx/1.10.3 /
Resource Hash: 069f695140cae015bfd9f54836c257da65969097a565500f49adb1a262ae6719

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: gzip
last-modified: Mon, 04 Apr 2022 18:37:47 GMT
server: nginx/1.10.3
etag: W/"624b3afb-f449"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=900
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google
expires: Mon, 18 Apr 2022 16:24:17 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158605/3482/ 431 KB
132 KB 48ms
9ms Script
text/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158605/3482/pwt.js
Requested by: Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a28a7909e8f0cf80f78bcdd264e45d97592903202da1ddce78f06a120e82527d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: gzip
last-modified: Thu, 07 Apr 2022 20:27:24 GMT
server: Apache/2.2.15 (CentOS)
etag: "1101851-6bd77-5dc164e50d743"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=16664
accept-ranges: bytes
content-type: text/javascript
content-length: 134607
expires: Mon, 18 Apr 2022 20:47:01 GMT

GET
H/1.1 200
OK current Show response
weather.omerloclients.com/ 9 KB
9 KB 62ms
9ms Fetch
application/json 13.32.99.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://weather.omerloclients.com/current?lang=fr&units=metric&lat=46.81&lon=-71.21
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-4.fra60.r.cloudfront.net
Software: /
Resource Hash: f64a2cf77dc91e4362a2d41df0bd881632856dd4fc6a324736168e885b776533

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 15:57:57 GMT
Via: 1.1 7a18a0a1d9929dae345690b88b08dd5e.cloudfront.net (CloudFront), 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
Connection: keep-alive
Age: 680
x-amzn-RequestId: 148c1bd7-9ad4-48ae-8f1a-43af51f51da1
X-Cache: Hit from cloudfront
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800
X-Amzn-Trace-Id: Root=1-625d8a84-14bc67dc4bf81a184c13a4fe;Sampled=0
X-Amz-Cf-Pop: FRA2-C1, FRA60-P3
x-amz-apigw-id: QyKUzGS3oAMFffQ=
Content-Length: 8722
X-Amz-Cf-Id: 4iCsUoWe6lOS5OjD4cmAZFiWgIqDESjR755QNxfC87wPLzn_7FpOTg==

GET
H3 200 serviceiframe Show response
news.google.com/swg/_/ui/v1/ Frame 0FB1 24 KB
8 KB 81ms
81ms Document
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/ui/v1/serviceiframe?_=458416&publicationId=lesoleil.com

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8a1725deefe80c11945877868111dabbc2a552e3b82fa5c15c0bef9cd206c810

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-CONb59FULCnUDhpnGjyv/g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-CONb59FULCnUDhpnGjyv/g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.lesoleil.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport script-src 'report-sample' 'nonce-CONb59FULCnUDhpnGjyv/g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-CONb59FULCnUDhpnGjyv/g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
content-type: text/html; charset=utf-8
cross-origin-resource-policy: same-site
date: Mon, 18 Apr 2022 16:09:17 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options: nosniff
x-ua-compatible: IE=edge
x-xss-protection: 0

GET
H2 200 script.js Show response
sb.freeskreen.com/publisher/ 74 KB
22 KB 94ms
59ms Script
text/html 18.66.122.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.freeskreen.com/publisher/script.js?pid=2973&ut=&uts=&flc=2022&slc=&windowlocation=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&gdpr=-1&cs=-1
Requested by: Host: static.freeskreen.com
URL: https://static.freeskreen.com/publisher/2973/freeskreen.min.js?_=1650298156851
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-46.fra60.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: 61a8d09ad402505ec098bf2f631f477e26d20dea6484c96e55a46b7f10fafae8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: gzip
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA60-P2
vary: Accept-Encoding
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)
cache-control: no-cache, no-store, must-revalidate
content-type: text/html;charset=UTF-8
content-length: 21459
x-amz-cf-id: By2wpO5efz1HKpamG6qagkmJBR_b7CFR1k3U9jo-9_XZhM7UYV6CdQ==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 SlGSmQieoJcKemNecTA0h1R3.woff2
fonts.gstatic.com/s/volkhov/v15/ 22 KB
22 KB 35ms
9ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/volkhov/v15/SlGSmQieoJcKemNecTA0h1R3.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Volkhov:400,400i,700,700i|Work+Sans:400,500,600,700|Open+Sans:400,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

95056cde8fc60350eece66c30a6b3926915d469ad7f55ab883d8d3ca033f0f39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.lesoleil.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 22:14:57 GMT
x-content-type-options: nosniff
age: 582860
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22768
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 19:36:57 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 11 Apr 2023 22:14:57 GMT

GET
H2 200 resize
images.omerlocdn.com/ 25 KB
25 KB 209ms
207ms Image
image/webp 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.omerlocdn.com/resize?url=https%3A%2F%2Fgcm.omerlocdn.com%2Fproduction%2Fglobal%2Ffiles%2Fimage%2F34fc8025-7869-417c-ac2d-00b247afbf9e.jpg&width=1024&type=webp&stripmeta=true
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: nginx/1.18.0 /
Resource Hash: c748de5b3a4fc12f6a1a5366604e6208c9299d67031d73bf7845cec09dacb71c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA56-P6
x-ratelimit-remaining: 100
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, s-maxage=31536000, max-age=31536000, no-transform
x-ratelimit-reset: 1
x-ratelimit-limit: 101
content-length: 25356
x-amz-cf-id: XFzFPnsOdPHK_vDbwsYEz4VajXC1rbibozjHXOB1jON3TGqdSojzaA==
expires: Tue, 18 Apr 2023 16:09:17 GMT

GET
H2 200 resize
images.omerlocdn.com/ 61 KB
61 KB 427ms
426ms Image
image/webp 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.omerlocdn.com/resize?url=https%3A%2F%2Fgcm.omerlocdn.com%2Fproduction%2Fglobal%2Ffiles%2Fimage%2Fb907f371-230b-4a1e-9b52-718b6a2f09f0.jpg&width=1024&type=webp&stripmeta=true
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: nginx/1.18.0 /
Resource Hash: 246968dfccf0e91e328ae654e6cb50595f05eb49fe12555bc2c18f15a6f4203a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA56-P6
x-ratelimit-remaining: 100
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, s-maxage=31536000, max-age=31536000, no-transform
x-ratelimit-reset: 1
x-ratelimit-limit: 101
content-length: 62254
x-amz-cf-id: LqEU5yvto2hiro7YefdB3BSSZT3twJuFQSLRrUxHoThkkl-_xU-e9w==
expires: Tue, 18 Apr 2023 16:09:17 GMT

GET
H2 200 resize
images.omerlocdn.com/ 31 KB
31 KB 283ms
282ms Image
image/webp 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.omerlocdn.com/resize?url=https%3A%2F%2Fgcm.omerlocdn.com%2Fproduction%2Fglobal%2Ffiles%2Fimage%2F148011c0-5a41-4d56-b0c9-65ad11c6fef9.jpeg&width=1024&type=webp&stripmeta=true
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: nginx/1.18.0 /
Resource Hash: 5dcffd379af91af6a46848d1f14685220173feaf8216a06c84bff788ab5f6ed2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA56-P6
x-ratelimit-remaining: 100
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, s-maxage=31536000, max-age=31536000, no-transform
x-ratelimit-reset: 1
x-ratelimit-limit: 101
content-length: 31604
x-amz-cf-id: 3J20Isy_fyNF-5qZdEUcJSMGqwgNK81eHXrXVVVNkSNMJfWqcvNXwQ==
expires: Tue, 18 Apr 2023 16:09:17 GMT

GET
H2 200 resize
images.omerlocdn.com/ 76 KB
77 KB 474ms
473ms Image
image/webp 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.omerlocdn.com/resize?url=https%3A%2F%2Fgcm.omerlocdn.com%2Fproduction%2Fglobal%2Ffiles%2Fimage%2Fdb11501e-a972-49c6-9fa1-a5b91e58ae0f.jpg&width=1024&type=webp&stripmeta=true
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: nginx/1.18.0 /
Resource Hash: c6646ddd5665bcc1f6d6f16878626c562e9e20481de1b2f26af299a620f49788

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA56-P6
x-ratelimit-remaining: 99
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, s-maxage=31536000, max-age=31536000, no-transform
x-ratelimit-reset: 1
x-ratelimit-limit: 101
content-length: 78044
x-amz-cf-id: 9sO8yPtXV--qCrbrasH2jaVojAMSZBsfOVXXkjxKRoA1q6AGv1JvKA==
expires: Tue, 18 Apr 2023 16:09:17 GMT

POST
H3 204 cspreport
news.google.com/_/SubscribewithgoogleClientUi/ Frame 0FB1 0
25 B 39ms
38ms Other
text/html 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/cspreport

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-yChnbpfWDcwTbI8PDtDAag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-yChnbpfWDcwTbI8PDtDAag' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/_/ui/v1/serviceiframe?_=458416&publicationId=lesoleil.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
date: Mon, 18 Apr 2022 16:09:17 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-yChnbpfWDcwTbI8PDtDAag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-yChnbpfWDcwTbI8PDtDAag' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 57ms
13ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MRPMG73

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6726
date: Mon, 18 Apr 2022 14:17:11 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 18 Apr 2022 16:17:11 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 53ms
14ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26311
x-xss-protection: 0
pragma: public
x-fb-debug: JnK2qxPwnU7O3qX25A7+vS/tKR/uNIR1Dn2WtBt6QfHDCQl+09rjc3+rD9JgA4I5SmoUTd5n80iiEIRHnY8tyw==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Mon, 18 Apr 2022 16:09:17 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 178 KB
66 KB 60ms
26ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FDLYVLLX4S&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MRPMG73

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b2ddc2506ebb82906c49c0c8eacac7f810f8f85803a2baa92dfe8547630dcea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67136
x-xss-protection: 0
expires: Mon, 18 Apr 2022 16:09:17 GMT

GET
H2 200 get-loader.js Show response
loader.wisepops.com/ 69 KB
22 KB 197ms
33ms Script
text/javascript 2606:4700:20::681a:a13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://loader.wisepops.com/get-loader.js?v=1&site=sarejKhu5Y
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d68e1008f0358d11f607300363e565473f9f18c0e60bea178d12d7bf81f2207b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 18 Apr 2022 14:45:28 GMT
server: cloudflare
age: 5029
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RyUjT9WItFmbTzlEtjOxnaWeiNE46ixKXcHj10vSHrTu5BEOKg7AsuOHflZlc6fCvXECVXki42tNU9XRDITNrZW%2FOeLRetqH4Hl6asuGLXYzmlDr1OkFfYawQfOBALm0e5fGwQU5eHxpwxDyUQL5H08%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
x-cloud-trace-context: 34316885815a968a655bbe2280b704a6
cache-control: private, max-age=1800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6fdea9feadb190e0-FRA

GET
H2 200 track.js Show response
assets.customer.io/assets/ 5 KB
2 KB 173ms
12ms Script
application/javascript 2600:9000:223c:4400:11:9cfd:9400:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.customer.io/assets/track.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:4400:11:9cfd:9400:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 765618d1667ba791f2d492d121d2da42ff7d7e079a4773462a381ac9aceab0c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 04:28:34 GMT
content-encoding: gzip
last-modified: Thu, 02 Sep 2021 23:16:41 GMT
server: AmazonS3
age: 42044
etag: W/"15e89eedddf82c193d5c3574b756f5a7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0c688bb347bc402edc1209f13e04d88c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: NuwnenkeZwP6FmNJF46YdCUmtJqBWNDBlKWV2xw-MlsvyJRHL3jtNg==

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 16ms
14ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Volkhov:400,400i,700,700i|Work+Sans:400,500,600,700|Open+Sans:400,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.lesoleil.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 22:45:07 GMT
x-content-type-options: nosniff
age: 494650
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Apr 2023 22:45:07 GMT

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
2 KB 101ms
20ms XHR
application/json 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220418

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88816b4e9d2b1e7455a8edb3b081950d1be6c35f4da7af91a166b9c9a8f1edb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4099
x-jsd-version: 1.0.1315
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19127-FRA, cache-itm18838-ITM
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"66a-wQwi4smevNnXCt7tNKOGzazdc+4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxiOQ6tgRzDp%2BBux9MFfn5pxqk6JQebvl49aBJuQMjAETpZMoYaF8qsw5xZp7lqLn3VMM%2BgubO6JWWA6FoJQmf%2BGLuoKjkjaV8FMH%2B93HoWPMnpEx3ciRM5CH2qPubfv%2Bh2viVjDJsbKzN6PcCs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6fdea9feccf08fd6-FRA
access-control-expose-headers: *

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
29 KB 101ms
28ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: rdc.m32.media
URL: https://rdc.m32.media/madops.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

6c3664d624873d5ce0348175782a4250165ec1a540b31d84ce1180b172ef14ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28600
x-xss-protection: 0
server: sffe
etag: "1190 / 851 of 1000 / last-modified: 1650280322"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 18 Apr 2022 16:09:17 GMT

GET
H2 200 / Show response
geoloc.m32.media/json/ 242 B
450 B 174ms
103ms XHR
application/json 35.227.201.248
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://geoloc.m32.media/json/

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.201.248 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

248.201.227.35.bc.googleusercontent.com

Software

nginx/1.18.0 (Ubuntu) /

Resource Hash

7a5a84e98d7dd2e4090fb5f006854d1df497956cc9ffb5419011c9b16d1b8cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: gzip
x-database-date: Mon, 18 Apr 2022 02:00:13 GMT
server: nginx/1.18.0 (Ubuntu)
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.lesoleil.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubdomains;
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ Frame 0FB1 21 KB
6 KB 11ms
11ms Stylesheet
text/css 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=458416&publicationId=lesoleil.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bde06a0400c168573473e2de967d842eec383f2f755aef4ec017b2f333e7ff85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:05:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6457
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 22:09:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Mon, 18 Apr 2022 16:55:59 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.vwYO-YZjiRU.es5.O/am=GAAQ/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXT... Frame 0FB1 163 KB
58 KB 80ms
12ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.vwYO-YZjiRU.es5.O/am=GAAQ/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5gqaARr9jj4GPCYtRJvaIUCqOg-g/m=_b,_tp

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=458416&publicationId=lesoleil.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6af0baf64be18d0508e482b1995fc0793c372f338b1fff20e7cbc8a7480b367f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 19:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247132
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58362
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 20:52:27 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 19:30:25 GMT

GET
H2 200 801d-b2e39a48ad28f5cb76d17e776ec3875e.svg
gcm-production2.omerloclients.com/assets/images/weather/ 2 KB
1 KB 9ms
8ms Image
image/svg+xml 13.32.121.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://gcm-production2.omerloclients.com/assets/images/weather/801d-b2e39a48ad28f5cb76d17e776ec3875e.svg
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-5.fra60.r.cloudfront.net
Software: nginx/1.18.0 / Express
Resource Hash: 06ea397a1c521ecd714b10b293ebb632dab3427f5ef12d2917424f2888164f22

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 17:37:50 GMT
content-encoding: gzip
etag: W/"7ad-17a58d8aa94"
last-modified: Tue, 29 Jun 2021 17:37:12 GMT
server: nginx/1.18.0
age: 25309887
x-powered-by: Express
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 490f651effcacfa7d80143d3047d794e.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P1
accept-ranges: bytes
x-amz-cf-id: 4-3cxQE99S0XN9DH5pX4JwN-4ExUOuZPR_MKuv4wPZY9Fdm87VyYgA==

GET
H2 200 resize
images.omerlocdn.com/ 20 KB
21 KB 245ms
242ms Image
image/webp 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.omerlocdn.com/resize?url=https%3A%2F%2Fgcm.omerlocdn.com%2Fproduction%2Fglobal%2Ffiles%2Fimage%2F4a2e66ad-3464-4229-81a7-905dd497ac05.webp&width=1024&type=webp&stripmeta=true
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: nginx/1.18.0 /
Resource Hash: 8df4ae884667dbc5f42da9f26e950324fcb2741cf39f7ae0b7c0307bd42875fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA56-P6
x-ratelimit-remaining: 99
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, s-maxage=31536000, max-age=31536000, no-transform
x-ratelimit-reset: 1
x-ratelimit-limit: 101
content-length: 20832
x-amz-cf-id: jaf46ZqcWh82iit_X0-I2Bn5qlXrln_xIDqHh4odl9F8f8lDyYczlg==
expires: Tue, 18 Apr 2023 16:09:17 GMT

GET
H2 200 resize
images.omerlocdn.com/ 37 KB
37 KB 340ms
337ms Image
image/webp 108.138.7.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.omerlocdn.com/resize?url=https%3A%2F%2Fgcm.omerlocdn.com%2Fproduction%2Fglobal%2Ffiles%2Fimage%2F80f47eaa-8371-4863-a010-c52f6a6459e7.JPG&width=1024&type=webp&stripmeta=true
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.7.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-7-49.fra56.r.cloudfront.net
Software: nginx/1.18.0 /
Resource Hash: b9ba2a1f10f1450dd48433336d8002910eb96242553664ec814e23542e47b425

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
via: 1.1 88cabd6b8652306789c6bc8090fbcb1a.cloudfront.net (CloudFront)
server: nginx/1.18.0
x-amz-cf-pop: FRA56-P6
x-ratelimit-remaining: 100
x-cache: Miss from cloudfront
content-type: image/webp
cache-control: public, s-maxage=31536000, max-age=31536000, no-transform
x-ratelimit-reset: 1
x-ratelimit-limit: 101
content-length: 37654
x-amz-cf-id: x8SJ2K3dvV4roN9oblqfOpL482ew_mmoWOTvBL91btToZjWOYGJ8-w==
expires: Tue, 18 Apr 2023 16:09:17 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 34ms
14ms XHR
application/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: khsXo6Z3HSo5bHNWbmb1eMp88IHhxPc.
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 37455
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 17 Mar 2022 02:21:48 GMT
server: AmazonS3
date: Mon, 18 Apr 2022 05:45:04 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 002af2e4f72157b8b4bd2de012b5b57c.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: 7zRZ5T4DqFFsfvOZGOIEBXFf27-CO4YdHyHJLufflKCKC1aQupT4Hg==

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 78ms
35ms XHR
text/plain 2a00:1450:400c:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-86531657-10&cid=280926878.1650298158&jid=231913250&gjid=797150143&_gid=1766050049.1650298158&_u=YGBAgEABAAAAAE~&z=713896721

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 18 Apr 2022 16:09:18 GMT
content-type: text/plain
access-control-allow-origin: https://www.lesoleil.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 38ms
16ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2113296135&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Article&ea=View&el=cf2b5b903b414656c2d16992c6bf0c34&_u=YGDAAEABAAAAAG~&jid=875890335&gjid=1642142217&cid=280926878.1650298158&tid=UA-86531657-4&_gid=1766050049.1650298158&_r=1&gtm=2wg4d0MRPMG73&z=1847502544

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lesoleil.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 13ms
12ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Article&ea=View&el=cf2b5b903b414656c2d16992c6bf0c34&_u=YGBAgEAB~&jid=231913250&gjid=797150143&cid=280926878.1650298158&tid=UA-86531657-10&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&cd3=0&cd5=0&cd6=Jim%20Bronskill&cd7=Actualit%C3%A9s&z=1541081888

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79411
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 13ms
11ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=pageview&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDAiEABBAAAAG~&jid=&gjid=&cid=280926878.1650298158&tid=UA-86531657-10&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&cd3=0&cd5=0&cd6=Jim%20Bronskill&cd7=Actualit%C3%A9s&z=1245927350

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79411
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 12ms
10ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=pageview&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGDACEABBAAAAG~&jid=&gjid=&cid=280926878.1650298158&tid=UA-86531657-4&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&z=466725337

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79411
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 11ms
10ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Article&ea=LoadContentItems&el=cf2b5b903b414656c2d16992c6bf0c34&_u=YGDAiEABBAAAAG~&jid=&gjid=&cid=280926878.1650298158&tid=UA-86531657-10&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&cd3=0&cd5=0&cd6=Jim%20Bronskill&cd7=Actualit%C3%A9s&z=1222520682

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79411
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 11ms
10ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79411
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 12ms
10ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Tracking&ea=10&el=%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&_u=YGDAiEABBAAAAG~&jid=&gjid=&cid=280926878.1650298158&tid=UA-86531657-10&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&cd3=0&cd5=0&cd6=Jim%20Bronskill&cd7=Actualit%C3%A9s&z=1043213810

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79411
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 12ms
11ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Paywall%20Hit&ea=%0A%20%20%20%20%20%20%20%20%20%20Ce%20contenu%20vous%20est%20offert%20gratuitement%2C%20il%20vous%20reste%202%20contenus%20%C3%A0%20consulter%20ce%20mois-ci.%0A%20%20%20%20%20%20&el=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes&_u=YGDAiEABBAAAAG~&jid=&gjid=&cid=280926878.1650298158&tid=UA-86531657-10&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&cd3=0&cd5=0&cd6=Jim%20Bronskill&cd7=Actualit%C3%A9s&z=1902008432

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79411
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ac Show response
ww1772.smartadserver.com/ 2 KB
1 KB 193ms
19ms Script
application/javascript 185.86.137.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ww1772.smartadserver.com/ac?pgid=662773&insid=7974420&tmstp=2322099698&out=js
Requested by: Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?pid=2973&ut=&uts=&flc=2022&slc=&windowlocation=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&gdpr=-1&cs=-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 49e90e0b934d3a353cf9c68e5971594386388d23a99d19726af18f4f60cd29a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:17 GMT
content-encoding: br
vary: Accept-Encoding
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
x-smrt-i: 7974420
cache-control: no-cache,no-store
transfer-encoding: chunked
content-type: application/javascript; charset=UTF-8

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 29F3
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west

281 B
554 B

40ms
8ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Requested by: Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?pid=2973&ut=&uts=&flc=2022&slc=&windowlocation=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&gdpr=-1&cs=-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.lesoleil.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2022 16:09:18 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 18 Apr 2022 16:09:18 GMT
location: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
server: AkamaiGHost

GET
H/1.1

200
OK

getuid
sync.smartadserver.com/
Redirect Chain

https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D
https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1

0
75 B

25ms
18ms

Image
text/plain

185.86.139.113
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: HTTP/1.1
Server: 185.86.139.113 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
content-length: 0

Redirect headers

location: https://sync.smartadserver.com:443/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1
pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
cache-control: no-cache,no-store
content-length: 0
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H2

200

verify
scm.publishers.tremorhub.com/pubsync/
Redirect Chain

https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D

43 B
182 B

100ms
90ms

Image
image/gif

2600:1f18:612b:4216:25d9:1223:9f5d:e330
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Server: 2600:1f18:612b:4216:25d9:1223:9f5d:e330 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

Redirect headers

location: pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
date: Mon, 18 Apr 2022 16:09:18 GMT
server: Apache-Coyote/1.1
content-length: 0
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

GET
H/1.1 204
No Content smaato
cs.admanmedia.com/sync/ 0
225 B 279ms
93ms Image
text/plain 8.2.111.137
NATCOWEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.admanmedia.com/sync/smaato?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fac%3D{$UID}

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

8.2.111.137 , United States, ASN46636 (NATCOWEB, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 16:09:18 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Server: nginx
Connection: keep-alive
X-Frame-Options: DENY
Content-Type: text/plain

GET
H2 204 /
loadeu.exelator.com/load/ 0
324 B 114ms
35ms Image
text/plain 34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=204&g=1300&j=0
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame A1DB 90 KB
33 KB 35ms
8ms Script
text/javascript 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 09:34:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 282893
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33018
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 09:34:25 GMT

GET
H/1.1 200
OK fsk.css
static.freeskreen.com/css/20210107205009/default/ Frame A1DB 50 KB
29 KB 9ms
7ms Stylesheet
text/css 108.138.17.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/css/20210107205009/default/fsk.css
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 5DtU9pV9aPv90d5PMlXs6Og9O1cWT0Fu
Content-Encoding: gzip
ETag: "ba07184144408ada0c1691c69221a457"
Age: 45787
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28958
Last-Modified: Thu, 07 Jan 2021 20:54:53 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052891/ctime:1610052892/gid:497/gname:jenkins/md5:ba07184144408ada0c1691c69221a457/mode:33188/mtime:1610052892/uid:498/uname:jenkins
Date: Mon, 18 Apr 2022 03:26:11 GMT
Content-Type: text/css
Via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P7
Accept-Ranges: bytes
X-Amz-Cf-Id: ID2rGInjrGE1rHLnT1Af-fynKb2KjUYumOP8mi5TU-utu8Hm0sLNeg==

GET
H2 200 t.gif
sb.freeskreen.com/ Frame 8F86 43 B
413 B 33ms
32ms Image
image/gif 18.66.122.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650298158&p=2973&c=5318&ttm=1650298157575&s=&d=&v=&t=4d3d9046-d273-43e3-9c54-f4ae1376905b&co=null&pr=null&ci=null&dm=null&flc=2022&slc=&e=AdOpened&m=2&x=null
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-46.fra60.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: 9glsgjSImD0kc7YeVYS-lDTuIEaONW-8SNlsws2qw8Ke5ScHWCazKg==
expires: -1

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0FB1 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=458416&publicationId=lesoleil.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Origin: https://news.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 514957
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 12 Apr 2023 17:06:41 GMT

GET
H3 200 SlGXmQieoJcKemNecTA8PHFibxwQ.woff2
fonts.gstatic.com/s/volkhov/v15/ 25 KB
25 KB 10ms
9ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/volkhov/v15/SlGXmQieoJcKemNecTA8PHFibxwQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Volkhov:400,400i,700,700i|Work+Sans:400,500,600,700|Open+Sans:400,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1451aac59b2611961a53cafcc452d70159502bc2be8fd07fd997b6231f9123c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.lesoleil.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 18:33:21 GMT
x-content-type-options: nosniff
age: 509757
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25492
x-xss-protection: 0
last-modified: Mon, 24 Jan 2022 19:36:59 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 12 Apr 2023 18:33:21 GMT

OPTIONS
H2 200 /
activity.wisepops.com/ Frame 0
0 170ms
129ms Preflight 2606:4700:20::ac43:4adc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://activity.wisepops.com/?v=1.1.0&site=sarejKhu5Y&session=a51fd1fb-30b6-47b3-9a98-5c0311df639b
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4adc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.lesoleil.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cf-cache-status: DYNAMIC
cf-ray: 6fdeaa03afef9261-FRA
content-length: 0
date: Mon, 18 Apr 2022 16:09:18 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9sU40H8S6oLIOc%2BSmJUc%2B0d%2Bza5pXx7eqiTkyKJLIbLF1hd%2FZ2VuG%2FFjZtZAZx7nLzAgfVobNd6VyWKvfLjSNTS%2FanRMn9Zj%2By4yPo35ZH1kg6KD0dzyHVid9nc5iHygpa9eTFdzqJ4ffe03LBdnOYc8Yg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 my-wisepop Show response
popup.wisepops.com/ 282 B
829 B 210ms
174ms XHR
application/json 2606:4700:20::681a:a13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://popup.wisepops.com/my-wisepop
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c3ad1159a8d126a9c87d5eae7c56662e01d39ab45db8d3074406a3bfc013655

Request headers

Accept: application/json
Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST, GET
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqJyc4hDdCXFiXkABG0ZnjYbSM1XneO%2FMxoUqAnhK4ibLmKaOwVz9%2F68gpbSPCHu%2FKEMdLumoQMD3UMqfHpmUu7m2iJpmCPyNgvjbYGUUN6c9MIN8gaEW5AvOQ1ret30mZmeJ0Ia%2BKpOeASdpNCxfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cloud-trace-context: d4e47d3b5c98be192749e3fd65e8f5d6
cache-control: no-store
cf-ray: 6fdeaa039af29025-FRA
access-control-allow-headers: *

POST
H2 200 / Show response
activity.wisepops.com/ 0
270 B 122ms
111ms XHR
text/plain 2606:4700:20::ac43:4adc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://activity.wisepops.com/?v=1.1.0&site=sarejKhu5Y&session=a51fd1fb-30b6-47b3-9a98-5c0311df639b
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4adc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 18 Apr 2022 16:09:18 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o40QeiVUATHP69Lc%2FOGEA%2F67b2R6lA5Xo9Ni0fORobD9iWjw3WmsuEY4ccLRFhq9PlcnDhcoGSSTW8WPwI4zgbxKO07S6AypecjnfNaaT8gIvIfgWu3%2F6jZ%2F41ygF9iMYEM9g9Ls8dnXzrNGQyGPSRW2NQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 6fdeaa0489549261-FRA
content-length: 0

GET
H3 200 pubads_impl_2022041401.js Show response
securepubads.g.doubleclick.net/gpt/ 362 KB
123 KB 25ms
9ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041401.js?cb=31067133

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

108a5ee6306c726271c490dceca48e5fb5a148ea41fcb9fe55cd5d348f16eb57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 11:28:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16837
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125916
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 08:34:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 18 Apr 2023 11:28:41 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 104 B
119 B 31ms
16ms XHR
application/json 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.lesoleil.com

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

ac101dd94466399243204a7c32682d80919a5277fae74f6923f26b6c27cc5bfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 18 Apr 2022 16:09:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94
x-xss-protection: 0
expires: Mon, 18 Apr 2022 16:09:18 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 1592ms
1548ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-86531657-10&cid=280926878.1650298158&jid=231913250&_u=YGBAgEABAAAAAE~&z=1365891496

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 1586ms
1543ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-86531657-10&cid=280926878.1650298158&jid=231913250&_u=YGBAgEABAAAAAE~&z=1365891496

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 1885848694823161 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 96ms
85ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1885848694823161?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5fb073d3b881549acaa67ff3b9923ee9e74bde86deccb93e36a8fc2cacf29a6b

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: UbEaBJTNlQ5BSU8xLV9ihIsC7KlSyqzjI4ZS9NPBacGKxYZ+PlGc29MT8qaakWkKLB+AlVWuIkZgWD3XkT+2ew==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 18 Apr 2022 16:09:18 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 22ms
18ms Ping
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-FDLYVLLX4S&gtm=2oe4d0&_p=2113296135&_z=ccd.FAB&cid=280926878.1650298158&ul=en-us&sr=1600x1200&_s=1&sid=1650298157&sct=1&seg=0&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FDLYVLLX4S&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.lesoleil.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 40ms
27ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=gtm.init_consent&eid=11&ut=C&tc=16&z=0

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 52ms
39ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=gtm.init&eid=12&ut=C&tc=16&tr=1setproductsettings.1ogteventsettings.1ogtgooglesignals&ti=2setproductsettings.2ogteventsettings.2ogtgooglesignals&z=0

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 53ms
41ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=gtm.js&eid=13&ut=C&tc=16&tr=1gct.1lcl.1lcl.1ehl&ti=1gct.1lcl.1lcl.1ehl&z=0

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 66ms
53ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=*&eid=21&ut=C&tc=16&z=0

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 64ms
52ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=*&eid=29&ut=C&tc=16&z=0

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:18 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=byfTOb,lsjVmc,xUdipf,blwjVc,fKUV3e,aurFic,COQbmf,ws9Tlc,U0aPgd,zG9H6c,LEikZe,NwH0H,OmgaI,gychg,VWuaCc,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.vwYO-YZjiRU.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.9PGVPBUWU_E.L.B1... Frame 0FB1 130 KB
44 KB 34ms
12ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.vwYO-YZjiRU.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.9PGVPBUWU_E.L.B1.O/am=GAAQ/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI54jeS7b4hjHazoA6uZqxASRe327w/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;iFQyKf:vfuNJf;dIoSBb:SpsfSb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;NPKaK:SdcwHb;pXdRYb:MdUzUe;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=byfTOb,lsjVmc,xUdipf,blwjVc,fKUV3e,aurFic,COQbmf,ws9Tlc,U0aPgd,zG9H6c,LEikZe,NwH0H,OmgaI,gychg,VWuaCc,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.vwYO-YZjiRU.es5.O/am=GAAQ/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5gqaARr9jj4GPCYtRJvaIUCqOg-g/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

99eec0f350874ace46e3d4978e5676bbce0947bb20ac9e6718e5fc898caee895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 19:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44743
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 03:01:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 19:30:25 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.vwYO-YZjiRU.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.9PGVPBUWU_E.L.B1... Frame 0FB1 17 KB
7 KB 22ms
11ms Script
text/javascript 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.vwYO-YZjiRU.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.9PGVPBUWU_E.L.B1.O/am=GAAQ/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,VWuaCc,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI54jeS7b4hjHazoA6uZqxASRe327w/ee=cEt90b:ws9Tlc;rXjWyb:VWuaCc;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;iFQyKf:vfuNJf;dIoSBb:SpsfSb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;Oj465e:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;NPKaK:SdcwHb;pXdRYb:MdUzUe;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a3bbc0693373bc4cfbd609d3c2179efed79b161f30a1758d23d5ee2c081561e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 19:30:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 247133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7268
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 03:01:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 19:30:25 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 29F3 32 KB
10 KB 8ms
7ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9130bafafbeee56d02271fdd5a7db6f2e15e839f8b64faad15a08610a93d7119

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 16:09:18 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=25277
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9541
Expires: Mon, 18 Apr 2022 23:10:35 GMT

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 45ms
19ms XHR
text/plain 2a00:1450:400c:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-86531657-4&cid=280926878.1650298158&jid=875890335&gjid=1642142217&_gid=1766050049.1650298158&_u=YGDAAEABAAAAAG~&z=2126367318

Requested by

Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c09::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 18 Apr 2022 16:09:18 GMT
content-type: text/plain
access-control-allow-origin: https://www.lesoleil.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK player-hb.js Show response
static.freeskreen.com/scm/player/20211014b/ Frame A1DB 265 KB
68 KB 11ms
10ms Script
text/javascript 108.138.17.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/scm/player/20211014b/player-hb.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4af5765b7587881ef567c23d0aa9fcdbeff09e3354473ed56eca490f4df5ca30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 1a20JKKbfSum1GD_kgL27p_j3szFYaZQ
Content-Encoding: gzip
ETag: "409ad7e8925e1ea5584c81bef309f239"
Age: 16505
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 69058
Last-Modified: Thu, 14 Oct 2021 20:54:36 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1634244865/ctime:1634244872/gid:20/gname:staff/md5:409ad7e8925e1ea5584c81bef309f239/mode:33188/mtime:1634244865/uid:501/uname:mickael
Date: Mon, 18 Apr 2022 11:34:17 GMT
Content-Type: text/javascript
Via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P7
Accept-Ranges: bytes
X-Amz-Cf-Id: i03dmyppOfh33VHaDx2DzzNZgqH9H2gVppFVjQtsBZgni2vc_CWn1g==

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame ABBD
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=smartadserver&endpoint=eu
https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu

281 B
554 B

9ms
8ms

Document
text/html

23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Requested by: Host: ww1772.smartadserver.com
URL: https://ww1772.smartadserver.com/ac?pgid=662773&insid=7974420&tmstp=2322099698&out=js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.lesoleil.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2022 16:09:18 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Mon, 18 Apr 2022 16:09:18 GMT
location: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
server: AkamaiGHost

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame 29F3 284 B
536 B 44ms
10ms Image
image/jpg 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/jpg

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 1275ms
1274ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-86531657-4&cid=280926878.1650298158&jid=875890335&_u=YGDAAEABAAAAAG~&z=1469388433

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:20 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 801ms
801ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-86531657-4&cid=280926878.1650298158&jid=875890335&_u=YGDAAEABAAAAAG~&z=1469388433

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 35ms
8ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1885848694823161&ev=PageView&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&rl=&if=false&ts=1650298159037&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1650298159031.1628969908&it=1650298158717&coo=false&exp=p1&rqm=GET

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:19 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 18 Apr 2022 16:09:19 GMT

POST
H2 200 log Show response
play.google.com/ Frame 0FB1 131 B
672 B 44ms
18ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 18 Apr 2022 16:09:19 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 18 Apr 2022 16:09:19 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame ABBD 32 KB
10 KB 11ms
11ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9130bafafbeee56d02271fdd5a7db6f2e15e839f8b64faad15a08610a93d7119

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Mon, 18 Apr 2022 16:09:19 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=25276
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9541
Expires: Mon, 18 Apr 2022 23:10:35 GMT

GET
H/1.1 200
OK 2B9FAA34215E8F662454539B7C2FD14C.cache.js Show response
static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/ Frame A1DB 98 KB
34 KB 8ms
7ms Script
application/javascript 108.138.17.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/2B9FAA34215E8F662454539B7C2FD14C.cache.js
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.17.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-17-13.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7a41da1f7e70ad9aa4d7772e6cb239e50ecf944808eb73e6de07cdb92c2552c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: 3PIgB876VbZVlHUwnXSJVJ7NAqTCm2v1
Content-Encoding: gzip
ETag: "4444d8b2df068cd8be696adeacc34754"
Age: 46507
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 34116
Last-Modified: Thu, 07 Jan 2021 20:53:52 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1610052721/ctime:1610052830/gid:497/gname:jenkins/md5:4444d8b2df068cd8be696adeacc34754/mode:33188/mtime:1610052721/uid:498/uname:jenkins
Date: Mon, 18 Apr 2022 03:14:44 GMT
Content-Type: application/javascript
Via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P7
Accept-Ranges: bytes
X-Amz-Cf-Id: ewBDFI9aAercUmJ9QA2XB0GH_GNYKIHieDPMe6nkZ9wBqoJ0TOEerw==

GET
H2 200 t.gif
sb.freeskreen.com/ Frame A1DB 43 B
413 B 35ms
35ms Image
image/gif 18.66.122.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650298159&p=2973&c=3419&s=undefined&d=&v=&t=799c41bf-4d30-419d-8e52-1449b90703e3&co=null&pr=null&ci=null&dm=null&flc=2022&slc=&ttm=1650298157571&gdpr=0&gdpr_consent=&e=AdOpened&m=2&x=null
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-46.fra60.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: nYj-5UnNCysGU1LvilHMHORs0HF51TVl3VumPhGIDQJtodvp0BhlGQ==
expires: -1

GET
H/1.1 204
No Content sync.php
pixel-us-west.rubiconproject.com/exchange/ Frame 29F3 0
239 B 679ms
155ms Image
image/gif 8.39.36.142
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=123456
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 8.39.36.142 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 0963d041a95f271fbba7f411adc03573
Content-Type: image/gif

POST
H3 200 batchexecute Show response
news.google.com/_/SubscribewithgoogleClientUi/data/ Frame 0FB1 247 B
223 B 46ms
46ms XHR
application/json 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&source-path=%2Fswg%2F_%2Fui%2Fv1%2Fserviceiframe&f.sid=3091221200088228700&bl=boq_subscribewithgoogleclientserver_20220414.09_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=58160&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6e85ea36686d874be243ed40f2d1f836f175da12a73adaf77bb1135132fbd3c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 18 Apr 2022 16:09:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame ABBD 284 B
536 B 10ms
10ms Image
image/jpg 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/jpg

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame ABBD 0
239 B 129ms
15ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=smartadserver
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=eu
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 8f052d4f888ae4e0626c5f819879cacd
Content-Type: image/gif

POST
H3 200 log Show response
play.google.com/ Frame 0FB1 131 B
155 B 55ms
41ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 18 Apr 2022 16:09:19 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 18 Apr 2022 16:09:19 GMT

POST
H3 200 log Show response
play.google.com/ Frame 0FB1 131 B
155 B 55ms
41ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 18 Apr 2022 16:09:19 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 18 Apr 2022 16:09:19 GMT

POST
H3 200 log Show response
play.google.com/ Frame 0FB1 131 B
155 B 51ms
36ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Mon, 18 Apr 2022 16:09:19 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Mon, 18 Apr 2022 16:09:19 GMT

GET
H2 200 tag Show response
pc213-6jd3k.ads.tremorhub.com/ad/ Frame A1DB 55 B
502 B 364ms
117ms XHR
application/json 2600:1f18:612b:4200:2ae2:c11e:eaf6:5e5d
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pc213-6jd3k.ads.tremorhub.com/ad/tag?adCode=pc213-h8igm&playerWidth=544&playerHeight=305&playerPosition=3&srcPageUrl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&gdpr=0&gdpr_consent=&custom=3419&c2=fr-ca&floor=USD:5&us_privacy=&fmt=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4200:2ae2:c11e:eaf6:5e5d Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 2df6bc31be1114b21fbf5d2239bf1f4ff834594c856f43b1221d8f06c6f71460

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.lesoleil.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: application/json;charset=UTF-8

GET
H2 204 bid Show response
ads.freeskreen.com/ Frame A1DB 0
198 B 413ms
192ms XHR
text/plain 54.173.181.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.freeskreen.com/bid?pid=2973&tid=799c41bf-4d30-419d-8e52-1449b90703e3&w=544&h=305&u=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ip=138.199.38.132&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F100.0.4896.75%20Safari%2F537.36&g_co=null&g_p=null&g_ci=null&g_d=null&s_1=2022&s_2=&cid=3419&sid=undefined&vid=298&did=98772&pf=500&ttm=1650298157571&eu_c=&eu_g=0&eu_ggl=0
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.181.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-181-170.compute-1.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/xml, text/xml, */*; q=0.01
Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
server: Apache-Coyote/1.1
access-control-allow-methods: GET
access-control-allow-origin: https://www.lesoleil.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
expires: -1

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 33ms
16ms Preflight
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Mon, 18 Apr 2022 16:09:19 GMT
expires: Mon, 18 Apr 2022 16:09:19 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 32ms
16ms Preflight
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Mon, 18 Apr 2022 16:09:19 GMT
expires: Mon, 18 Apr 2022 16:09:19 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

OPTIONS
H3 200 log
play.google.com/ Frame 0
0 29ms
15ms Preflight
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: x-goog-authuser
Access-Control-Request-Method: POST
Origin: https://news.google.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://news.google.com
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/plain; charset=UTF-8
date: Mon, 18 Apr 2022 16:09:19 GMT
expires: Mon, 18 Apr 2022 16:09:19 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
server: Playlog
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 / Show response
www.facebook.com/tr/ Frame C212 0
18 B 40ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.lesoleil.com
Referer: https://www.lesoleil.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.lesoleil.com
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 18 Apr 2022 16:09:19 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 t.gif
sb.freeskreen.com/ Frame A1DB 43 B
413 B 33ms
33ms Image
image/gif 18.66.122.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650298159&p=2973&c=3419&s=undefined&d=323532&v=9316&t=799c41bf-4d30-419d-8e52-1449b90703e3&co=null&pr=null&ci=null&dm=null&flc=2022&slc=&ttm=1650298157571&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Fpc213-6jd3k.ads.tremorhub.com%2Fad%2Ftag%3FadCode%3Dpc213-h8igm%26playerWidth%3D544%26playerHeight%3D305%26playerPosition%3D3%26srcPageUrl%3Dhttps%253A%252F%252Fwww.lesoleil.com%252F2022%252F04%252F17%252Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34%26gdpr%3D0%26gdpr_consent%3D%26custom%3D3419%26c2%3Dfr-ca%26floor%3DUSD%3A5%26us_privacy%3D%26fmt%3Djson
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-46.fra60.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: aHMbqxY4yySloaARXfxEMgGcYDbT0is2xWX9EajTPLLDMnHL-_o1FA==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame A1DB 43 B
414 B 37ms
36ms Image
image/gif 18.66.122.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650298159&p=2973&c=3419&s=undefined&d=98772&v=298&t=799c41bf-4d30-419d-8e52-1449b90703e3&co=null&pr=null&ci=null&dm=null&flc=2022&slc=&ttm=1650298157571&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Fads.freeskreen.com%2Fbid%3Fpid%3D2973%26tid%3D799c41bf-4d30-419d-8e52-1449b90703e3%26w%3D544%26h%3D305%26u%3Dhttps%253A%252F%252Fwww.lesoleil.com%252F2022%252F04%252F17%252Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34%26ip%3D138.199.38.132%26ua%3DMozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F100.0.4896.75%2520Safari%252F537.36%26g_co%3Dnull%26g_p%3Dnull%26g_ci%3Dnull%26g_d%3Dnull%26s_1%3D2022%26s_2%3D%26cid%3D3419%26sid%3Dundefined%26vid%3D298%26did%3D98772%26pf%3D500%26ttm%3D1650298157571%26eu_c%3D%26eu_g%3D0%26eu_ggl%3D0
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-46.fra60.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: ubDVYiPFcpDFBGOS_seQmSKr4sCLSBQG4w4HTqBdZXmK87qt6PHKWQ==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame A1DB 43 B
414 B 39ms
38ms Image
image/gif 18.66.122.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650298159&p=2973&c=3419&s=undefined&d=98772&v=298&t=799c41bf-4d30-419d-8e52-1449b90703e3&co=null&pr=null&ci=null&dm=null&flc=2022&slc=&ttm=1650298157571&gdpr=0&gdpr_consent=&e=VastEmpty&m=1&x=
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-46.fra60.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: ZsQJznHTXmrpisL9Nz0HfjFU4gk7U_oLfXOjfDS34cCFDGoTyp9-4Q==
expires: -1

GET
H2 200 t.gif
sb.freeskreen.com/ Frame A1DB 43 B
412 B 37ms
37ms Image
image/gif 18.66.122.46
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.freeskreen.com/t.gif?tm=1650298159&p=2973&c=3419&s=undefined&d=&v=&t=799c41bf-4d30-419d-8e52-1449b90703e3&co=null&pr=null&ci=null&dm=null&flc=2022&slc=&ttm=1650298157571&gdpr=0&gdpr_consent=&e=VideoError&m=1&x=ErrorNoPlayableAd
Requested by: Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-46.fra60.r.cloudfront.net
Software: Apache/2.4.29 (Ubuntu) /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:19 GMT
via: 1.1 1662abbf731d8832e73c83b2467e7f38.cloudfront.net (CloudFront)
server: Apache/2.4.29 (Ubuntu)
x-amz-cf-pop: FRA60-P2
x-cache: Miss from cloudfront
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
cache-control: no-cache, no-store
content-type: image/gif
content-length: 43
x-amz-cf-id: Yb6NalQJSstpysofKXey1QjMbafDjkCvVuto5lOb317yqBmdpRQmew==
expires: -1

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 19ms
17ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=gtm.formSubmit&eid=65&u=C&ut=C&tc=16&z=0

Requested by

Host: www.lesoleil.com
URL: https://www.lesoleil.com/2022/04/17/une-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:20 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 page.gif
track.customer.io/events/ 35 B
210 B 171ms
111ms Image
image/gif 35.227.225.220
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.customer.io/events/page.gif?name=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&data%5Bwidth%5D=1600&data%5Bheight%5D=1200&c=&s=8dc4ec87-64ed-0234-098f-db1d699ed660&site_id=b1dbf47836a3fae04e51&timestamp=1650298160350
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.225.220 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 220.225.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 18 Apr 2022 16:09:20 GMT
via: 1.1 google
access-control-allow-origin: *
content-type: image/gif
status: 200 OK
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-transfer-encoding: binary
content-disposition: attachment
alt-svc: clear
content-length: 35

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 20ms
19ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=gtm.load&eid=71&u=C&ut=C&tc=16&tr=1sdl.5sdl&ti=1sdl.1sdl&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:20 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 201 view5 Show response
analytics360.omerloclients.com/ 8 B
391 B 315ms
313ms Fetch
application/json 18.66.139.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics360.omerloclients.com/view5
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-67.fra60.r.cloudfront.net
Software: /
Resource Hash: bebe9f7520f45e551824558d8c8291c429a32f508c9a6a42b9bfa91a062e53de

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
X-Api-Key: 556e98ed302e4c53b6bc3ee69ebdd39f
Content-Type: application/json

Response headers

date: Mon, 18 Apr 2022 16:09:22 GMT
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: 8b5adf97-b932-4ea3-953c-c6a5b4358377
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-amzn-trace-id: Root=1-625d8d32-7be83b556e1a284d294d542a;Sampled=0
x-amz-apigw-id: QyL_8FwqoAMFyFA=
content-length: 8
x-amz-cf-id: jVL_yRhJlH_SA20y1jDnzsAUYNk5z7GfXSMjhTjzlfYvuZyyRPxZBw==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
8ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Article&ea=View5&el=cf2b5b903b414656c2d16992c6bf0c34&_u=aGDAiEABBAAAAG~&jid=&gjid=&cid=280926878.1650298158&tid=UA-86531657-10&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&cd3=0&cd5=0&cd6=Jim%20Bronskill&cd7=Actualit%C3%A9s&z=1317992533

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79415
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 9ms
9ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79415
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 view5
analytics360.omerloclients.com/ Frame 0
0 282ms
281ms Preflight
application/json 18.66.139.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics360.omerloclients.com/view5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-67.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.lesoleil.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Mon, 18 Apr 2022 16:09:22 GMT
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-apigw-id: QyL_5HWNoAMFk6g=
x-amz-cf-id: WlKnYvUpxMiit8vmXKP_11gvfueIk-D_ZR0m64XR3WGVbjosD3ZmVw==
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: cd3fd4d6-005b-433b-bafa-11ce4924d45b
x-cache: Miss from cloudfront

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 16ms
16ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=*&eid=77&u=C&ut=C&tc=16&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:22 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 201 view10 Show response
analytics360.omerloclients.com/ 8 B
387 B 332ms
328ms Fetch
application/json 18.66.139.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics360.omerloclients.com/view10
Requested by: Host: gcm-production2.omerloclients.com
URL: https://gcm-production2.omerloclients.com/assets/vendor-d06260cb0611cf721d8848baa7d70649.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-67.fra60.r.cloudfront.net
Software: /
Resource Hash: bebe9f7520f45e551824558d8c8291c429a32f508c9a6a42b9bfa91a062e53de

Request headers

Referer: https://www.lesoleil.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
X-Api-Key: 556e98ed302e4c53b6bc3ee69ebdd39f
Content-Type: application/json

Response headers

date: Mon, 18 Apr 2022 16:09:27 GMT
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: 9e2ce3ef-5dbd-4247-8b2f-e776d4506d0b
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-amzn-trace-id: Root=1-625d8d37-68da08c44df80196150c6ab0;Sampled=0
x-amz-apigw-id: QyMAuFZroAMFxIQ=
content-length: 8
x-amz-cf-id: rg31MDmj8VGrcxNV7egqcQtm5wjqq5w7YFaF6siRgp9fd5sgE5G8ug==

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 16ms
15ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=2113296135&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.lesoleil.com%2F2022%2F04%2F17%2Fune-cyberattaque-sophistiquee-contre-rideau-hall-selon-des-documents-internes-cf2b5b903b414656c2d16992c6bf0c34&ul=en-us&de=UTF-8&dt=Une%20cyberattaque%20%C2%ABsophistiqu%C3%A9e%C2%BB%20contre%20Rideau%20Hall%2C%20selon%20des%20documents%20internes%20%7C%20Politique%20%7C%20Actualit%C3%A9s%20%7C%20Le%20Soleil%20-%20Qu%C3%A9bec&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Article&ea=View10&el=cf2b5b903b414656c2d16992c6bf0c34&_u=aGDAiEABBAAAAG~&jid=&gjid=&cid=280926878.1650298158&tid=UA-86531657-10&_gid=1766050049.1650298158&gtm=2wg4d0MRPMG73&cd3=0&cd5=0&cd6=Jim%20Bronskill&cd7=Actualit%C3%A9s&z=2081673379

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79420
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 25ms
25ms Image
image/gif 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 17 Apr 2022 18:05:47 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79420
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 view10
analytics360.omerloclients.com/ Frame 0
0 288ms
287ms Preflight
application/json 18.66.139.67
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics360.omerloclients.com/view10
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.139.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-139-67.fra60.r.cloudfront.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key
Access-Control-Request-Method: POST
Origin: https://www.lesoleil.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods: OPTIONS,POST
access-control-allow-origin: *
content-length: 0
content-type: application/json
date: Mon, 18 Apr 2022 16:09:27 GMT
via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
x-amz-apigw-id: QyMAsEf2IAMF3QQ=
x-amz-cf-id: ZfLXOm-mcKJS8fw_ET0pKTboVsJGM9uHARWMR3hoaNJXqpGPL-f53g==
x-amz-cf-pop: FRA60-P4
x-amzn-requestid: 853b44bd-ad0c-4b2c-8185-5795a4f675c8
x-cache: Miss from cloudfront

GET
H3 204 a
www.googletagmanager.com/ 0
17 B 20ms
20ms Image
image/gif 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?id=G-FDLYVLLX4S&cv=1&v=3&t=t&pid=931962251&rv=4d0&es=1&e=*&eid=85&u=C&ut=C&tc=16&z=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.lesoleil.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 18 Apr 2022 16:09:27 GMT
server: Google Tag Manager
vary: *
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.lesoleil.com
URL: https://www.lesoleil.com/sw.js

Verdicts & Comments Add Verdict or Comment

143 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.lesoleil.com/2022/04/17	1969-12-31 23:59:59	Name: wisepops_activity_session Value: %7B%22id%22%3A%22a51fd1fb-30b6-47b3-9a98-5c0311df639b%22%2C%22start%22%3A1650298158616%7D
.adnxs.com/	1970-01-20 04:34:34	Name: uuid2 Value: 8493798903846182861
.google.com/	1970-01-20 06:48:29	Name: NID Value: 511=UfbGL6D_TQnq9ammqALz_ouSPK87i_aWC9OPnhCfotFDggq9z0dkf6f5mODB4fn56Xq6bRSKwaHiaMMK_Ic8Hy6MG3UeTiEozkT-VAxQ-K1JJ3P6e0a8rCqxlJMsX-k7RilQ3_mH4KG3tUxsvAI-Qr35ERSKIZZggpn1D2KuYu4
www.lesoleil.com/	1969-12-31 23:59:59	Name: OmerloAnalytics.anonymousId Value: 0174a547-84de-4927-a4b3-7d6b5a56bd85
www.lesoleil.com/	1970-01-20 02:42:43	Name: PaywallGuestConsumption Value: %7B%22allowed%22%3A3%2C%22paidContentConsumedCount%22%3A1%2C%22period%22%3A%22month%22%7D
.adnxs.com/	1970-01-20 04:34:34	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E><gJBAo!]tbP6j2F-XstGt!@Dm0$rPE3
.freeskreen.com/	1970-01-20 02:35:02	Name: a Value: MzQxOT0xfHw7NTMxOD0xfHw7
.freeskreen.com/	1970-01-20 02:35:02	Name: scmtid Value: "c2NtaWQ9ZWZmaGZiaWpjYWZnYnZwYUZkREdldWh8MTY1MDI5ODE1NzU1NA=="
www.lesoleil.com/	1970-01-20 02:24:58	Name: m32_pubgeo Value: JTdCJTIyaXAlMjIlM0ElMjIxMzguMTk5LjM4LjEzMiUyMiUyQyUyMmNvdW50cnlfY29kZSUyMiUzQSUyMkRFJTIyJTJDJTIyY291bnRyeV9uYW1lJTIyJTNBJTIyRGV1dHNjaGxhbmQlMjIlMkMlMjJyZWdpb25fY29kZSUyMiUzQSUyMkhFJTIyJTJDJTIycmVnaW9uX25hbWUlMjIlM0ElMjJIZXNzZW4lMjIlMkMlMjJjaXR5JTIyJTNBJTIyRnJhbmtmdXJ0JTIwYW0lMjBNYWluJTIyJTJDJTIydGltZV96b25lJTIyJTNBJTIyRXVyb3BlJTJGQmVybGluJTIyJTJDJTIybGF0aXR1ZGUlMjIlM0E1MC4xMTg4JTJDJTIybG9uZ2l0dWRlJTIyJTNBOC42ODQzJTJDJTIybWV0cm9fY29kZSUyMiUzQTAlMkMlMjJwb3N0YWxfY29kZSUyMiUzQSUyMjYwMzEzJTIyJTdE
.lesoleil.com/	1970-01-20 02:26:24	Name: _gid Value: GA1.2.1766050049.1650298158
.lesoleil.com/	1970-01-20 02:24:58	Name: _dc_gtm_UA-86531657-10 Value: 1
.lesoleil.com/	1970-01-20 02:24:58	Name: _gat_UA-86531657-4 Value: 1
.lesoleil.com/	1970-01-20 19:56:10	Name: wisepops Value: %7B%22csd%22%3A1%2C%22popups%22%3A%7B%7D%2C%22sub%22%3A0%2C%22ucrn%22%3A88%2C%22cid%22%3A%2250505%22%2C%22v%22%3A4%2C%22bandit%22%3A%7B%22recos%22%3A%7B%7D%7D%7D
.lesoleil.com/	1970-01-20 19:56:10	Name: wisepops_visits Value: %5B%222022-04-18T16%3A09%3A17.700Z%22%5D
.lesoleil.com/	1969-12-31 23:59:59	Name: wisepops_session Value: %7B%22arrivalOnSite%22%3A%222022-04-18T16%3A09%3A17.700Z%22%2C%22mtime%22%3A1650298158610%2C%22pageviews%22%3A1%2C%22popups%22%3A%7B%7D%2C%22bars%22%3A%7B%7D%2C%22countdowns%22%3A%7B%7D%2C%22src%22%3Anull%2C%22utm%22%3A%7B%7D%2C%22testIp%22%3Anull%7D
.lesoleil.com/	1970-01-20 19:56:10	Name: _ga_FDLYVLLX4S Value: GS1.1.1650298157.1.0.1650298157.0
.lesoleil.com/	1970-01-20 04:34:34	Name: _fbp Value: fb.1.1650298159031.1628969908
.lesoleil.com/	1970-01-20 11:10:34	Name: _cioanonid Value: 8dc4ec87-64ed-0234-098f-db1d699ed660
.lesoleil.com/	1970-01-20 19:56:10	Name: _ga Value: GA1.2.280926878.1650298158

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

activity.wisepops.com
ads.freeskreen.com
ads.pubmatic.com
ajax.googleapis.com
analytics360.omerloclients.com
apis.google.com
assets.customer.io
c.amazon-adsystem.com
cdn.jsdelivr.net
connect.facebook.net
cs.admanmedia.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gcm-production2.omerloclients.com
gcm.omerlocdn.com
geoloc.m32.media
images.omerlocdn.com
loader.wisepops.com
loadeu.exelator.com
news.google.com
pc213-6jd3k.ads.tremorhub.com
pixel-eu.rubiconproject.com
pixel-us-west.rubiconproject.com
play.google.com
popup.wisepops.com
rdc.m32.media
sb.freeskreen.com
scm.publishers.tremorhub.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
static.freeskreen.com
stats.g.doubleclick.net
sync.smartadserver.com
token.rubiconproject.com
track.customer.io
weather.omerloclients.com
ww1772.smartadserver.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.lesoleil.com
www.lesoleil.com
108.138.17.13
108.138.3.177
108.138.7.49
13.32.121.5
13.32.121.54
13.32.99.4
142.250.185.66
18.66.122.46
18.66.139.67
185.86.137.113
185.86.139.113
23.205.235.133
23.35.236.201
2600:1f18:612b:4200:2ae2:c11e:eaf6:5e5d
2600:1f18:612b:4216:25d9:1223:9f5d:e330
2600:9000:223c:4400:11:9cfd:9400:93a1
2600:9000:236e:e600:1d:9f81:51c0:93a1
2606:4700:20::681a:a13
2606:4700:20::ac43:4adc
2606:4700::6810:5814
2a00:1450:4001:802::200e
2a00:1450:4001:808::2003
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:812::200a
2a00:1450:4001:827::2003
2a00:1450:4001:828::200a
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::200e
2a00:1450:400c:c09::9c
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
34.254.143.3
35.227.201.248
35.227.225.220
35.227.246.163
37.252.172.250
54.173.181.170
69.173.144.139
8.2.111.137
8.39.36.142
96.16.141.156
05cc12ba65eab7b80323c9495fcddf6d89a85ea33c32c8ed8eaa3947253160bc
069f695140cae015bfd9f54836c257da65969097a565500f49adb1a262ae6719
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06ea397a1c521ecd714b10b293ebb632dab3427f5ef12d2917424f2888164f22
086f1c868f8f769ef0039b238b415fc3c46d97e342309dc8c61cefb40868212e
108a5ee6306c726271c490dceca48e5fb5a148ea41fcb9fe55cd5d348f16eb57
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1451aac59b2611961a53cafcc452d70159502bc2be8fd07fd997b6231f9123c2
157f9a1d6165ed3c8d9a331da4ff096ee0acef49d0e87bbcdcffe69b1c4031d8
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1c3ad1159a8d126a9c87d5eae7c56662e01d39ab45db8d3074406a3bfc013655
209812faa749c2e8a6345e7bdf92a174329c8fee04ceeff0de543bcc12e958e3
21a98238ae8ce94d2ff7cc80bfbde428de1125f33d89bf11e9cee8112635567f
246968dfccf0e91e328ae654e6cb50595f05eb49fe12555bc2c18f15a6f4203a
25cbc8a8357f893fe7ee7d5d12b33daccd8f3244b86efb92575051cba51f655d
2cc0e95ec73aac5db61e54d0220192b8722217a769f9d3c87ff8fc994a6d0f50
2df6bc31be1114b21fbf5d2239bf1f4ff834594c856f43b1221d8f06c6f71460
31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e
33409666cfa50a4190ab5ad64c4dbec668dd90226908ab4c898e1a34583d9fae
3d4d62f3b219f0bf8e1a4f667501c6a8e2c9060c6f49bc2dc9e70fb23733674a
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
420cf4b339a69a9a3ffafbebd48db71dcdaf2ce3f74cadc2351ebc899e9b5f46
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ea0066992762110b18880e58f968fa5dc3af9a051c057a5e689bed7d47158d
481b2fb6ea4f714f9b58e143ddb63f973e0fc1b14a4d8213517b4451644c9fae
48314bca6a877c6ca70c34c4bd60020b3074cc017979239086489a16d1cee26b
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
49e90e0b934d3a353cf9c68e5971594386388d23a99d19726af18f4f60cd29a0
4af5765b7587881ef567c23d0aa9fcdbeff09e3354473ed56eca490f4df5ca30
4ed1b460ce0c6cc6c4a994071beb40412026adbec9f726201371d826401505a6
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
572848c8c30c46020959ee57e4e945b9525619ee1496c0250a3164a6976b5101
5d09b874a86b9b73767b7e9a63d6172d99f3b411943760a5c8838614ceaa726b
5dcffd379af91af6a46848d1f14685220173feaf8216a06c84bff788ab5f6ed2
5fb073d3b881549acaa67ff3b9923ee9e74bde86deccb93e36a8fc2cacf29a6b
604e7027286c010d4f0b64291b51b80b9d4df493077cd40e72c4da0db8580bbd
61a8d09ad402505ec098bf2f631f477e26d20dea6484c96e55a46b7f10fafae8
6659edd30afbce2323bb2b3443be4e8a5258d1260d0e68fd99df4d828f0ff718
6af0baf64be18d0508e482b1995fc0793c372f338b1fff20e7cbc8a7480b367f
6c3664d624873d5ce0348175782a4250165ec1a540b31d84ce1180b172ef14ef
765618d1667ba791f2d492d121d2da42ff7d7e079a4773462a381ac9aceab0c5
772fa5a279ecad537bea7d71690183408a9aff38f71a094a2dff5698c724d9f8
7a41da1f7e70ad9aa4d7772e6cb239e50ecf944808eb73e6de07cdb92c2552c6
7a5a84e98d7dd2e4090fb5f006854d1df497956cc9ffb5419011c9b16d1b8cc7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8399e9c702512d0a428f47ac6e07fd6fbce30ab3d386829835530639caebb211
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88816b4e9d2b1e7455a8edb3b081950d1be6c35f4da7af91a166b9c9a8f1edb3
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8a1725deefe80c11945877868111dabbc2a552e3b82fa5c15c0bef9cd206c810
8a3bbc0693373bc4cfbd609d3c2179efed79b161f30a1758d23d5ee2c081561e
8df4ae884667dbc5f42da9f26e950324fcb2741cf39f7ae0b7c0307bd42875fe
9130bafafbeee56d02271fdd5a7db6f2e15e839f8b64faad15a08610a93d7119
95056cde8fc60350eece66c30a6b3926915d469ad7f55ab883d8d3ca033f0f39
99eec0f350874ace46e3d4978e5676bbce0947bb20ac9e6718e5fc898caee895
9a9741eec47b8cad398506cff0b397017e4707746190f950ded4401f8dd175b5
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a21d0870a736a7bf9869b1e72767c210b0785c99226c0c17d0a7773693616a08
a28a7909e8f0cf80f78bcdd264e45d97592903202da1ddce78f06a120e82527d
a6e85ea36686d874be243ed40f2d1f836f175da12a73adaf77bb1135132fbd3c
a9f52ff38b671059aaf2f8f95b7b15a14ec9c5ebbe68163c572d72787d7ffa15
ac101dd94466399243204a7c32682d80919a5277fae74f6923f26b6c27cc5bfb
ad705785599c3fb1d7e101eea1747d4f1c7ff9c4c8e74cd7f03d5c2d1f0f34c4
b102fc918f837700d56d7582ee5e8d1ab8e5b85d072cc4a245c4e81174a3e99e
b2ddc2506ebb82906c49c0c8eacac7f810f8f85803a2baa92dfe8547630dcea0
b369199a64f2c100cfba46ea9b4bdfc807bd7a164307905edfcdd381f06d0526
b9ba2a1f10f1450dd48433336d8002910eb96242553664ec814e23542e47b425
bde06a0400c168573473e2de967d842eec383f2f755aef4ec017b2f333e7ff85
bebe9f7520f45e551824558d8c8291c429a32f508c9a6a42b9bfa91a062e53de
bf604a2452aa95b02d12e3d2873cd1847fdc1508234277f42788e84b93dafe83
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c38398144d1be0acf7b2200b31f6ecdf4f89f2f6550f89a7886c2ce9c17b0287
c6646ddd5665bcc1f6d6f16878626c562e9e20481de1b2f26af299a620f49788
c748de5b3a4fc12f6a1a5366604e6208c9299d67031d73bf7845cec09dacb71c
d68e1008f0358d11f607300363e565473f9f18c0e60bea178d12d7bf81f2207b
da1240738eef80e8630a5749b9258e33d7669859ba8a5ed1da81978092ed03af
da741b0c80dfaf7527a9e787d8a0a6ab3a1c35b2b6e696979744287f8b34c62c
dc7a8eb4fbb940aafff5ffd4a09c4e4e2bc84de5738354f1914e8d91e87cad94
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e08b0ff7f2bb5dee049a32dab138af86d7eb7a613c98f61cf08eb703ebc5908e
e0c5465f459500c3eacbdf79bde16c8ea7d9881422dd11ac7be5f62b61fa2e16
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec98c39f5c2d07120b2958675d626739610d6f8759a923a08b3392043d30f095
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f014ab6831432be7cd3c191b88d6d3b4c1a05ba510620d0f202e02c59a016726
f64a2cf77dc91e4362a2d41df0bd881632856dd4fc6a324736168e885b776533

www.lesoleil.com Open in urlscan Pro 2600:9000:236e:e600:1d:9f81:51c0:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

146 Requests

97 %HTTPS

47 %IPv6

25 Domains

46 Subdomains

43 IPs

5 Countries

2719 kBTransfer

8904 kBSize

19 Cookies

110 Outgoing links

Redirected requests

146 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.lesoleil.com Open in urlscan Pro
2600:9000:236e:e600:1d:9f81:51c0:93a1 Public Scan

Screenshot
Live screenshot

Full Image

146
Requests

97 %
HTTPS

47 %
IPv6

25
Domains

46
Subdomains

43
IPs

5
Countries

2719 kB
Transfer

8904 kB
Size

19
Cookies

146 HTTP transactions
0 data transactions