web.koho.ca Open in urlscan Pro
104.18.6.38 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://web.koho.ca/
Effective URL:
https://web.koho.ca/
Submission: On November 12 via api (November 12th 2024, 6:15:44 pm UTC) from CA — Scanned from CA

Summary HTTP 129 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 39 IPs in 2 countries across 33 domains to perform 129 HTTP transactions. The main IP is 104.18.6.38, located in and belongs to CLOUDFLARENET, US. The main domain is web.koho.ca.
TLS certificate: Issued by WE1 on September 20th 2024. Valid for: 3 months.

This is the only time web.koho.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	104.18.6.38 104.18.6.38	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	108.139.47.42 108.139.47.42	16509 (AMAZON-02) (AMAZON-02)
1	108.138.128.21 108.138.128.21	16509 (AMAZON-02) (AMAZON-02)
6	23.49.248.20 23.49.248.20	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a04:4e42:600... 2a04:4e42:600::396	54113 (FASTLY) (FASTLY)
1	34.117.162.98 34.117.162.98	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::ac43:1c5d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.193.140 151.101.193.140	54113 (FASTLY) (FASTLY)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
7	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
6	151.101.194.217 151.101.194.217	54113 (FASTLY) (FASTLY)
1	151.101.128.176 151.101.128.176	54113 (FASTLY) (FASTLY)
3	34.120.195.249 34.120.195.249	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	13.249.86.140 13.249.86.140	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:310... 2606:4700:310c::ac42:2caf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:20:... 2606:4700:20::681a:c5f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.102.147.248 34.102.147.248	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 23	192.225.158.1 192.225.158.1	30286 (THM) (THM)
2	151.101.192.176 151.101.192.176	54113 (FASTLY) (FASTLY)
1	2606:4700:310... 2606:4700:310c::ac42:2f51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:1ef6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	192.225.158.3 192.225.158.3	30286 (THM) (THM)
3	2607:f8b0:400... 2607:f8b0:4006:80e::2008	15169 (GOOGLE) (GOOGLE)
1	108.139.29.53 108.139.29.53	16509 (AMAZON-02) (AMAZON-02)
6	2607:f8b0:400... 2607:f8b0:4006:816::200e	15169 (GOOGLE) (GOOGLE)
2	52.25.130.112 52.25.130.112	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4004:c17::9b	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:36::181	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:823::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80f::2004	15169 (GOOGLE) (GOOGLE)
4	34.203.87.70 34.203.87.70	14618 (AMAZON-AES) (AMAZON-AES)
1	13.249.91.44 13.249.91.44	16509 (AMAZON-02) (AMAZON-02)
2	108.139.47.114 108.139.47.114	16509 (AMAZON-02) (AMAZON-02)
2	3.88.98.219 3.88.98.219	14618 (AMAZON-AES) (AMAZON-AES)
129	39

17 104.18.6.38 (None, )

ASN13335 (CLOUDFLARENET, US)

web.koho.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
webgateway.koho.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.47.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-42.jfk50.r.cloudfront.net

websdk.appsflyer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.128.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-21.jfk50.r.cloudfront.net

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.49.248.20 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-49-248-20.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:600::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.162.98 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 98.162.117.34.bc.googleusercontent.com

pixel.byspotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:1c5d (United States)

ASN13335 (CLOUDFLARENET, US)

pixel.switchgrowth.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.194.217 (San Francisco, United States)

ASN54113 (FASTLY, US)

app.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.128.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com

o36260.ingest.sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.249.86.140 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-86-140.jfk52.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:310c::ac42:2caf (United States)

ASN13335 (CLOUDFLARENET, US)

solve-widget.forethought.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:c5f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.equalweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.147.248 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 248.147.102.34.bc.googleusercontent.com

tag.rmp.rakuten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 192.225.158.1 (United States) 1 redirects

ASN30286 (THM, US)

h.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.192.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:310c::ac42:2f51 (United States)

ASN13335 (CLOUDFLARENET, US)

solve-widget.forethought.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:1ef6 (United States)

ASN13335 (CLOUDFLARENET, US)

api.kohoanalytics.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.225.158.3 (United States)

ASN30286 (THM, US)

2ulrybyxacxpl7ce4qzlyr62rfeeeqn7raawf3ftabbf13a37184065dsac.d.aa.online-metrix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80e::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.139.29.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-53.jfk50.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:816::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.25.130.112 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-130-112.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::9b (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80f::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.203.87.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-203-87-70.compute-1.amazonaws.com

events.launchdarkly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.91.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-91-44.jfk52.r.cloudfront.net

widget.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.139.47.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-47-114.jfk50.r.cloudfront.net

js.intercomcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.88.98.219 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-88-98-219.compute-1.amazonaws.com

api-iam.intercom.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	online-metrix.net 1 redirects h.online-metrix.net — Cisco Umbrella Rank: 2858 h64.online-metrix.net Failed 2ulrybyxacxpl7ce4qzlyr62rfeeeqn7raawf3ftabbf13a37184065dsac.d.aa.online-metrix.net	131 KB
17	koho.ca web.koho.ca webgateway.koho.ca	2 MB
10	launchdarkly.com app.launchdarkly.com — Cisco Umbrella Rank: 740 events.launchdarkly.com — Cisco Umbrella Rank: 920	288 KB
7	segment.com cdn.segment.com — Cisco Umbrella Rank: 2162	39 KB
7	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	647 B
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 65	23 KB
6	equalweb.com cdn.equalweb.com — Cisco Umbrella Rank: 20871	24 KB
6	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 782	140 KB
3	intercom.io widget.intercom.io — Cisco Umbrella Rank: 2903 api-iam.intercom.io — Cisco Umbrella Rank: 3185	6 KB
3	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 3808 api.amplitude.com — Cisco Umbrella Rank: 2960	18 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 64	339 KB
3	sentry.io o36260.ingest.sentry.io	412 B
3	stripe.com js.stripe.com — Cisco Umbrella Rank: 1510	165 KB
2	intercomcdn.com js.intercomcdn.com — Cisco Umbrella Rank: 3757	377 KB
2	google.ca www.google.ca — Cisco Umbrella Rank: 11742	127 B
2	google.com analytics.google.com — Cisco Umbrella Rank: 170 www.google.com — Cisco Umbrella Rank: 4	64 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 171 googleads.g.doubleclick.net — Cisco Umbrella Rank: 52	3 KB
2	kohoanalytics.ca api.kohoanalytics.ca	641 B
2	forethought.ai solve-widget.forethought.ai — Cisco Umbrella Rank: 15779	12 KB
2	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1085	842 B
2	t.co t.co — Cisco Umbrella Rank: 872	817 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 208	84 KB
2	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1236	16 KB
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1280	13 KB
1	rakuten.com tag.rmp.rakuten.com — Cisco Umbrella Rank: 8356	12 KB
1	reddit.com pixel-config.reddit.com Failed alb.reddit.com — Cisco Umbrella Rank: 1487	637 B
1	switchgrowth.com pixel.switchgrowth.com — Cisco Umbrella Rank: 290166	3 KB
1	byspotify.com pixel.byspotify.com — Cisco Umbrella Rank: 8102	22 KB
1	plaid.com cdn.plaid.com — Cisco Umbrella Rank: 18350	48 KB
1	appsflyer.com websdk.appsflyer.com — Cisco Umbrella Rank: 6338	15 KB
0	stackadapt.com Failed tags.srv.stackadapt.com Failed
0	licdn.com Failed snap.licdn.com Failed
0	Failed function sub() { [native code] }. Failed
129	33

	Domain	Requested by
23	h.online-metrix.net	1 redirects web.koho.ca h.online-metrix.net
15	web.koho.ca	web.koho.ca
7	cdn.segment.com	web.koho.ca
7	www.facebook.com	web.koho.ca
6	www.google-analytics.com	cdn.segment.com www.google-analytics.com web.koho.ca
6	cdn.equalweb.com	web.koho.ca cdn.equalweb.com
6	app.launchdarkly.com	web.koho.ca
6	analytics.tiktok.com	web.koho.ca analytics.tiktok.com
4	events.launchdarkly.com	web.koho.ca
3	www.googletagmanager.com	cdn.segment.com www.google-analytics.com
3	o36260.ingest.sentry.io	web.koho.ca
3	js.stripe.com	web.koho.ca js.stripe.com
2	api-iam.intercom.io	js.intercomcdn.com
2	js.intercomcdn.com	widget.intercom.io
2	www.google.ca	web.koho.ca
2	api.amplitude.com	web.koho.ca
2	api.kohoanalytics.ca	web.koho.ca
2	solve-widget.forethought.ai	web.koho.ca solve-widget.forethought.ai
2	webgateway.koho.ca	web.koho.ca
2	analytics.twitter.com	web.koho.ca
2	t.co	web.koho.ca
2	connect.facebook.net	web.koho.ca connect.facebook.net
2	static.ads-twitter.com	web.koho.ca www.googletagmanager.com
2	www.redditstatic.com	web.koho.ca www.redditstatic.com
1	widget.intercom.io	web.koho.ca
1	www.google.com	web.koho.ca
1	analytics.google.com	web.koho.ca
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	web.koho.ca
1	cdn.amplitude.com	cdn.segment.com
1	2ulrybyxacxpl7ce4qzlyr62rfeeeqn7raawf3ftabbf13a37184065dsac.d.aa.online-metrix.net	web.koho.ca
1	tag.rmp.rakuten.com	web.koho.ca
1	alb.reddit.com	web.koho.ca
1	pixel.switchgrowth.com	web.koho.ca
1	pixel.byspotify.com	web.koho.ca
1	cdn.plaid.com	web.koho.ca
1	websdk.appsflyer.com	web.koho.ca
0	tags.srv.stackadapt.com Failed	web.koho.ca
0	snap.licdn.com Failed	cdn.segment.com
0	h64.online-metrix.net Failed	h.online-metrix.net
0	truncated Failed	web.koho.ca
0	pixel-config.reddit.com Failed	www.redditstatic.com
129	42

This site contains links to these domains. Also see Links.

Domain
www.koho.ca

Subject Issuer	Validity	Valid
web.koho.ca WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.appsflyer.com Amazon RSA 2048 M03	`2024-02-04` - `2025-03-03`	a year	crt.sh
secure.plaid.com DigiCert EV RSA CA G2	`2024-03-12` - `2025-03-11`	a year	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-06` - `2025-04-03`	6 months	crt.sh
pixel.byspotify.com WR3	`2024-10-15` - `2025-01-13`	3 months	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
switchgrowth.com WE1	`2024-09-21` - `2024-12-20`	3 months	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-10-13` - `2025-04-11`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-08-21` - `2024-11-19`	3 months	crt.sh
t.co E5	`2024-09-28` - `2024-12-27`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-07` - `2025-10-06`	a year	crt.sh
app.launchdarkly.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-04-04` - `2025-05-06`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-10-30` - `2025-02-06`	3 months	crt.sh
ingest.sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-03` - `2025-07-29`	10 months	crt.sh
*.segment.com Amazon RSA 2048 M02	`2024-10-15` - `2025-11-14`	a year	crt.sh
webgateway.koho.ca WE1	`2024-09-17` - `2024-12-16`	3 months	crt.sh
solve-widget.forethought.ai WE1	`2024-10-18` - `2025-01-16`	3 months	crt.sh
equalweb.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
tag.rmp.rakuten.com WR3	`2024-09-26` - `2024-12-25`	3 months	crt.sh
online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-09-19` - `2025-10-20`	a year	crt.sh
kohoanalytics.ca WE1	`2024-10-12` - `2025-01-10`	3 months	crt.sh
*.aa.online-metrix.net Viking Cloud Organization Validation CA, Level 1	`2024-09-19` - `2025-10-20`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
cdn.amplitude.com Amazon RSA 2048 M02	`2023-12-14` - `2025-01-12`	a year	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2024-01-31` - `2025-03-02`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.google.ca WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
events.launchdarkly.com Amazon ECDSA 256 M03	`2024-07-16` - `2025-08-14`	a year	crt.sh
*.intercom.com Amazon RSA 2048 M03	`2024-01-15` - `2025-02-11`	a year	crt.sh
*.intercomcdn.com Amazon RSA 2048 M02	`2024-10-31` - `2025-11-28`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://web.koho.ca/
Frame ID: 7037364099BC2A151BDEA171A7AE23A2
Requests: 94 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-52bb9961886364429336a5e4c538a8fe.html
Frame ID: 1EF5571A2E0168395DBD219BCC7B921A
Requests: 1 HTTP requests in this frame

Frame: https://solve-widget.forethought.ai/?v=2
Frame ID: 36F7858966948325216DDD3D0B52712F
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d
Frame ID: B9B188B98BD457FCFA5740B2B8A5525A
Requests: 19 HTTP requests in this frame

Frame: https://h.online-metrix.net/pNhg4flgDriZiQO5?0ef8a75cc9374bd9=6FMwjMN-awqwI0JJix5oUcsog4lY7Vfj62WHN0ifz4Vl2Z1Ef2pbeG6Z1wyIzzUskmKCAgQ9t2KlJ8h0QPYVEPAZN3hyuMy9RIM8G9zTXV1jxRC2fCao9OjJOTILYkfpE7lm5TqBS_3pVsY6E1-rm40TVuo&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Frame ID: FA76599EFAB52AD310BCEB03FB288C32
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/LKmLHQM5yTxn1B7k?89341072228e4701=KkIu5FajApXECn_0DzXtRa36Vm9SOgIAhzwudOWavgmrZqnir2MUq0i5VAubhchtE3eQd9xwGCbSXPPStVbvlnjtK7-Y8PmvZ8Hfp11p5Tf68v4ozbcPqbz55lVKgV9Z9k4afDIgFP5vc-3WhZaPt_F3huagI31p0TpjVFGZ35IRlkGDHu8aXrowVRKzFLnTYfKfCaH-QacFWFJm8VI
Frame ID: 21C0A8B95B04E271AFAA749DAA705257
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/aGgtLl5DlGlMaOZc?c29409651a0537fb=_HDxp0ZAOJc0S6KLTxp-gGPSFl_RVK3ZMATP_Wgqzny_SxL-nwW0Tz-iHJb0oiyEDIbp5Kjy-ppx_6yeAwDVKvELwA6dLGH4MdAXJKQ1yVp02yRRr0f_pYj0dwDhMGzs_4lv4b3FOJFqAC_1DBXtCFTIz99JZ1M8-nuxvDQ7cadNedaiHgipHIKu4Gemw943CeffSDuwyL0H2h_nJzuq
Frame ID: 47396954D07C4F0256BC12519571DA90
Requests: 1 HTTP requests in this frame

Frame: https://h.online-metrix.net/sf_NB3mUg9nS9qIB?eeed82627e03d91a=Y-8fBysQyqpF51yX3BWokzhQ2kaheA8C43dCJnlUHcPsLyVCyCkcvYqU7FDHwQNUHVZBxR5riTlgPKDSivNMzD93EWByNNNTBrOXe9x0RKLskKylYy-Kh8LYEV8Mx1_V2PrIJUNXyJ8Fwp3_wlMDF01rZSOsGFJGN4ot2-BW-fWZ9DVBvIMAZ8uxr_Reh-8KsIHaSZMD7F80nEoy-vq3
Frame ID: ADFFFE350E932C19AC745021AF7B5069
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3191E26B9EE2A4D15F2FCA06C7A772A8
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: D8D47DA452735C1DA66A8D7E4176D433
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 954F143DA6789050DC3971D5CF203156
Requests: 2 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame.f55d5ac4.js
Frame ID: 114A3C986F04D364238391AD296E4997
Requests: 4 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 24CAE4A97B06E18C2C8B99C18ECA7452
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

KOHO

Page URL History Show full URLs

http://web.koho.ca/ HTTP 307
https://web.koho.ca/ Page URL

Detected technologies

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

EqualWeb (Accessibility) Expand

Overall confidence: 100%
Detected patterns

cdn\.equalweb\.com.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Rakuten (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

tag\.rmp\.rakuten\.com

Page Statistics

129
Requests

96 %
HTTPS

39 %
IPv6

33
Domains

42
Subdomains

39
IPs

2
Countries

3484 kB
Transfer

11695 kB
Size

31
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.koho.ca/legal/?ver=mastercard#KOHOTermsOfUse
Title: KOHO's Terms of Use

Search URL Search Domain Scan URL

URL: https://www.koho.ca/legal/?ver=mastercard#PrivacyPolicy
Title: Privacy Policy.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://web.koho.ca/ HTTP 307
https://web.koho.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

https://h.online-metrix.net/EDXrTgFW2I1oCuZB?90ab5eb87baebee0=MmnTLyHbeIwLvQDBPGxBun9pf9nqRfU_Y1cpZ73LCfup6isbXs27N_VY8ghNlwVRUx19cVnLcz0SlzVfc7M3HDegk3hm06ckMmrH5B7VJZozCNQizkoX5HcfUGpMIOadTc4e9ANGKrza_Tz2SDZ8QtN7_tiJtaRvVhRyQ-aIxXHC_Qo HTTP 302
https://h.online-metrix.net/EDXrTgFW2I1oCuZB?65484beb992d4d59=MmnTLyHbeIwLvQDBPGxBun9pf9nqRfU_Y1cpZ73LCfup6isbXs27N_VY8ghNlwVRUx19cVnLcz0SlzVfc7M3HDegk3hm06ckMmrH5B7VJZozCNQizkoX5HcfUGpMIOadTc4e9JSWIfqOeAypR5hPlwR945k&k=2

129 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
web.koho.ca/
Redirect Chain

http://web.koho.ca/
https://web.koho.ca/

22 KB
7 KB

377ms
111ms

Document
text/html

104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92faadbd7760e48388bed9098f51697611523a09065bcd595820d412d882d12d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

age: 345415
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, s-maxage=31536000
cf-cache-status: DYNAMIC
cf-ray: 8e18821e9d2a36a0-YYZ
content-encoding: br
content-type: text/html
date: Tue, 12 Nov 2024 18:15:35 GMT
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 2f276f8b7ce92ba7a0844268d20c32ba.cloudfront.net (CloudFront)
x-amz-cf-id: uzTiMf0R61D3N2agLYEyoe1i3aLGj_Vt8EAytCAFfbi6YRY4Kzzraw==
x-amz-cf-pop: JFK50-P6
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

Redirect headers

Location: https://web.koho.ca/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 / Show response
websdk.appsflyer.com/ 51 KB
15 KB 289ms
80ms Script
application/javascript 108.139.47.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://websdk.appsflyer.com/?st=banners&
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.47.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-47-42.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0ba6b163f965f258c24888cf11c6dfe0d044de0800284da2e78a3faf7bd12925

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

x-amz-cf-pop: JFK50-P1
content-encoding: br
etag: W/"7ee104753099f9f00003724eb0a4c433"
age: 120
via: 1.1 a5bf84280caeb8a606c41eaba71ee8be.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: szX1r5SPHgORGfNvgt8HChYKsxyXGj-cnWy9ENYHheEJP6vjIYXCSQ==
date: Tue, 12 Nov 2024 18:13:36 GMT
content-type: application/javascript
vary: accept-encoding
server: AmazonS3
last-modified: Tue, 01 Oct 2024 07:07:49 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 157 KB
48 KB 317ms
102ms Script
text/javascript 108.138.128.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.128.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-128-21.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ac99f73c5bbbc597f3b6309f54c111536dfc0c00d12a628d501ace61332e68e

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
x-amz-version-id: NafSjhzxjdF3kt1pQN6ViYWaLy_BXhq2
etag: W/"7159c6015b5205fccc55c6f6bf67ad41"
age: 9652
x-cache: Hit from cloudfront
x-amz-cf-id: mfMxq2Q-fMVP6OrmnPqQ0l0KflAwr5KYLPheqaRRXxlG8Ogl1cjfiQ==
date: Tue, 12 Nov 2024 15:34:44 GMT
content-type: text/javascript
vary: accept-encoding
last-modified: Wed, 06 Nov 2024 19:40:37 GMT
x-amz-id-2: 4oCWu0eUO7cydSDhcOsBpbPiQGtYQ/0XmpPgi7uCqtytO3Y/sjdJQ0x6Z+ayRF08NMS2nymb+M+40WquFA/vTgtsNQa+emxodafJt4rj39M=
x-amz-replication-status: COMPLETED
cache-control: no-cache,must-revalidate,max-age=0
via: 1.1 77c1752e5c6dfb050c6304b9d473a1e2.cloudfront.net (CloudFront)
x-amz-request-id: 59F5XNPFWA8XG356
x-amz-cf-pop: JFK50-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 367ms
135ms Script
application/javascript 23.49.248.20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BTGIL6BQ55EMJL0L2V00&lib=ttq
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.49.248.20 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-49-248-20.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6f58c7ab8bb73eb5c177ace1406c025e4b9203c202340ba08a1f7bf125564889

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
x-cache-remote: TCP_MISS from a23-220-107-82.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-2fb65fbfa7ad4f98bbb706cf20e2b5f6) (-)
expires: Tue, 12 Nov 2024 18:15:36 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=17, origin; dur=7, inner; dur=4
x-cache: TCP_MISS from a23-40-19-17.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-akamai-request-id: 8c6d788b.2ea73b1
x-tt-trace-host: 01548ce5bb41e46e06dc04a924b20010ab8f844e7dbdd5546afacede54e9ffb6bcb0a030c1db4759673d575c04cfeb4bc99f088c609a8c2a355aecabbbfc1e35a66c283feb035a3077c70aa82c4894a900a0f19e7f8793a74b2f6e70ec5f01297a71cf3df4021880fd9ac28db07f98797b
x-origin-response-time: 7,23.220.107.82
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-241112181536939AFF4FADB98CFBE1BD-7D211E4755F62851-00
content-length: 2260
x-parent-response-time: 23,23.40.19.17
x-tt-logid: 20241112181536939AFF4FADB98CFBE1BD
server: nginx

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 143ms
27ms Script
application/javascript 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

cache-control: public, max-age=60
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
etag: "5e9ac3a42b557bf8ca38cf2e8baba70b"
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
content-length: 12126
date: Tue, 12 Nov 2024 18:15:36 GMT
last-modified: Tue, 15 Oct 2024 19:34:59 GMT
content-type: application/javascript
vary: Accept-Encoding,Origin
server: snooserv
x-amz-server-side-encryption: AES256

GET
H2 200 ping.min.js Show response
pixel.byspotify.com/ 22 KB
22 KB 327ms
106ms Script
text/javascript 34.117.162.98
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.byspotify.com/ping.min.js
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.162.98 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 98.162.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=NZyeaA==, md5=Tt3uyVr9qWmz0bL7lwwesQ==
etag: "4eddeec95afda969b3d1b2fb970c1eb1"
age: 2044
x-goog-stored-content-encoding: identity
expires: Tue, 12 Nov 2024 18:41:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 22096
date: Tue, 12 Nov 2024 17:41:32 GMT
last-modified: Tue, 25 Jun 2024 13:55:33 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY3-_V_kCvrxQm27iHL1DjJ_aqSJSUJWPbq782jVOUO8pVf0uXzVcDgJHBqwycQgAmLqb8Xkc5frQQ
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
via: 1.1 google
accept-ranges: bytes
x-goog-generation: 1719323733334567
content-length: 22096
server: UploadServer

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 485ms
154ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip"
accept-ranges: bytes
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Tue, 12 Nov 2024 18:15:36 GMT
x-tw-cdn: FT
last-modified: Mon, 28 Oct 2024 20:49:35 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kiad7000114-IAD
x-amz-server-side-encryption: AES256

GET
H2 200 pixel.js Show response
pixel.switchgrowth.com/ 6 KB
3 KB 336ms
109ms Script
text/javascript 2606:4700:10::ac43:1c5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.switchgrowth.com/pixel.js?id=AxuB4szNGyBhNlWZ

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:1c5d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5242da280ecd0664d76cc8c7be9fccb3f2bebe758c04d6e700dfe7b4f1eef605

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: public, max-age=14400
content-encoding: br
cf-cache-status: HIT
age: 34
via: 1.1 google
cf-ray: 8e1882238eaf185d-EWR
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: text/javascript
last-modified: Tue, 12 Nov 2024 03:35:30 GMT
vary: Accept-Encoding
x-cloud-trace-context: e1920627b714453cdeafff1bd2350265

GET config
pixel-config.reddit.com/pixels/t2_e4ba8g8u/ 0
0

GET
H2 200 t2_e4ba8g8u_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
700 B 239ms
74ms XHR
application/json 2a04:4e42:600::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_e4ba8g8u_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

cache-control: max-age=300
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
content-encoding: gzip
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 98
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: application/json
vary: Accept-Encoding,Origin
server: snooserv

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 462ms
189ms Image
image/gif 151.101.193.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1731435336135&id=t2_e4ba8g8u&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=80f81fb6-9a76-4cb7-82e5-3e777fc261d6&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_49267bce&dpm=&dpcc=&dprc=
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.193.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
retry-after: 0
cross-origin-resource-policy: cross-origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
via: 1.1 varnish
accept-ranges: bytes
content-length: 42
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: image/gif
server: Varnish

GET
H2 200 index.2.11.21.js Show response
web.koho.ca/ 5 MB
1 MB 171ms
169ms Script
text/javascript 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/index.2.11.21.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

239dfc60011c82460b2a739ee6747a0c467405d8a8fc78e25f69466ebcd401e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"92a71831c62f428999783563cef88ec2"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: RCJUrEWVa2YoXZYnDB1pEKf1T7YLSyj4hME3gasrEA-M1u51r3lrew==
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 f48e3bba7eb119871945c3726fab1888.cloudfront.net (CloudFront)
cf-ray: 8e1882241bb336a0-YYZ
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK50-P6
server: cloudflare

GET
H2 200 index.2.11.21.css
web.koho.ca/ 504 KB
46 KB 82ms
81ms Stylesheet
text/css 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/index.2.11.21.css

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

784db85aea3a8cb7915e2b2f9548ff9e6c5b5c4823a7c0bfdd87f5259c37174e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"a2df63d1359cba333258c223185e14c4"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: FQDBkwfzRS97L83DLTeiYPVvFZllsJ_LpDMF11K3tg9JwgDij9NHmA==
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: text/css
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 2f276f8b7ce92ba7a0844268d20c32ba.cloudfront.net (CloudFront)
cf-ray: 8e1882241bb236a0-YYZ
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK50-P6
server: cloudflare

GET
H2 200 registerSW.js Show response
web.koho.ca/ 146 B
301 B 168ms
168ms Script
text/javascript 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/registerSW.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fc2d2325282f8ceb8c6100733e41a97216e1ab93f351a3e1eace25c4099231f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"38013143dc2183340ede8bc1c5124507"
age: 345453
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: WkGdEui8sMnysfa4A88fnD9BAJ3SpAHhlh6RMdC3OuVeLkP3J_25iA==
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 3ce8b408dfcacf1e62d9fe4b346a6a62.cloudfront.net (CloudFront)
cf-ray: 8e1882241bb536a0-YYZ
x-xss-protection: 1; mode=block
x-amz-cf-pop: JFK50-P6
server: cloudflare

GET
H2 200 main.MWQ2ODQwNTg2MQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 341 KB
95 KB 133ms
132ms Script
application/javascript 23.49.248.20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ2ODQwNTg2MQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=BTGIL6BQ55EMJL0L2V00&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.49.248.20 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-49-248-20.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 40780f31a9399252b5f948ced83fc2a4e79cde535e3ebb8e001b911a71729bdd

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

x-cache: TCP_HIT from a23-40-19-17.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
vary: Accept-Encoding
cache-control: public, max-age=31536000, immutable
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
x-tt-trace-id: 00-241107125616C1948AAF9AAC1A9ACC6C-7E7CE2C286084959-00
content-length: 96967
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20241107125616C1948AAF9AAC1A9ACC6C
server: nginx
x-akamai-request-id: 2ea744f
x-tt-trace-host: 01dd84c0e24ffdfdfb00d2eb93e97ea5197c0b2d3c9587c607b037aa6d1863d9b55e7abdbb330cf9ae986b8e51438cfef7007d8aee8b1598dd456ef33584d5bf11711336e7b5ea12daf61875d0faddd0323a867fe045e3a39d4c30aa2cd69fdfd9

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 319ms
121ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-64jylaSX' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-64jylaSX' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: GOOD; q=0.7, rtt=112, rtx=0, c=24, mss=1232, tbw=9444, tp=14, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: rLpAlb8pisUAb7wBKP0viy0fhwo6dUbNbRMPYH+x+iZeNpYbm+mA2pbS1+JMUMU07TdZWySS1RvXw4mv2TgfLw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62107
x-xss-protection: 0
origin-agent-cluster: ?1

GET truncated
/ 0
0

GET
H2 200 identify_7bf75739.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 198ms
196ms Script
application/javascript 23.49.248.20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ2ODQwNTg2MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.49.248.20 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-49-248-20.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

x-cache: TCP_MEM_HIT from a23-40-19-17.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
vary: Accept-Encoding
cache-control: public, max-age=31536000, immutable
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
x-tt-trace-id: 00-240830022529621ABA50927AD48EB872-63DF52AF55B5820B-00
content-length: 39509
date: Tue, 12 Nov 2024 18:15:36 GMT
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20240830022529621ABA50927AD48EB872
server: nginx
x-akamai-request-id: 2ea74fa
x-tt-trace-host: 01fd94dc45b6228157d73b313cdb1a81d58199bf92a5e0d1a8af75c8527362734a81369182e37511168a451ce53ed2a8988aeaaad3e8cdf5fa18c37ae3b398a823a62f2761db348db77a8bddc6cf4fe1b456fec0db8c58b6c2d1db9261165635da

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
713 B 216ms
214ms Ping
text/plain 23.49.248.20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ2ODQwNTg2MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.49.248.20 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-49-248-20.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain;charset=UTF-8
Referer: https://web.koho.ca/

Response headers

access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires: Tue, 12 Nov 2024 18:15:36 GMT
server-timing: inner; dur=24, cdn-cache; desc=MISS, edge; dur=6, origin; dur=34
x-cache: TCP_MISS from a23-40-19-17.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
date: Tue, 12 Nov 2024 18:15:36 GMT
x-akamai-request-id: 2ea74fb
access-control-allow-headers: Authorization,*
x-tt-trace-host: 01548ce5bb41e46e06dc04a924b20010ab89922a9987222eeb43f094864a827f3491cddc508731929be67655bc149adb4ad3083d8406ee988a585c1763890a8f3ce9a62d58710195628fecbd9365f7b72a2b998ba27576e308b5254ad4158e6d1a
x-origin-response-time: 34,23.40.19.17
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
access-control-allow-origin: *
x-tt-trace-id: 00-24111218153616D323DF2C2AA6FB6FEC-1B80848D9D1E93D3-00
content-length: 0
x-tt-logid: 2024111218153616D323DF2C2AA6FB6FEC
server: nginx

GET
H3 200 599633800219052 Show response
connect.facebook.net/signals/config/ 95 KB
23 KB 82ms
81ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/599633800219052?v=2.9.176&r=stable&domain=web.koho.ca&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

cfc03db994a8f8afd3406528e8194b3cfbcd4875740a43ac823977252891c75f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-WqwwtjdV' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-WqwwtjdV' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: MODERATE; q=0.3, rtt=154, rtx=0, c=80, mss=1232, tbw=75384, tp=72, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: ixvvpezSJlicQ15t0K+jzftcZGKhnKWgg/Fy52PnxxMqqEB8B3IzZf+eC408jo53l/n1i/BohP/yaVQzW8oViA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 23546
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
717 B 326ms
324ms Ping
text/plain 23.49.248.20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ2ODQwNTg2MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.49.248.20 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-49-248-20.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain;charset=UTF-8
Referer: https://web.koho.ca/

Response headers

access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires: Tue, 12 Nov 2024 18:15:37 GMT
server-timing: inner; dur=196, cdn-cache; desc=MISS, edge; dur=38, origin; dur=230
x-cache: TCP_MISS from a23-40-19-17.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
date: Tue, 12 Nov 2024 18:15:37 GMT
x-akamai-request-id: 2ea7541
access-control-allow-headers: Authorization,*
x-tt-trace-host: 01548ce5bb41e46e06dc04a924b20010ab89922a9987222eeb43f094864a827f344611e144ee4491698d48728cc9388287d164cc5e2f66db0917b455834858371e04e84a19214d8d29ff5f78a27df6620f3754c7ebe1884a3d04eb95f5774a66ac
x-origin-response-time: 230,23.40.19.17
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
access-control-allow-origin: *
x-tt-trace-id: 00-241112181537AD6DDB22FEC97F7D011D-58F8F6356C3DBEC6-00
content-length: 0
x-tt-logid: 20241112181537AD6DDB22FEC97F7D011D
server: nginx

GET
H2 200 adsct
t.co/1/i/ 43 B
629 B 365ms
196ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&dv=America%2FVancouver%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=26906459-7de5-4cd2-9fc0-727cfee08bde&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a26c5a95-fa00-48c7-9dc0-7d5d42f3aab4&tw_document_href=https%3A%2F%2Fweb.koho.ca%2F&tw_iframe_status=0&txn_id=nvggn&type=javascript&version=2.3.31

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=0
x-transaction-id: f3d114777337917e
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 009d639dfe6f0722d802a50b84e910cf7d913be0c46377dbdcc5236f8ca37118
cf-cache-status: DYNAMIC
cf-ray: 8e18822a0950abfa-YYZ
x-response-time: 84
content-length: 43
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
725 B 434ms
184ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&dv=America%2FVancouver%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=26906459-7de5-4cd2-9fc0-727cfee08bde&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a26c5a95-fa00-48c7-9dc0-7d5d42f3aab4&tw_document_href=https%3A%2F%2Fweb.koho.ca%2F&tw_iframe_status=0&txn_id=nvggn&type=javascript&version=2.3.31

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 43f6176d573de17a
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 84daf9f14d295dd20b2b472143297a3d2badbf8c18164e5e286595837d69bdcc
x-response-time: 9
content-length: 43
date: Tue, 12 Nov 2024 18:15:36 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 188ms
57ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=599633800219052&ev=PageView&dl=https%3A%2F%2Fweb.koho.ca&rl=&if=false&ts=1731435337124&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4124&fbp=fb.1.1731435337122.302895452852309543&pm=1&hrl=14b119&ler=empty&cdl=API_unavailable&it=1731435337018&coo=false&cs_cc=1&ccs=2036907989775049%2C2042001562539962&cas=7748182168559485%2C2280451298676074%2C2493627267356471%2C1925947637510218%2C2143156675783035%2C1375186855900984&rqm=GET

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=46, rtx=0, c=23, mss=1232, tbw=5737, tp=11, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
197 B 338ms
207ms Image
image/png 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=599633800219052&ev=PageView&dl=https%3A%2F%2Fweb.koho.ca&rl=&if=false&ts=1731435337124&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4124&fbp=fb.1.1731435337122.302895452852309543&pm=1&hrl=14b119&ler=empty&cdl=API_unavailable&it=1731435337018&coo=false&cs_cc=1&ccs=2036907989775049%2C2042001562539962&cas=7748182168559485%2C2280451298676074%2C2493627267356471%2C1925947637510218%2C2143156675783035%2C1375186855900984&rqm=FGET

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7436458148220774350"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa37b2200c77884f5","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["3200228373369739","1933916576659401","1843724245738692"]},"debug_reporting":true,"debug_key":"2290599478290400155"}
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: oER3v2Me29mBA1rnQYYaukAmRB8I6baswQNPwcNPdtMBTfKyNoM1ycpSTgOcpeZUI7h2Zzh1rfiY+vob3zhsUg==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7436458148220774350", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=47, rtx=0, c=23, mss=1232, tbw=6105, tp=14, tpl=0, uplat=162, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

OPTIONS
H2 200 5eeb94841ab9a70a809cdc75
app.launchdarkly.com/sdk/goals/ Frame 0
0 392ms
160ms Preflight 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5eeb94841ab9a70a809cdc75

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: GET
Origin: https://web.koho.ca
Sec-Fetch-Mode: cors
User-Agent: this request as been triggered by a human from a costum script.

Response headers

accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
age: 0
allow: GET, OPTIONS, HEAD
content-encoding: gzip
content-length: 23
date: Tue, 12 Nov 2024 18:15:38 GMT
ld-region: us-east-1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 3
x-served-by: cache-yul1970047-YUL
x-timer: S1731435338.018234,VS0,VE0

GET
H2 200 v3 Show response
js.stripe.com/ 684 KB
165 KB 306ms
70ms Script
text/javascript 151.101.128.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.128.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

12c36a25e1d34c128839e6020f8bbabfc7c313852d1b6d23e5e9550fb98e9191

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

x-request-id: 1c5b08b7-0ae8-4ad1-b58f-c65c12355176
content-encoding: br
etag: "d67caab47663a660a3445da2aea34af2"
age: 24
x-content-type-options: nosniff
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Tue, 12 Nov 2024 18:15:37 GMT
last-modified: Mon, 11 Nov 2024 22:15:03 GMT
content-type: text/javascript; charset=utf-8
x-served-by: cache-yul1970053-YUL
x-cache-hits: 15
vary: Accept-Encoding
strict-transport-security: max-age=31556926; includeSubDomains; preload
cache-control: max-age=60
timing-allow-origin: *
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 168300
server: Fastly

POST
H2 200 / Show response
o36260.ingest.sentry.io/api/3725458/envelope/ 2 B
56 B 363ms
177ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o36260.ingest.sentry.io/api/3725458/envelope/?sentry_key=b6af6813dda749a3836c9191fe2b4be2&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.119.2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain;charset=UTF-8
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: application/json
vary: origin, access-control-request-method, access-control-request-headers
server: nginx

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/55ISPtHuwCa8DI4LQEqGuliQORi5XN4c/ 5 KB
2 KB 448ms
130ms Fetch
application/json 13.249.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/55ISPtHuwCa8DI4LQEqGuliQORi5XN4c/settings
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.86.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-86-140.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 78a1d6aef842a4167a919fa6280d76b849b09dcc329bc0f9701f219546afc818

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

access-control-max-age: 3000
content-encoding: br
x-amz-version-id: c72q6ZJ.lgl_nmZV20ludSXo0VksuS4H
etag: W/"93366b6090cc2e9b3a7b8588a57d00c7"
age: 9595
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: I9xufu4XBEk--1wpwD0OZqv3KhoG-Giv61q3JQ-nBLxT_wdC0FUqpA==
date: Tue, 12 Nov 2024 15:36:48 GMT
content-type: application/json; charset=utf-8
vary: accept-encoding
last-modified: Thu, 25 Jul 2024 22:16:43 GMT
x-amz-replication-status: COMPLETED
cache-control: public, max-age=10800
via: 1.1 e9786b36047f45c75c77de67db1be0fc.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 5eeb94841ab9a70a809cdc75 Show response
app.launchdarkly.com/sdk/goals/ 2 B
179 B 116ms
115ms XHR
application/json 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/goals/5eeb94841ab9a70a809cdc75

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
Referer: https://web.koho.ca/
User-Agent: this request as been triggered by a human from a costum script.
X-LaunchDarkly-User-Agent: JSClient/3.1.4

Response headers

content-md5: d751713988987e9331980363e24189ce
access-control-max-age: 300
content-encoding: gzip
etag: "d751713988987e9331980363e24189ce"
age: 0
access-control-allow-methods: GET, OPTIONS, HEAD
x-cache: HIT
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/json
x-served-by: cache-yul1970047-YUL
x-cache-hits: 2
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cache-control: max-age=0
x-timer: S1731435338.174242,VS0,VE0
ld-region: us-east-1
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 57ms
55ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=599633800219052&ev=PageView&dl=https%3A%2F%2Fweb.koho.ca&rl=&if=false&ts=1731435337756&sw=1600&sh=1200&v=2.9.176&r=stable&ec=1&o=4124&fbp=fb.1.1731435337122.302895452852309543&pm=1&hrl=fc69d9&ler=empty&cdl=API_unavailable&it=1731435337018&coo=false&cs_cc=1&ccs=2036907989775049%2C2042001562539962&cas=7748182168559485%2C2280451298676074%2C2493627267356471%2C1925947637510218%2C2143156675783035%2C1375186855900984&rqm=GET

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=47, rtx=0, c=26, mss=1232, tbw=9721, tp=20, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
194 B 218ms
217ms Image
image/png 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=599633800219052&ev=PageView&dl=https%3A%2F%2Fweb.koho.ca&rl=&if=false&ts=1731435337756&sw=1600&sh=1200&v=2.9.176&r=stable&ec=1&o=4124&fbp=fb.1.1731435337122.302895452852309543&pm=1&hrl=fc69d9&ler=empty&cdl=API_unavailable&it=1731435337018&coo=false&cs_cc=1&ccs=2036907989775049%2C2042001562539962&cas=7748182168559485%2C2280451298676074%2C2493627267356471%2C1925947637510218%2C2143156675783035%2C1375186855900984&rqm=FGET

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7436458149426819645"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa37b2200c77884f5","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["3200228373369739","1933916576659401","1843724245738692"]},"debug_reporting":true,"debug_key":"3098547978081345503"}
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: FHlMK9ejohY3K3Z8tyuZZWNiVtdt5HHTtSNMyBZgKGVFslTXrkAZ0MkI+7UPFVliweonIUZ77NicPRTIE42uRg==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7436458149426819645", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=51, rtx=0, c=26, mss=1232, tbw=10377, tp=29, tpl=0, uplat=111, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 400 eyJhbm9ueW1vdXMiOnRydWUsImtpbmQiOiJ1c2VyIiwia2V5IjoiMWUxN2M5MTAtYTEyMi0xMWVmLWI3MTItOWQ1ZTAzNzE2M2IwIn0 Show response
app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/ 56 B
149 B 136ms
135ms XHR
application/json 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/eyJhbm9ueW1vdXMiOnRydWUsImtpbmQiOiJ1c2VyIiwia2V5IjoiMWUxN2M5MTAtYTEyMi0xMWVmLWI3MTItOWQ1ZTAzNzE2M2IwIn0

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8239ec3813476a434d3031db13d826e1d645b9402954a82053f509dc0bb2655a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
Referer: https://web.koho.ca/
User-Agent: this request as been triggered by a human from a costum script.
X-LaunchDarkly-User-Agent: JSClient/3.1.4

Response headers

access-control-max-age: 300
content-encoding: gzip
age: 0
access-control-allow-methods: GET, OPTIONS, HEAD
x-cache: MISS
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/json
vary: Accept-Encoding
x-served-by: cache-yul1970047-YUL
x-cache-hits: 0
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
strict-transport-security: max-age=31536000; includeSubDomains
x-timer: S1731435338.174268,VS0,VE18
ld-region: us-east-1
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 71

OPTIONS
H2 200 eyJhbm9ueW1vdXMiOnRydWUsImtpbmQiOiJ1c2VyIiwia2V5IjoiMWUxN2M5MTAtYTEyMi0xMWVmLWI3MTItOWQ1ZTAzNzE2M2IwIn0
app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/ Frame 0
0 389ms
159ms Preflight 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/eyJhbm9ueW1vdXMiOnRydWUsImtpbmQiOiJ1c2VyIiwia2V5IjoiMWUxN2M5MTAtYTEyMi0xMWVmLWI3MTItOWQ1ZTAzNzE2M2IwIn0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: GET
Origin: https://web.koho.ca
Sec-Fetch-Mode: cors
User-Agent: this request as been triggered by a human from a costum script.

Response headers

accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
age: 0
allow: GET, OPTIONS, HEAD
content-encoding: gzip
content-length: 23
date: Tue, 12 Nov 2024 18:15:38 GMT
ld-region: us-east-1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 6
x-served-by: cache-yul1970047-YUL
x-timer: S1731435338.018198,VS0,VE0

OPTIONS
H3 204 hash
webgateway.koho.ca/1.0/users/users/anonymous-b/flags/ Frame 0
0 434ms
179ms Preflight 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://webgateway.koho.ca/1.0/users/users/anonymous-b/flags/hash

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-device-id,x-koho-app-version,x-koho-device-platform,x-organization
Access-Control-Request-Method: GET
Origin: https://web.koho.ca
Sec-Fetch-Mode: cors
User-Agent: this request as been triggered by a human from a costum script.

Response headers

access-control-allow-credentials: true
access-control-allow-headers: x-device-id,x-koho-app-version,x-koho-device-platform,x-organization
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS,CONNECT
access-control-allow-origin: https://web.koho.ca
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8e18822ec934711a-YYZ
date: Tue, 12 Nov 2024 18:15:38 GMT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff

GET
H3 200 embed.js Show response
solve-widget.forethought.ai/ 41 KB
12 KB 356ms
139ms Script
application/javascript 2606:4700:310c::ac42:2caf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://solve-widget.forethought.ai/embed.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2caf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4aca24b37a2e73ec4e4e42f3915f6137d6278bfb7385792c50e147cb728629ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
etag: W/"689f298d1dd75a46fdaf984ad707a548"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQJGYKL%2F%2B3RUIuQl5NnGoYlTATfca2H4Ingze5iZz%2FVghxgiSBBRl9uDR3hMRl322iu%2BDNmudMLpchcvzTlGh8aTh9ZBEfQfoXmVwFrnFs816BwlatyjxI7TyrVmgjVAMyXfybN3aALJdmIIX2tpWKdqQoNi4HWXbzw%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=102533&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4099&recv_bytes=4147&delivery_rate=32995&cwnd=12000&unsent_bytes=0&cid=4c3236e0db609003&ts=142&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=3,i=?0
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8e18822e8ac80fa7-EWR
access-control-allow-origin: *
server: cloudflare

GET
H3 200 hash Show response
webgateway.koho.ca/1.0/users/users/anonymous-b/flags/ 88 B
411 B 394ms
393ms XHR
application/json 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://webgateway.koho.ca/1.0/users/users/anonymous-b/flags/hash

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

014a7b4417ad3e24d4e19865a4b4feb5bf04a5b0faf4a63b527a737956198d0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

x-koho-app-version: 2.11.13
X-Organization: koho
x-koho-device-platform: web
x-device-id: cb3109a4-ce34-4974-ba7c-71481acfbf18
User-Agent: this request as been triggered by a human from a costum script.
Accept: application/json, text/plain, */*
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
x-correlation-id: 0a2782ee-7e8f-498f-81f2-ac224452d568
cf-cache-status: DYNAMIC
content-encoding: br
access-control-allow-credentials: true
x-content-type-options: nosniff
cf-ray: 8e1882314fc6aae5-YYZ
x-causation-id: 0a2782ee-7e8f-498f-81f2-ac224452d568
x-organization: koho
access-control-allow-origin: https://web.koho.ca
alt-svc: h3=":443"; ma=86400
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/json; charset=UTF-8
vary: Origin
server: cloudflare

GET
H2 200 accessibility.js Show response
cdn.equalweb.com/core/4.5.6/ 43 KB
15 KB 387ms
144ms Script
application/javascript 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/core/4.5.6/accessibility.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2118bade160d44b7b7efa9ba8fd2a91a445031bbd864f42c0e7b05239d5f87c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "02bf568c4b3d91:0"
age: 1238826
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ddLA1KgJrX8gvpskfLu4252IQ1bBgKriE1dXz9D25Uk9SNV5bxcKbrFt3EqBPAxtHsPa4A5keNgYX9G5Tnl%2FR4DLj9YkmVGkcZ1VzWwaTTZoiXVx%2BZo9GaslW199P9%2F2ewLPVssO8wa7f28eYDY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=17777&sent=6&recv=7&lost=0&retrans=0&sent_bytes=4011&recv_bytes=2197&delivery_rate=222987&cwnd=245&unsent_bytes=0&cid=8044e039ed513968&ts=172&x=0"
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/javascript
last-modified: Tue, 11 Jul 2023 06:53:34 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: CA
access-control-allow-credentials: true
cf-ray: 8e18822eecc4439f-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 14205
x-xss-protection: 1; mode=block
server: cloudflare

POST
H2 200 / Show response
o36260.ingest.sentry.io/api/3725458/envelope/ 2 B
56 B 272ms
179ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o36260.ingest.sentry.io/api/3725458/envelope/?sentry_key=b6af6813dda749a3836c9191fe2b4be2&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.119.2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain;charset=UTF-8
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: application/json
vary: origin, access-control-request-method, access-control-request-headers
server: nginx

POST
H2 200 / Show response
o36260.ingest.sentry.io/api/3725458/envelope/ 2 B
300 B 269ms
178ms Fetch
application/json 34.120.195.249
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://o36260.ingest.sentry.io/api/3725458/envelope/?sentry_key=b6af6813dda749a3836c9191fe2b4be2&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.119.2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

249.195.120.34.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain;charset=UTF-8
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy: cross-origin
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: application/json
vary: origin, access-control-request-method, access-control-request-headers
server: nginx

GET
H3 200 basis-grotesque-medium.2.11.21.woff2
web.koho.ca/ 27 KB
28 KB 138ms
135ms Font
font/woff2 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/basis-grotesque-medium.2.11.21.woff2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

016f61f01838ce5e1d9564ffe5a84616a3c4f66048f99f1e89f410a9dc2cad9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/index.2.11.21.css

Response headers

cf-cache-status: DYNAMIC
etag: "d37b904ee00f12ca729be334e9eeb28a"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: yiete6ClSwg-OjgT_Y194JOZzFqSWHB-1B2FsmS_SzM12YpyqLDFQg==
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: font/woff2
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 ae7bbb23871eba9dda7f1abdc6bacfa0.cloudfront.net (CloudFront)
cf-ray: 8e18822ded9bb40a-YYZ
accept-ranges: bytes
content-length: 28148
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 basis-grotesque-regular-pro.2.11.21.woff2
web.koho.ca/ 49 KB
49 KB 237ms
226ms Font
font/woff2 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/basis-grotesque-regular-pro.2.11.21.woff2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84f05a3c1c4a200ffe226be6ef96bf7f95928b2b803130618ead7733677a5f2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/index.2.11.21.css

Response headers

cf-cache-status: DYNAMIC
etag: "c294fc5a277925342bcdbda0ebe58f61"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: __sX1R6IQ4hNZ4IQrC5RYmLFNHyUKbrsWixJlSRYu_DNXScFCzDdeA==
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: font/woff2
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 9b4f2014232c90b3056e1fb1e00215fc.cloudfront.net (CloudFront)
cf-ray: 8e18822deda8b40a-YYZ
accept-ranges: bytes
content-length: 50128
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 jokker-bold.2.11.21.woff2
web.koho.ca/ 45 KB
45 KB 238ms
226ms Font
font/woff2 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/jokker-bold.2.11.21.woff2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

366cb86476f137950f4dfcaf28eca163e1d9973fdb7ea160d7af2c00599a386c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/index.2.11.21.css

Response headers

cf-cache-status: DYNAMIC
etag: "9cd901311fd09e56ae61b7a853b69300"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: MTbDgm-eVN1C0xoNtWUGIaIXL9nLmxkBvuLMQyQXAmYBgZHr36VwEQ==
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: font/woff2
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 8628ab00b77c57209ad876418b745f6e.cloudfront.net (CloudFront)
cf-ray: 8e18822deda9b40a-YYZ
accept-ranges: bytes
content-length: 45572
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 basel-grotesk-bold.2.11.21.woff2
web.koho.ca/ 93 KB
93 KB 239ms
227ms Font
font/woff2 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/basel-grotesk-bold.2.11.21.woff2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47c7e3e605b64ba77f691904be3540de1dd5879d4410fa46353305149b4f0876

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/index.2.11.21.css

Response headers

cf-cache-status: DYNAMIC
etag: "cf56caa15c4d7dc3dad71586d0fb9423"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: JFGvG87B4RmW77FH70Es1ybEwAZUf0_EfbXH3V1T2XDuCZTOs-AGHw==
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: font/woff2
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 3bff6c700d376f51ba81ef57dc2bd6e6.cloudfront.net (CloudFront)
cf-ray: 8e18822dedabb40a-YYZ
accept-ranges: bytes
content-length: 95204
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 basis-grotesque-bold.2.11.21.woff2
web.koho.ca/ 27 KB
28 KB 242ms
230ms Font
font/woff2 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/basis-grotesque-bold.2.11.21.woff2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6dcdb5d625307386c2d3b21f8b51c43bfd4683fe073b66e884372cd35710c7a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/index.2.11.21.css

Response headers

cf-cache-status: DYNAMIC
etag: "17627e07a001f770a3f441710f74f61c"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: A07K3tOSWN3kk52rTwjdM4FDKqqUiTNkVrnAoioamsKUE1IIjljxyg==
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: font/woff2
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 8422f3871db2552d4ad0cc9f31e22c2e.cloudfront.net (CloudFront)
cf-ray: 8e18822dedadb40a-YYZ
accept-ranges: bytes
content-length: 27812
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 basel-grotesk-book.2.11.21.woff2
web.koho.ca/ 84 KB
85 KB 261ms
250ms Font
font/woff2 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/basel-grotesk-book.2.11.21.woff2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2103d52c0675d5521296f2d63b86272f03af235df090e52d942d61a376491c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/index.2.11.21.css

Response headers

cf-cache-status: DYNAMIC
etag: "233a9acbdcd1bb6dfd6dcf1038f4550a"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: iI7QBJm7_sI2tutslTDiV_x0V6RMDWJM6gz_LtnfjMU_FKC2tAeQPg==
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: font/woff2
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
cf-ray: 8e18822dedaeb40a-YYZ
accept-ranges: bytes
content-length: 86424
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 basel-grotesk-medium.2.11.21.woff2
web.koho.ca/ 83 KB
83 KB 682ms
672ms Font
font/woff2 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/basel-grotesk-medium.2.11.21.woff2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4253aa4ecd2f7b23e3c0bbf9a69306f0d5dc4c3dffb91dda0f725d457a8e8e13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer: https://web.koho.ca/index.2.11.21.css

Response headers

cf-cache-status: DYNAMIC
etag: "b216e82acb448d23afcac392a1cd3369"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 7tDNpfKBbCjlOrTsG-dXR0uxZXFj4OTBK1RK9C7Jt9MVIYBF_1QV9w==
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: font/woff2
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 de0a592002999100a0085e087a370864.cloudfront.net (CloudFront)
cf-ray: 8e18822dfdb0b40a-YYZ
accept-ranges: bytes
content-length: 84864
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H2 200 122943.ct.js Show response
tag.rmp.rakuten.com/ 36 KB
12 KB 349ms
115ms Script
text/javascript 34.102.147.248
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.rmp.rakuten.com/122943.ct.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.147.248 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

248.147.102.34.bc.googleusercontent.com

Software

Resource Hash

e609fb1c92747ab8b0205b6e00b8a04315b127b0852ec78a56de87542109bcca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000
cache-control: max-age=86400
content-encoding: gzip
x-samesite: secure
via: 1.1 google
x-dyn: 0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-cache: hit
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: text/javascript
last-modified: Tue, 12 Nov 2024 18:15:38 GMT

GET
H/1.1 200
OK yfl6aimao9582uu2.js Show response
h.online-metrix.net/ 97 KB
14 KB 591ms
186ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/yfl6aimao9582uu2.js?zjsllou1r3jxt0nz=2ulrybyx&iyj04fyq5o7u4c8i=cb3109a4-ce34-4974-ba7c-71481acfbf18

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

4e74350f4bf3a2f5efd977d812b0195916bb492c492840a1f717a53d1419f19f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP=IVAa PSAa
Keep-Alive: timeout=2, max=100
Date: Tue, 12 Nov 2024 18:15:38 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-XSS-Protection: 1; mode=block
Server: Apache

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 105ms
104ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=599633800219052&ev=PageView&dl=https%3A%2F%2Fweb.koho.ca&rl=&if=false&ts=1731435337802&sw=1600&sh=1200&v=2.9.176&r=stable&ec=2&o=4124&fbp=fb.1.1731435337122.302895452852309543&pm=1&hrl=e8f273&ler=empty&cdl=API_unavailable&it=1731435337018&coo=false&cs_cc=1&ccs=2036907989775049%2C2042001562539962&cas=7748182168559485%2C2280451298676074%2C2493627267356471%2C1925947637510218%2C2143156675783035%2C1375186855900984&rqm=GET

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=51, rtx=0, c=26, mss=1232, tbw=10057, tp=25, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
192 B 723ms
722ms Image
image/png 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=599633800219052&ev=PageView&dl=https%3A%2F%2Fweb.koho.ca&rl=&if=false&ts=1731435337802&sw=1600&sh=1200&v=2.9.176&r=stable&ec=2&o=4124&fbp=fb.1.1731435337122.302895452852309543&pm=1&hrl=e8f273&ler=empty&cdl=API_unavailable&it=1731435337018&coo=false&cs_cc=1&ccs=2036907989775049%2C2042001562539962&cas=7748182168559485%2C2280451298676074%2C2493627267356471%2C1925947637510218%2C2143156675783035%2C1375186855900984&rqm=FGET

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7436458149490411154"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xa37b2200c77884f5","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"3":["3200228373369739","1933916576659401","1843724245738692"]},"debug_reporting":true,"debug_key":"3079108011183173793"}
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: S6L4la8dZfNzMBaq/yoDGHRolwd6R074501cit2Mb+Bcrls9gALSlgTbUDJa73El3DFDzCZPcXN4TZDxuyWJgQ==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7436458149490411154", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: GOOD; q=0.7, rtt=73, rtx=0, c=28, mss=1232, tbw=11609, tp=32, tpl=0, uplat=606, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H3 200 tr
www.facebook.com/ 0
16 B 107ms
106ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=599633800219052&ev=Lead&noscript=1&eid=

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: GOOD; q=0.7, rtt=51, rtx=0, c=26, mss=1232, tbw=10217, tp=27, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 12 Nov 2024 18:15:37 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
874 B 208ms
200ms Ping
text/plain 23.49.248.20
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MWQ2ODQwNTg2MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.49.248.20 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-49-248-20.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain;charset=UTF-8
Referer: https://web.koho.ca/

Response headers

x-cache-remote: TCP_MISS from a23-220-107-74.deploy.akamaitechnologies.com (AkamaiGHost/11.7.0.1-2fb65fbfa7ad4f98bbb706cf20e2b5f6) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires: Tue, 12 Nov 2024 18:15:38 GMT
server-timing: cdn-cache; desc=MISS, edge; dur=68, origin; dur=21, inner; dur=17
x-cache: TCP_MISS from a23-40-19-17.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
date: Tue, 12 Nov 2024 18:15:38 GMT
x-akamai-request-id: 2b4e6534.2ea76eb
access-control-allow-headers: Authorization,*
x-tt-trace-host: 01548ce5bb41e46e06dc04a924b20010ab8f844e7dbdd5546afacede54e9ffb6bc93af0329ce95c9dd596132ef8ed9a337195337d6278165b678c2710236abcadd3d71e86d4fdcb31cdf4c6b027ea81a01c3d53f99b784d28427928100444ffe7ca8a42078811b04adacc78dc490f4c7ac
x-origin-response-time: 21,23.220.107.74
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
access-control-allow-origin: *
x-tt-trace-id: 00-2411121815383241B6282519A1FC9E76-67C2E3EE3B73EFD0-00
content-length: 0
x-parent-response-time: 29,23.40.19.17
x-tt-logid: 202411121815383241B6282519A1FC9E76
server: nginx

GET
H2 200 controller-with-preconnect-52bb9961886364429336a5e4c538a8fe.html
js.stripe.com/v3/ Frame 1EF5 0
0 515ms
200ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-52bb9961886364429336a5e4c538a8fe.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://web.koho.ca/
Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 28
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 403
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Nov 2024 18:15:38 GMT
etag: "52bb9961886364429336a5e4c538a8fe"
last-modified: Mon, 11 Nov 2024 21:31:20 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 8
x-content-type-options: nosniff
x-request-id: 4cfa4a0d-1246-4bd2-b649-0b320f81b05a
x-served-by: cache-yul1970058-YUL

GET
H2 200 style.css Show response
cdn.equalweb.com/style/ 20 KB
5 KB 155ms
154ms Fetch
text/css 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/style.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.5.6/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afaed7c81302d1a08eef38549fc320ba36f714e366cbfe9ed1a492b98fc51790

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "0777f846fcda1:0"
age: 1238825
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SZO8VyE72GjuhFCgrYotu5R6MS2CbizCZj4l0Uqjt%2FGbFHKq5KAGnudMUnYtAdJr5GknqvRcvfaBs7aaPAV1GnIYEldQM%2FnSv1%2Fl8A%2FNgEA%2F5WcoFYcS8mmeUfZaXdY6Zs%2BPmP6swLliTkjFjdM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21107&sent=26&recv=12&lost=0&retrans=0&sent_bytes=20112&recv_bytes=2441&delivery_rate=413664&cwnd=245&unsent_bytes=0&cid=8044e039ed513968&ts=344&x=0"
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: text/css
last-modified: Sun, 01 Sep 2024 08:14:30 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: CA
access-control-allow-credentials: true
cf-ray: 8e18822ffe86439f-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4154
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 btncolor.css Show response
cdn.equalweb.com/style/ 105 B
689 B 152ms
152ms Fetch
text/css 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/style/btncolor.css

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.5.6/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "3f26cd3dfbc1d41:0"
age: 1238825
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EJXqcnBPqKTPQFxNI%2B460OtPTM2l5bzX2zZ6rTTRMj7bf%2ByW%2FxqZByYXs9rILbjTvu8vMZOkJjt3%2Bmu43d%2FoHmw0JV39wNMaBj6aAV%2FIy3e5cxlG9KLdEnjkAFFiHGBaEbG1X5EYeHQJqVDzDno%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=21107&sent=23&recv=12&lost=0&retrans=0&sent_bytes=19357&recv_bytes=2441&delivery_rate=413664&cwnd=245&unsent_bytes=0&cid=8044e039ed513968&ts=336&x=0"
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: text/css
last-modified: Mon, 11 Feb 2019 11:16:31 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: CA
access-control-allow-credentials: true
cf-ray: 8e18822ffe88439f-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 201
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 en.json Show response
cdn.equalweb.com/assets/locale/ 810 B
859 B 448ms
447ms Fetch
application/json 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/locale/en.json

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.5.6/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"f45920b9fc61d71:0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gVm0fP%2FyYHFghKpXRSnvXRjbplWhOeMB7ojfHfwLCBTFqUA3c8u6t6Ncyl6L4QY5pE3s%2BzE4XaHEEl40aFbAcs%2FXO4gft%2Fpsb%2BbkpzeV2OSe6N7Bj2Y3ASSLSNZTwytWZYWH8wePL7PSeSokrGM%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=20373&sent=34&recv=14&lost=0&retrans=0&sent_bytes=24869&recv_bytes=2441&delivery_rate=582849&cwnd=245&unsent_bytes=0&cid=8044e039ed513968&ts=684&x=0"
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/json
last-modified: Tue, 15 Jun 2021 15:40:09 GMT
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: CA
access-control-allow-credentials: true
cf-ray: 8e18822ffe8a439f-EWR
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 classManager.js Show response
cdn.equalweb.com/assets/scripts/ 2 KB
2 KB 458ms
86ms Script
application/javascript 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/scripts/classManager.js

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.5.6/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4abc6dae982d098d315efd0bfa7fa88afe40438acf7a540cc2fce38bc50cb39f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "6c55a6848d0da1:0"
age: 387352
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eMuh7VEp%2F0qXQbwB7JwbJZZkXMIpsdKf%2Fr9AZOg4nqrMpS%2FgPJfnI7%2BbUzhkgSM2uZbbUH0Nvc5GcccnZR56BX4oUbWj1VAYD410zrlYAQQtKJFtKVteTAjSItBWMczLl0Mjdr%2B%2FKY9unPI0%2Foo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=18263&sent=6&recv=6&lost=0&retrans=0&sent_bytes=3989&recv_bytes=2147&delivery_rate=230534&cwnd=253&unsent_bytes=0&cid=45747241aba1ddb5&ts=213&x=0"
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/javascript
last-modified: Sun, 07 Jul 2024 08:31:16 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: CA
access-control-allow-credentials: true
cf-ray: 8e1882324ccf4345-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1068
x-xss-protection: 1; mode=block
server: cloudflare

GET
H3 200 index.2.11.214.js Show response
web.koho.ca/ 8 KB
3 KB 360ms
359ms Script
text/javascript 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/index.2.11.214.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d0d0a45ad5a5bae2fedefe30ac303d8f82726e54123045dabe70d60a80e525a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"881b0342be61c255577920dd4783f474"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: ZzcgUJUGQYO7SjHmLvxHsGn61VAIUb9_oU1SCh1Kd4cOQpkVhxZHIw==
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 8422f3871db2552d4ad0cc9f31e22c2e.cloudfront.net (CloudFront)
cf-ray: 8e188230089ab40a-YYZ
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 is-plan-event-enabled.2.11.21.js Show response
web.koho.ca/ 196 B
558 B 360ms
360ms Script
text/javascript 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/is-plan-event-enabled.2.11.21.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ba5f3edb2c2e41a487f3791abd280e5f8bd70490535bf54d72dd503038223c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"6b92d2824c457cbb780e697b7c210622"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: yenYZV5C-y0Pa1TiXuODlec9mbpJ8K3wjldYCXTCIzPxHuEmZYMqWw==
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 ae7bbb23871eba9dda7f1abdc6bacfa0.cloudfront.net (CloudFront)
cf-ray: 8e188230089cb40a-YYZ
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H3 200 /
solve-widget.forethought.ai/ Frame 36F7 0
0 381ms
160ms Document
text/html 2606:4700:310c::ac42:2f51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://solve-widget.forethought.ai/?v=2

Requested by

Host: solve-widget.forethought.ai
URL: https://solve-widget.forethought.ai/embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f51 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://web.koho.ca/
Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-transform
cf-ray: 8e188231ccfe0f6c-EWR
content-type: text/html; charset=utf-8
date: Tue, 12 Nov 2024 18:15:38 GMT
etag: "e970719e967fe0d5c4df3a71b8cceb0c"
link: <https://solve-api.forethought.ai/>; rel="preconnect", <https://static.cloudflareinsights.com>; rel="preconnect", <https://cloudflareinsights.com>; rel="preconnect"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqBH20Csevtk%2B2e9hCIoWuXX9%2F%2FeUzoHmudUBca%2BrVAS0yrCt7mr77d%2BNk2gP2jOF4TxJdxi9mj7ESiFlL9F6oJ6%2FdtfA7hRoOytseGq2g8xn95LxJ%2FxO7fg964V2TnN3dBgcEMgh9hJP6Utalds0gncEA8tRAq8gnI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=172171&sent=10&recv=7&lost=0&retrans=0&sent_bytes=4100&recv_bytes=4275&delivery_rate=19643&cwnd=12000&unsent_bytes=0&cid=3aaa955d0725aaa4&ts=211&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H/1.1 200
OK oIJvWfcqJc2JGKOS Show response
h.online-metrix.net/ Frame B9B1 581 KB
111 KB 126ms
123ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d

Requested by

Host: h.online-metrix.net
URL: https://h.online-metrix.net/yfl6aimao9582uu2.js?zjsllou1r3jxt0nz=2ulrybyx&iyj04fyq5o7u4c8i=cb3109a4-ce34-4974-ba7c-71481acfbf18

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

cfe509d14ea02466f2fffec040bea6f9192d8cd539f11cb59d491258d7771d7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

X-Robots-Tag: noindex, nofollow
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Date: Tue, 12 Nov 2024 18:15:38 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
tmx-nonce: abbf13a37184065d
X-XSS-Protection: 1; mode=block
Server: Apache

GET
H/1.1 200
OK Wkd8agbWVv0J-tkv
h.online-metrix.net/ Frame B9B1 81 B
474 B 346ms
91ms Image
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/Wkd8agbWVv0J-tkv?9f5bdf9524a26634=bUJJXeTR8qiU5i1jbuLkRlZVm7MJSPhfsUvCDFD0-I4h0dWoVagUdc-6x8obpFjEXwrlGoNOzrjxYGwk7zIp-tRdSkCb7Ko48CmJE6LRf1-7Ks1yBn3mapaRGvQm46LZfAsLN06KYbq4mZPM63htbXoq4t6nZWSMlIupOac

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=98
Date: Tue, 12 Nov 2024 18:15:38 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Server: Apache

GET
H/1.1 200
OK xYBbFXWFjDwWIU42
h.online-metrix.net/ Frame B9B1 81 B
475 B 481ms
198ms Image
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/xYBbFXWFjDwWIU42?00d36ab04805c53a=FM4qSpMg6EKVuQshmrV-NKQXvHjDoUEr3oxQm8Yx5r9fFfZRRP9u3YYTy5CivihUGNoUVu1wXXkW8Yg_QLYVkUxZsMX3Blwg2E52DtE5OYOeCN9ljaFihaE-Nom4YkA9bUV1c6k8d4BqYDGZf9uSNKdOY_lRmpOTXRl_0OU

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Date: Tue, 12 Nov 2024 18:15:39 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Server: Apache

GET
H2 200 eyJrZXkiOiJhbm9ueW1vdXMtYiIsImFub255bW91cyI6dHJ1ZX0 Show response
app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/ 671 KB
287 KB 41ms
40ms XHR
application/json 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/eyJrZXkiOiJhbm9ueW1vdXMtYiIsImFub255bW91cyI6dHJ1ZX0?h=5e7a2804c17b3b552f3cc07ea2daf3ec7fb341ae133bccb4cfdd33f7839a9192

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fc36771e1d569fdbeb8c1010b63cd457a65717efcb67dee7a7a222ded7022ed2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
Referer: https://web.koho.ca/
User-Agent: this request as been triggered by a human from a costum script.
X-LaunchDarkly-User-Agent: JSClient/3.1.4

Response headers

access-control-max-age: 300
content-encoding: gzip
etag: "3033d_7KI3CaBfTAdQ8d2g4VykzQ==b"
age: 0
access-control-allow-methods: GET, OPTIONS, HEAD
x-cache: HIT
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: application/json
x-served-by: cache-yul1970047-YUL
x-cache-hits: 1
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding, Authorization
cache-control: max-age=0
x-timer: S1731435339.697700,VS0,VE1
ld-region: us-east-1
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 293200

OPTIONS
H2 200 eyJrZXkiOiJhbm9ueW1vdXMtYiIsImFub255bW91cyI6dHJ1ZX0
app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/ Frame 0
0 59ms
58ms Preflight 151.101.194.217
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/eyJrZXkiOiJhbm9ueW1vdXMtYiIsImFub255bW91cyI6dHJ1ZX0?h=5e7a2804c17b3b552f3cc07ea2daf3ec7fb341ae133bccb4cfdd33f7839a9192

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.194.217 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: GET
Origin: https://web.koho.ca
Sec-Fetch-Mode: cors
User-Agent: this request as been triggered by a human from a costum script.

Response headers

accept-ranges: bytes
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods: GET, OPTIONS, HEAD
access-control-allow-origin: *
access-control-max-age: 3600
age: 0
allow: GET, OPTIONS, HEAD
content-encoding: gzip
content-length: 23
date: Tue, 12 Nov 2024 18:15:38 GMT
ld-region: us-east-1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 7
x-served-by: cache-yul1970047-YUL
x-timer: S1731435339.638151,VS0,VE0

GET
H3 200 index.2.11.216.js Show response
web.koho.ca/ 1 KB
1003 B 77ms
77ms Script
text/javascript 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/index.2.11.216.js

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66ac6d4756e08768ca97702b58f1d4d8a849f2a424d5cac7cdb226d5aaf73969

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Origin: https://web.koho.ca
Referer

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"5c329a1b6e1c2984a7e6f8aaa9c8f807"
age: 345452
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: aObTmGJ9TW5x7N4si6JEo4khi2xa71hMR9IAbeRxvfYVQLHlWuwW4A==
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
vary: Accept-Encoding
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 192b5dfe0d3306c6761973a7786a01d4.cloudfront.net (CloudFront)
cf-ray: 8e1882328b82b40a-YYZ
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H2 200 7.svg Show response
cdn.equalweb.com/assets/images/ 2 KB
2 KB 104ms
103ms Fetch
image/svg+xml 2606:4700:20::681a:c5f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.equalweb.com/assets/images/7.svg

Requested by

Host: cdn.equalweb.com
URL: https://cdn.equalweb.com/core/4.5.6/accessibility.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:c5f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' ;
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"7c8f42d46748d51:0"
age: 551586
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LdTrhPcSrK6AxH%2Bzwdj8eGPzBABmQ7kUnqlqu%2B1nKHlXA7qOS4%2FTJW0Z8PYzi967OOaxxLj6rYW7FPkSoow990ByBUs%2FCBJcqZgfMCZpeIQ2yEGlITbMImoh2ir75uM4xmzme6Z0GI%2Ba%2FLvWwl4%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-content-type-options: nosniff
server-timing: cfL4;desc="?proto=TCP&rtt=26369&sent=37&recv=17&lost=0&retrans=0&sent_bytes=25794&recv_bytes=2506&delivery_rate=582849&cwnd=245&unsent_bytes=0&cid=8044e039ed513968&ts=836&x=0"
date: Tue, 12 Nov 2024 18:15:38 GMT
content-type: image/svg+xml
last-modified: Thu, 01 Aug 2019 12:51:25 GMT
vary: Accept-Encoding
x-frame-options: deny
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: default-src 'self' ;
cache-control: public, max-age=2204800
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-client-country: CA
access-control-allow-credentials: true
cf-ray: 8e1882330bb1439f-EWR
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 amplitude.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/amplitude/3.3.3/ 9 KB
4 KB 251ms
64ms Script
application/javascript 13.249.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/amplitude/3.3.3/amplitude.dynamic.js.gz
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.86.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-86-140.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bc4ae72d43593c2fc59ead95f45eb0c3b02cd465fd427b3fff5224e476d26259

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "41d391d5b119fb8c4fe6edd0c6fc1d21"
x-amz-version-id: dPEAOL7ExjtccGMMvRthKStk2d2FNhP0
age: 1681494
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: OW-p-u1P7i8HbXtgmvWEO9-ubEuTBipuZMk8cPZmtqsQSZPowQUq9g==
date: Thu, 24 Oct 2024 07:10:45 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 11:20:16 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 4b6b5023747759b0047c5cbc8d742cea.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3181
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 google-analytics.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/ 16 KB
5 KB 253ms
67ms Script
application/javascript 13.249.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.86.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-86-140.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "6a3ed21f9b6777c0c37e6e248ea22387"
x-amz-version-id: jiinLnhNKtSMsrpHvOzN4SxprXBvOKZw
age: 1048849
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: sbKuohQ7qv5Aoac9zqVqNwfzaQlEhGWeqWmueYM9dFCeEd2yYSiTtA==
date: Thu, 31 Oct 2024 14:54:50 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 11:20:16 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 4b6b5023747759b0047c5cbc8d742cea.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 4743
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 google-adwords-new.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-adwords-new/1.3.0/ 4 KB
2 KB 249ms
64ms Script
application/javascript 13.249.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-adwords-new/1.3.0/google-adwords-new.dynamic.js.gz
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.86.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-86-140.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9f81fd8f16f2252dd378308c71da6fd438e247d2c6180e2bd08a9d561ef7b8a3

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "d151cb0874ed5e13006e5f38364ec01e"
x-amz-version-id: 50GbVpHZ19NOunOEU325.PDgwzIvWSGq
age: 2866530
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: yIiEccpSHihss9t7H2NpCmwsltOoIq55mDmn9U11k6abWvPyptDB1Q==
date: Thu, 10 Oct 2024 14:00:09 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 11:20:16 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 4b6b5023747759b0047c5cbc8d742cea.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1655
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 google-tag-manager.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 3 KB
2 KB 254ms
69ms Script
application/javascript 13.249.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.86.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-86-140.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "a2b1aa1a0e402b1f891c929f94449d47"
x-amz-version-id: bdsEH.0LgrjWd4kHDEZQV0GazYAEKsCs
age: 4233599
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: aPxP1NGfXibI9utm85IIKuy_xS_tJ3JklwaBtPt4Fqz0Whw2rQ8ZJA==
date: Tue, 24 Sep 2024 18:15:40 GMT
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 06:57:15 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 4b6b5023747759b0047c5cbc8d742cea.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1343
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 linkedin-insight-tag.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/linkedin-insight-tag/1.0.1/ 2 KB
2 KB 252ms
67ms Script
application/javascript 13.249.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/linkedin-insight-tag/1.0.1/linkedin-insight-tag.dynamic.js.gz
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.86.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-86-140.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 36f9bf7f4514edb409609f496bb668dcf33cbaa9f6a3219663f631014c726a97

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "e3b346a4f0b35b7ff884730f4c61cd2e"
x-amz-version-id: 4544XQIIliknDYyrlwjp.x__lsO5lWly
age: 1048849
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: HRDpNXetni1NNxF0D1LYtW4wO0LiEhcEvBgCDNuNvYAsbhvr8q1Vlw==
date: Thu, 31 Oct 2024 14:54:50 GMT
content-type: application/javascript
last-modified: Tue, 01 Oct 2024 11:20:16 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 4b6b5023747759b0047c5cbc8d742cea.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1062
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 p Show response
api.kohoanalytics.ca/v1/ 21 B
180 B 616ms
377ms Fetch
application/json 2606:4700::6812:1ef6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.kohoanalytics.ca/v1/p

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1ef6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain
Referer: https://web.koho.ca/

Response headers

x-amzn-remapped-content-length: 21
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, POST, OPTIONS
x-amzn-requestid: e72c0545-4886-4685-9ba0-0338c75e7306
date: Tue, 12 Nov 2024 18:15:39 GMT
content-type: application/json
vary: Origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000
x-amz-apigw-id: BJUz0HG3vHcEIVg=
x-amzn-remapped-date: Tue, 12 Nov 2024 18:15:39 GMT
x-amzn-trace-id: Root=1-67339b4b-2d70818972e9cad047af1516;Sampled=1;Lineage=1:ef50223c:0
access-control-allow-credentials: true
cf-ray: 8e188234af0b42c6-EWR
access-control-allow-origin: *
content-length: 21
server: cloudflare

POST
H2 200 p Show response
api.kohoanalytics.ca/v1/ 21 B
461 B 595ms
362ms Fetch
application/json 2606:4700::6812:1ef6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.kohoanalytics.ca/v1/p

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1ef6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain
Referer: https://web.koho.ca/

Response headers

x-amzn-remapped-content-length: 21
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, POST, OPTIONS
x-amzn-requestid: 86b8b125-fb4b-4117-bbc4-9f0aae1879b2
date: Tue, 12 Nov 2024 18:15:39 GMT
content-type: application/json
vary: Origin
access-control-allow-headers: *
strict-transport-security: max-age=31536000
x-amz-apigw-id: BJUz0E_TPHcEbyQ=
x-amzn-remapped-date: Tue, 12 Nov 2024 18:15:39 GMT
x-amzn-trace-id: Root=1-67339b4b-786cbe131164b65d62a7e556;Sampled=1;Lineage=1:ef50223c:0
access-control-allow-credentials: true
cf-ray: 8e188234af0c42c6-EWR
access-control-allow-origin: *
content-length: 21
server: cloudflare

GET
H/1.1 200
OK pNhg4flgDriZiQO5
h.online-metrix.net/ Frame FA76 0
0 408ms
107ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/pNhg4flgDriZiQO5?0ef8a75cc9374bd9=6FMwjMN-awqwI0JJix5oUcsog4lY7Vfj62WHN0ifz4Vl2Z1Ef2pbeG6Z1wyIzzUskmKCAgQ9t2KlJ8h0QPYVEPAZN3hyuMy9RIM8G9zTXV1jxRC2fCao9OjJOTILYkfpE7lm5TqBS_3pVsY6E1-rm40TVuo&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx

Requested by

Host: h.online-metrix.net
URL: https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://web.koho.ca/
Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Language: en-CA
Content-Type: text/html;charset=UTF-8
Date: Tue, 12 Nov 2024 18:15:39 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-UA-Compatible: IE=Edge
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clear.png Show response
h.online-metrix.net/fp/ Frame B9B1 81 B
527 B 451ms
166ms XHR
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/fp/clear.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Accept: */*, 2ulrybyx/abbf13a37184065dcb3109a4-ce34-4974-ba7c-71481acfbf18
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: private, must-revalidate, max-age=0
Etag: 6e85bcb11fa2491ca7bf3b3ef10b34b8
Connection: Keep-Alive
Expires: Sun, 11 Nov 2029 18:15:39 GMT
Access-Control-Allow-Origin: https://web.koho.ca
Content-Length: 81
Keep-Alive: timeout=2, max=100
Date: Tue, 12 Nov 2024 18:15:39 GMT
Last-Modified: Tue, 12 Nov 2024 18:15:39 GMT
Content-Type: image/png
Server: Apache

GET
H/1.1

200
OK

EDXrTgFW2I1oCuZB Show response
h.online-metrix.net/ Frame B9B1
Redirect Chain

https://h.online-metrix.net/EDXrTgFW2I1oCuZB?90ab5eb87baebee0=MmnTLyHbeIwLvQDBPGxBun9pf9nqRfU_Y1cpZ73LCfup6isbXs27N_VY8ghNlwVRUx19cVnLcz0SlzVfc7M3HDegk3hm06ckMmrH5B7VJZozCNQizkoX5HcfUGpMIOadTc4e9AN...
https://h.online-metrix.net/EDXrTgFW2I1oCuZB?65484beb992d4d59=MmnTLyHbeIwLvQDBPGxBun9pf9nqRfU_Y1cpZ73LCfup6isbXs27N_VY8ghNlwVRUx19cVnLcz0SlzVfc7M3HDegk3hm06ckMmrH5B7VJZozCNQizkoX5HcfUGpMIOadTc4e9JS...

0
398 B

98ms
97ms

Script
text/javascript

192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/EDXrTgFW2I1oCuZB?65484beb992d4d59=MmnTLyHbeIwLvQDBPGxBun9pf9nqRfU_Y1cpZ73LCfup6isbXs27N_VY8ghNlwVRUx19cVnLcz0SlzVfc7M3HDegk3hm06ckMmrH5B7VJZozCNQizkoX5HcfUGpMIOadTc4e9JSWIfqOeAypR5hPlwR945k&k=2

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

HTTP/1.1

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=99
Date: Tue, 12 Nov 2024 18:15:39 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript
Server: Apache

Redirect headers

Strict-Transport-Security: max-age=31536000
Location: https://h.online-metrix.net/EDXrTgFW2I1oCuZB?65484beb992d4d59=MmnTLyHbeIwLvQDBPGxBun9pf9nqRfU_Y1cpZ73LCfup6isbXs27N_VY8ghNlwVRUx19cVnLcz0SlzVfc7M3HDegk3hm06ckMmrH5B7VJZozCNQizkoX5HcfUGpMIOadTc4e9JSWIfqOeAypR5hPlwR945k&k=2
Connection: Keep-Alive
P3P: CP=IVAa PSAa
Content-Length: 0
Date: Tue, 12 Nov 2024 18:15:38 GMT
Keep-Alive: timeout=2, max=100
Server: Apache

GET
H/1.1 200
OK LKmLHQM5yTxn1B7k
h.online-metrix.net/ Frame 21C0 0
0 448ms
160ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/LKmLHQM5yTxn1B7k?89341072228e4701=KkIu5FajApXECn_0DzXtRa36Vm9SOgIAhzwudOWavgmrZqnir2MUq0i5VAubhchtE3eQd9xwGCbSXPPStVbvlnjtK7-Y8PmvZ8Hfp11p5Tf68v4ozbcPqbz55lVKgV9Z9k4afDIgFP5vc-3WhZaPt_F3huagI31p0TpjVFGZ35IRlkGDHu8aXrowVRKzFLnTYfKfCaH-QacFWFJm8VI

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://web.koho.ca/
Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Tue, 12 Nov 2024 18:15:39 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK V2UwGh16G9S-i7e6 Show response
h.online-metrix.net/ Frame B9B1 0
398 B 107ms
91ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=97
Date: Tue, 12 Nov 2024 18:15:38 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript
Server: Apache

GET
H/1.1 200
OK YElE8Igjzu6Mp8Bg Show response
h.online-metrix.net/ Frame B9B1 134 B
655 B 198ms
98ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/YElE8Igjzu6Mp8Bg?dcf4a0132c0279a3=bM_Rr-aVLSo6gpBEtL9p6zLTh9iHQFzSSI1eXKgDqvSKmyhX1uihpP7jaG5kSUlGQy90LBOEUMffG_S8iqr_q0Z6eeBwVxDz7drdiq6ddpSqyxJ0LwmhesrxEdRGcRKnFl2vGTkx24YyNaA2PYC0SA

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

fc73ec523601cbd33cbc6f2d16986d1cdd77b9ea49cbe1c4b6f4cf3919c221e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Date: Tue, 12 Nov 2024 18:15:39 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Server: Apache

GET
H/1.1 200
OK aGgtLl5DlGlMaOZc
h.online-metrix.net/ Frame 4739 0
0 464ms
165ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/aGgtLl5DlGlMaOZc?c29409651a0537fb=_HDxp0ZAOJc0S6KLTxp-gGPSFl_RVK3ZMATP_Wgqzny_SxL-nwW0Tz-iHJb0oiyEDIbp5Kjy-ppx_6yeAwDVKvELwA6dLGH4MdAXJKQ1yVp02yRRr0f_pYj0dwDhMGzs_4lv4b3FOJFqAC_1DBXtCFTIz99JZ1M8-nuxvDQ7cadNedaiHgipHIKu4Gemw943CeffSDuwyL0H2h_nJzuq

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://web.koho.ca/
Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Tue, 12 Nov 2024 18:15:39 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=100
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sf_NB3mUg9nS9qIB
h.online-metrix.net/ Frame ADFF 0
0 406ms
111ms Document
text/html 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/sf_NB3mUg9nS9qIB?eeed82627e03d91a=Y-8fBysQyqpF51yX3BWokzhQ2kaheA8C43dCJnlUHcPsLyVCyCkcvYqU7FDHwQNUHVZBxR5riTlgPKDSivNMzD93EWByNNNTBrOXe9x0RKLskKylYy-Kh8LYEV8Mx1_V2PrIJUNXyJ8Fwp3_wlMDF01rZSOsGFJGN4ot2-BW-fWZ9DVBvIMAZ8uxr_Reh-8KsIHaSZMD7F80nEoy-vq3

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://web.koho.ca/
Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive, Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=UTF-8
Date: Tue, 12 Nov 2024 18:15:39 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Pragma: no-cache
Server: Apache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow
X-XSS-Protection: 1; mode=block

GET OGL_WTLcl9r0PaVq
h64.online-metrix.net/ Frame B9B1 0
0

GET
H/1.1 204
204 V2UwGh16G9S-i7e6 Show response
h.online-metrix.net/ Frame B9B1 0
218 B 383ms
298ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/V2UwGh16G9S-i7e6?c3e42a2fba6e2a38=kvZ8xkJ5hgUwOdNv2HxidsJ677dk8KOPt6mfRXSmI9ldGb2P4ZuSDHbk84Q6MWcwP737Rbgo8NVLb2Jj05h5sar9G83qoW-h7kUxLMFwLButc7mO7B7UwdUjghki6-aSPi33uVpwNV2F0xqrrCn0oaIW_xI&ja=333b3a35262e633d2536383226723d3e32266e3f313432387a313238302663643f333638327a333230382673707b3d343338783e31302e6670703f392e313638302c333032322c393432322c313a3030243336323024313a32302433363232243332383d2c3631322e343338246f763d323f6635396633333431653e60663a323960343e60643330376232636431633c246f6c3d322e73636c3f3236266468356a747c72732731492732462d32467567602c6b676a6d2c63612d32467a67676b737c72697669676c2530446166656e7c69747b24726e3d3d24726a3d653030326c646137353d313131663c6762673a313b33656a34613b3b303b306c246a6a3d336d37353d323931303e356d3b3131366561323f63333631663932676763386a2468716f3d44696e7d7a2668736775354e6966777824687b60753d4b68726d6f67246e60613f33362666646d353a266c6d7c703532267c78643f43656772696b6125304454636e6b6d777465722e6d617c6a723f3438303b66316b30626761383065366b63353432323a326966333735343831666c36353a3839343966366d636130366c61393469666266353031313b333b3461266c723d60767472732d334927324e273244756d602e6b67686f2c616327324e70676569737c72617c6b6f6c253a46616665667669767b2e723d706475676b6c5d646c69716a2735456e616c7b6721726c7d67616c5f7f6b6e666d7f715f6d6d6469635d726e617167702735456e616c7b6721726c7d67616c5f69666f6067576363726762617627374766696e71672170647567616c5f7375616363766965672537476e636c736d21706e77656b6e57716a6d636b7f61766d27354766696c7b6721786e75656b665d7265696c706e637b67722d374764616c7b6521786e756569665f7e6e6357726c637b6d7025354d66616e716723706477656b6e5f6c6576696e7670253d456e636c7b6721726e7d65696e577376655d746b657f67702735456e616c7b6721726c7d67616c5f62637663273d47666164736524656e5d6335756760676c5f65624f4e253030392e382732382a4f726766454c253a3045512730323226322730304360726f656b756f295f656a454c2d3030454e5b4e2532384553273032332e38273032284f78656e4f4e2530304d532d30304f4e534e273a3245532d3230332c32273238416a706f6d61756d215565604b61745f6762436b742730385565624f4c414c454e475f616c7176616e6b6564576372706171732d31422d3030475a5c5d626c6d6e645d6f6b6c6d697a273142253a304550565f616c617057616f6676726d6e2d3142253a30455a565d616f646d705d62756e66657a5d68636c6e5f6e6e6f69762531402d30304550545f666772766857616e636d702d33422d303047585c5f6e6e6f69765f606e6d6c64253b42253032475a5457647063675f6c65707c6a2531422d323847585c5d706d6e71656f6e576f66647167765f6b6e636f70253b42253a32455a5457736063646d705f7667707675726d5f6c6d662731422d303247585457746570767570655763676f707a6773716b676c5f62787463273140273238475a565f746d78747d70655d63676d7870657b71696d6c577067746b2533402730324550565d7665787c75726d5d666b6c7c657a5d61666b736d767a6d70696b2533402730324550565d7665787c75726d5d6d6b727a6f7a5d6364636d725d7c6d5f656c6765273140273238475a565f735a47422d31422732384f4d515f6d6e656f6766765f696664657a5d776b6e7c2731402532384f455b5d66606f57726d6c646d705f6f6b786f61702d33422730324d455b5d7176616e6c61726c5d64677261766976697e677327314a2732304745535d76677a747d70675d666c6761742d31422732384f4d515f7c677876777a675f66646f61765d6e6b6e6d63702733422d32304747535d746d787c77726d5d68636e6e5d666c6761742731402732384d47515f746d78747d70655d68696c6e5d66646d61765d646b6e6569722531402730304747515d76657a7465705d6170726979576d6262676376273b40253238574540454e5d63676e6d705f627d66666d705f646c67617c27334a273232554d40474c57636f6f727067737b67665d74657074757a675f63737c632d31422d303055474a454c5f6b6f6d72706771736d665d7665787c75726d5d6576632d334a27323855454045445d636f65707267717167645776677a74757a655f6d766333253b422d30305f4742454e57616f6d787265717167665f7c677a7675726d5f733b766327334a253a32574d40474e5d6b6d6d707a65737167665d746d7a767772655773337c615f71726f622d31422d303055474a454c5f6c656277655d706566666770657257696e6e6d2531422d323855454a454c5d666d60756757736863666770732d31402732305f45424f4e5f66657874605d746d7a7477706d2733422d3230554740454c57667063775f6a75666e677271253b422d30305f4742454e576e6f736d5f636d6c7667787c27314025323857454a454c5d6d7d6c7c6b5f6c706175273b40253238574540454e5d70676e7b656f6e576d6f6c673134266f6c576a3d3034663161303661383f3162363a6763643036343b61643c61376a3763343030623063643d373134247f656c7635496e76676e2732384b6c612e267f676c7a3f496c746d6c2d303041706971273a324f706d6e474e2730324566656b6c65266b63643533&jb=3a3a246c7135746861712530307a657977657b7625303269712532386265676c2730307c706b6567657a65642d303060792d323863253a3268776f696c25323866726d6f27303069273032636f7b747565273232736b7261727426

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=96
Date: Tue, 12 Nov 2024 18:15:39 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

GET
H/1.1 200
OK d3rfnGYFheUB-693
2ulrybyxacxpl7ce4qzlyr62rfeeeqn7raawf3ftabbf13a37184065dsac.d.aa.online-metrix.net/ Frame B9B1 81 B
438 B 801ms
227ms Image
image/png 192.225.158.3
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://2ulrybyxacxpl7ce4qzlyr62rfeeeqn7raawf3ftabbf13a37184065dsac.d.aa.online-metrix.net/d3rfnGYFheUB-693?90503a98e41bcd9f=Hp1dLX0Hk1efCEjCxrZKZhTIENJcCAAzHOo1L0kRY15jbyUb83uXNI6v1UYIKm79yhbZJCdhZAeXeXGACDLTICNI-QnKzImRGzugP-nAtr558zjphcNbqlYiPIb3FGcpwzlOxKWbsl1FeYw5onhSptpfbqH4L47L_Xn4

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.3 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: close
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Date: Tue, 12 Nov 2024 18:15:39 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png
Server: Apache

GET
H/1.1 204
204 Pl1cg6XLu6K8M6V0 Show response
h.online-metrix.net/ Frame B9B1 0
218 B 101ms
100ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/Pl1cg6XLu6K8M6V0?4a3b48c57dfbba3a=Gd1WuJ3Uf3BQoUKXZfhGp68cwPEc565g9wbZD70QJNjWLNdGbDiYoMVUt5zioBRBfnPuLmOIIU0AEzWIc52Ney_kPsj4kAimZH8wuutgL-zf585UiLG8mAbIRHGoZyDWPqEEqaO-2PdOXKQRc-np_30s1BPjviwYHDhMK_v3FzqG9uW98KWLlril3D0SLXNGcBlIokMrfhx1ke_aTbQ&jac=1&je=3a3624266d6d6468352a3327324b312d30433b273241306d6332666b346661346335393d333a3635643139393a323534656b626a36343c30613737386735613139363b633533383a3a603164653e33333a63623a326d29

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=98
Date: Tue, 12 Nov 2024 18:15:39 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

GET
H/1.1 204
204 Pl1cg6XLu6K8M6V0 Show response
h.online-metrix.net/ Frame B9B1 0
219 B 93ms
93ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=100
Date: Tue, 12 Nov 2024 18:15:39 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

GET
H2 200 commons.a61d7bea37d2de5d4b69.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 70 KB
22 KB 46ms
46ms Script
application/javascript 13.249.86.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.86.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-86-140.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

access-control-max-age: 3000
content-encoding: gzip
etag: "c467a63b2e7c3a99be423ace649014d8"
x-amz-version-id: aAixXKmCEkR1rfYrRzV2.EPYhnGmH0W2
age: 4051742
access-control-allow-methods: GET, HEAD
x-cache: Hit from cloudfront
x-amz-cf-id: F8HeEZwG_rIji2x8vrXICIIIwAFPvUH45Mjf_fqqXgqmE79QwLljAg==
date: Thu, 26 Sep 2024 20:46:38 GMT
content-type: application/javascript
last-modified: Thu, 08 Aug 2024 06:57:13 GMT
cache-control: public,max-age=31536000,immutable
via: 1.1 4b6b5023747759b0047c5cbc8d742cea.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 21911
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 204
204 Pl1cg6XLu6K8M6V0 Show response
h.online-metrix.net/ Frame B9B1 0
218 B 101ms
100ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=97
Date: Tue, 12 Nov 2024 18:15:39 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

GET
H/1.1 204
204 8bKruQP04jZMvgJQ
h.online-metrix.net/ Frame B9B1 0
400 B 166ms
165ms Image
image/png 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://h.online-metrix.net/8bKruQP04jZMvgJQ?9f695b1668f70a50=8WkZYqkiG0ywFYsSCYUylwjoLplcJ6k2fQHpZpkBVTdAxnSR5qR8HttZjbcjrMRQ-Nty5ySUgridxMGKm-gEpca397JKHxfplxBoL34MfqUZKjJQHxHDBWN46drsOG4Vifq6M8Sry6gdbVt53s5INTkJbpDxhJryU5wKgpo9YDRjmF7OUpHvowFImRjrzlT1oluiaxKZTqIs-sVvlU8&jf=363336267361645f7a6c643f746c725748794b346f77514646435347657335442471696c5d666374653531373b333431353b3331247361665f767b78673d776d623a67616671612e716b665f6b6d793d3b32353b3338313b3236383532633a3e3638636d336432303233303e323a3061383e34386b673366303b30393237383134303238323463386233363b3137363a31633b64393861306c353331383c313830653c67376360383162646c356235676037663e34636436653b38656a676163666b306e33653f363067646c32353631396564333231393d64603230363861363b353432383a6130366238376261336e3037306e3237313a36673230633a6133656931353d322671696c5f7b6b6735313036363830323039376634363732643032323330633130336c33313a3639333f60356a313736353e6466646a393531636630353961326730313f37363b3b3834666a386d333239323230323d3738346b64396332303a61693a613331366a636330613932633b613b343830356561313f6366383c62653b60673a633133353033633865383b636163383a372e71696e703d32

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=95
Date: Tue, 12 Nov 2024 18:15:39 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/png;charset=UTF-8
Server: Apache

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 291 KB
100 KB 347ms
161ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-902961551

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2d1c917bc1057c5b58233e89e416e18ab22b68681d576bbff86fcd381d626ffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 12 Nov 2024 18:15:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:15:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 12 Nov 2024 18:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 101402
x-xss-protection: 0
server: Google Tag Manager

GET insight.min.js
snap.licdn.com/li.lms-analytics/ 0
0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 317 KB
107 KB 429ms
245ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KGDFZD8&l=dataLayer

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

03d2e97aa12b5fe63ab7d32b0f34a377ea162a7f800d4e3616bda7552a1afdc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 12 Nov 2024 18:15:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:15:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 12 Nov 2024 18:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 108720
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 amplitude-5.2.2-min.gz.js Show response
cdn.amplitude.com/libs/ 54 KB
18 KB 361ms
160ms Script
application/javascript 108.139.29.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-53.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2173f130ca59dc5554498343432f02f92ecce45c4f9381ea12b203a2978f33d4

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
etag: "b568e7b3c9d94da6a1d4845b18400f7a"
x-amz-version-id: aZB1RIRJqET7nosqRtOBVideRuh0jIV6
age: 5217
x-cache: Hit from cloudfront
x-amz-cf-id: huThBKmOir177TDIpfK8LaqgIMaTyl6pVeEXRAe6BNSmBqmY2eq-Rg==
date: Tue, 12 Nov 2024 16:48:43 GMT
content-type: application/javascript
last-modified: Mon, 21 Oct 2019 15:45:34 GMT
cache-control: max-age=31536000
via: 1.1 33aae203c47fd9e0f18a8f3f6d37fbfc.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17889
x-amz-cf-pop: JFK50-P2
server: AmazonS3

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 370ms
127ms Script
text/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
age: 575
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 20:06:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:06:04 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H/1.1 200
OK V2UwGh16G9S-i7e6 Show response
h.online-metrix.net/ Frame B9B1 0
398 B 97ms
96ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=96
Date: Tue, 12 Nov 2024 18:15:39 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript
Server: Apache

GET
H/1.1 204
204 Pl1cg6XLu6K8M6V0 Show response
h.online-metrix.net/ Frame B9B1 0
218 B 91ms
91ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/Pl1cg6XLu6K8M6V0?4a3b48c57dfbba3a=Gd1WuJ3Uf3BQoUKXZfhGp68cwPEc565g9wbZD70QJNjWLNdGbDiYoMVUt5zioBRBfnPuLmOIIU0AEzWIc52Ney_kPsj4kAimZH8wuutgL-zf585UiLG8mAbIRHGoZyDWPqEEqaO-2PdOXKQRc-np_30s1BPjviwYHDhMK_v3FzqG9uW98KWLlril3D0SLXNGcBlIokMrfhx1ke_aTbQ&jac=1&je=33373b26266a68737c726e3f253f422d30323e273230273b4331253a432530303527323a27314331253a43253a303827323a253b43312d304327303a3b25323a253343332730432d30303330253a32253b433227324b253a303139273230273b4332253a432530303330253a30273141312d32432d303230382d323a273349332530412d30323139332530302731413927304125323a32393d273230253b413927374c

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=99
Date: Tue, 12 Nov 2024 18:15:39 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

GET
H/1.1 204
204 Pl1cg6XLu6K8M6V0 Show response
h.online-metrix.net/ Frame B9B1 0
218 B 201ms
201ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

https://h.online-metrix.net/Pl1cg6XLu6K8M6V0?4a3b48c57dfbba3a=Gd1WuJ3Uf3BQoUKXZfhGp68cwPEc565g9wbZD70QJNjWLNdGbDiYoMVUt5zioBRBfnPuLmOIIU0AEzWIc52Ney_kPsj4kAimZH8wuutgL-zf585UiLG8mAbIRHGoZyDWPqEEqaO-2PdOXKQRc-np_30s1BPjviwYHDhMK_v3FzqG9uW98KWLlril3D0SLXNGcBlIokMrfhx1ke_aTbQ&je=333132262662616335332660687b62633f253d402537402d3032552d32322730413a373927304125323a44495e273231253a334c4b562d3033706d677625323a253546273041253d402730326e2d32322d30433a373a253a41253a30444b542d3033494644626e6b6c664e67766b6425323a25354c273546266a687b606b576b6e6667703f31

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=95
Date: Tue, 12 Nov 2024 18:15:39 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

POST
H2 200 / Show response
api.amplitude.com/ 7 B
137 B 511ms
115ms XHR
text/html 52.25.130.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.25.130.112 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-25-130-112.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=15768000
access-control-allow-origin: *
content-length: 7
date: Tue, 12 Nov 2024 18:15:40 GMT
content-type: text/html;charset=utf-8

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
995 B 167ms
166ms Script
text/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
age: 790
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options: nosniff
expires: Tue, 12 Nov 2024 19:02:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:02:29 GMT
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
content-length: 697
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK V2UwGh16G9S-i7e6 Show response
h.online-metrix.net/ Frame B9B1 0
398 B 171ms
171ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive
X-Content-Type-Options: nosniff
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Keep-Alive: timeout=2, max=98
Date: Tue, 12 Nov 2024 18:15:39 GMT
X-XSS-Protection: 1; mode=block
Content-Type: text/javascript
Server: Apache

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
369 B 108ms
107ms XHR
text/plain 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=341105549&t=pageview&_s=1&dl=https%3A%2F%2Fweb.koho.ca%2Fregistration&dp=%2Fregistration&ul=en-ca&de=UTF-8&dt=Registration&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgEAjAAAAACgCIAB~&jid=986430795&gjid=1944747128&cid=1760655221.1731435340&tid=UA-41908934-3&_gid=986843498.1731435340&_slc=1&z=1698516176

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

7ac87dd9f74a67f144a3913ab313da479b90f31059c3d486b48e300ef72ea13f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain
Referer: https://web.koho.ca/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:15:40 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://web.koho.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 15
server: Golfe2

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
643 B 376ms
136ms XHR
text/plain 2607:f8b0:4004:c17::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-41908934-3&cid=1760655221.1731435340&jid=986430795&gjid=1944747128&_gid=986843498.1731435340&_u=aGBAgEAjAAAAAGgCIAB~&z=1633613136

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: text/plain
Referer: https://web.koho.ca/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgdc:149:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:15:40 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgdc:149:0
access-control-allow-origin: https://web.koho.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H2 200 collect
www.google-analytics.com/ 35 B
407 B 91ms
90ms Image
image/gif 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=341105549&t=event&ni=1&_s=2&dl=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&dp=%2Fregistration&ul=en-ca&de=UTF-8&dt=Registration&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=All&ea=Viewed%20Registration%20Page&ev=0&_u=aGBAgEAjAAAAAGgCIAB~&jid=&gjid=&cid=1760655221.1731435340&tid=UA-41908934-3&_gid=986843498.1731435340&z=371085071

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

age: 72221
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 11 Nov 2024 22:11:59 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H2 200 collect
www.google-analytics.com/ 35 B
94 B 93ms
92ms Image
image/gif 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=341105549&t=pageview&_s=3&dl=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&dp=%2Fregistration%2Fidentity&ul=en-ca&de=UTF-8&dt=registration-identity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgEAjAAAAAGgCIAD~&jid=&gjid=&cid=1760655221.1731435340&tid=UA-41908934-3&_gid=986843498.1731435340&z=1308641046

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

age: 72221
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 11 Nov 2024 22:11:59 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H2 200 collect
www.google-analytics.com/ 35 B
94 B 92ms
91ms Image
image/gif 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=341105549&t=event&ni=1&_s=4&dl=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&dp=%2Fregistration%2Fidentity&ul=en-ca&de=UTF-8&dt=registration-identity&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=All&ea=Viewed%20registration-identity%20Page&ev=0&_u=aGBAgEAjAAAAAGgCIAD~&jid=&gjid=&cid=1760655221.1731435340&tid=UA-41908934-3&_gid=986843498.1731435340&z=1778018654

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

age: 72221
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 11 Nov 2024 22:11:59 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 35
server: Golfe2

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 417 KB
133 KB 101ms
100ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FKN7NNETLF&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f476676c4aceaa3e40e438cd48275e0a69b927a0963470bf442894b1df806ca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 12 Nov 2024 18:15:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:15:40 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 136260
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/902961551/ 5 KB
2 KB 268ms
86ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/902961551/?random=1731435340162&cv=11&fst=1731435340162&bg=ffffff&guid=ON&async=1&gtm=45be4b70v892118992za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101823848~101925629~102077854&u_w=1600&u_h=1200&url=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&hn=www.googleadservices.com&frm=0&tiba=KOHO&npa=0&pscdl=noapi&auid=2102651142.1731435340&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a3a85aa207e37edde003741c864ce773dc92be01dbb348dbf525b09df7697894

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: gzip
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2398
date: Tue, 12 Nov 2024 18:15:40 GMT
x-xss-protection: 0
content-type: text/javascript; charset=ISO-8859-1
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
41 B 63ms
62ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGDFZD8&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip"
accept-ranges: bytes
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Tue, 12 Nov 2024 18:15:40 GMT
x-tw-cdn: FT
last-modified: Mon, 28 Oct 2024 20:49:35 GMT
x-served-by: cache-iad-kiad7000114-IAD
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
x-amz-server-side-encryption: AES256

GET events.js
tags.srv.stackadapt.com/ 0
0

GET
H2 200 adsct
t.co/1/i/ 43 B
188 B 96ms
95ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&dv=America%2FVancouver%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=9dea50b7-ece1-446e-9356-01b98a445630&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a26c5a95-fa00-48c7-9dc0-7d5d42f3aab4&tw_document_href=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&tw_iframe_status=0&txn_id=nvggn&type=javascript&version=2.3.31

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=0
x-transaction-id: fd655ab4fe84af8c
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 9c786bcaafd03f18de952e5cc051e50d5f37b4e5a01674fee70e0709e4e131be
cf-cache-status: DYNAMIC
cf-ray: 8e18823caab9abfa-YYZ
x-response-time: 10
content-length: 43
date: Tue, 12 Nov 2024 18:15:40 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
117 B 79ms
78ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&dv=America%2FVancouver%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=3&event=%7B%7D&event_id=9dea50b7-ece1-446e-9356-01b98a445630&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a26c5a95-fa00-48c7-9dc0-7d5d42f3aab4&tw_document_href=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&tw_iframe_status=0&txn_id=nvggn&type=javascript&version=2.3.31

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 7077ed2bf1f90d3b
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 84daf9f14d295dd20b2b472143297a3d2badbf8c18164e5e286595837d69bdcc
x-response-time: 14
content-length: 43
date: Tue, 12 Nov 2024 18:15:39 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
DATA 200
OK truncated
/ Frame 3191 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3191 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D8D4 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D8D4 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

Content-Type: image/png

GET
H/1.1 204
204 Pl1cg6XLu6K8M6V0 Show response
h.online-metrix.net/ Frame B9B1 0
218 B 91ms
90ms Script
text/javascript 192.225.158.1
THM

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

192.225.158.1 , United States, ASN30286 (THM, US),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

Strict-Transport-Security: max-age=31536000
Keep-Alive: timeout=2, max=97
Date: Tue, 12 Nov 2024 18:15:40 GMT
Content-Type: text/javascript;charset=UTF-8
Server: Apache
Connection: Keep-Alive

POST
H2 204 collect
analytics.google.com/g/ 0
0 215ms
55ms Fetch
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-FKN7NNETLF&gtm=45je4b70v894288470z8812560807za200&_p=1731435339386&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101823848~101925629~102067554~102077855&cid=1760655221.1731435340&ul=en-ca&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1731435340&sct=1&seg=0&dl=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&dt=KOHO&en=page_view&_fv=1&_ss=1&tfd=5235
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://web.koho.ca
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 12 Nov 2024 18:15:40 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 274ms
132ms Image
image/gif 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FKN7NNETLF&cid=1760655221.1731435340&gtm=45je4b70v894288470z8812560807za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101823848~101925629~102067554~102077855&tag_exp=101823848~101925629~102067554~102077855&z=763757565

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 12 Nov 2024 18:15:40 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H2 200 / Show response
api.amplitude.com/ 7 B
136 B 157ms
156ms XHR
text/html 52.25.130.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.25.130.112 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-25-130-112.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: https://web.koho.ca/

Response headers

strict-transport-security: max-age=15768000
access-control-allow-origin: *
content-length: 7
date: Tue, 12 Nov 2024 18:15:40 GMT
content-type: text/html;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 954F 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 954F 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

Content-Type: image/png

GET
H3 200 /
www.google.com/pagead/1p-user-list/902961551/ 42 B
64 B 246ms
69ms Image
image/gif 2607:f8b0:4006:80f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/902961551/?random=1731435340162&cv=11&fst=1731434400000&bg=ffffff&guid=ON&async=1&gtm=45be4b70v892118992za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101823848~101925629~102077854&u_w=1600&u_h=1200&url=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&hn=www.googleadservices.com&frm=0&tiba=KOHO&npa=0&pscdl=noapi&auid=2102651142.1731435340&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dJNpIT5ru6meBhI4Qg1CNQgFJ3C4SFg&random=1369041146&rmt_tld=0&ipr=y

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 12 Nov 2024 18:15:40 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 /
www.google.ca/pagead/1p-user-list/902961551/ 42 B
64 B 159ms
65ms Image
image/gif 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/902961551/?random=1731435340162&cv=11&fst=1731434400000&bg=ffffff&guid=ON&async=1&gtm=45be4b70v892118992za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101823848~101925629~102077854&u_w=1600&u_h=1200&url=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&hn=www.googleadservices.com&frm=0&tiba=KOHO&npa=0&pscdl=noapi&auid=2102651142.1731435340&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dJNpIT5ru6meBhI4Qg1CNQgFJ3C4SFg&random=1369041146&rmt_tld=1&ipr=y

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/registration/identity

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 12 Nov 2024 18:15:40 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

OPTIONS
H2 204 5eeb94841ab9a70a809cdc75
events.launchdarkly.com/events/diagnostic/ Frame 0
0 361ms
168ms Preflight 34.203.87.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/5eeb94841ab9a70a809cdc75

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.203.87.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-87-70.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: POST
Origin: https://web.koho.ca
Sec-Fetch-Mode: cors
User-Agent: this request as been triggered by a human from a costum script.

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
date: Tue, 12 Nov 2024 18:15:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 xiu5e01e Show response
widget.intercom.io/widget/ 7 KB
3 KB 345ms
94ms Script
application/javascript 13.249.91.44
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widget.intercom.io/widget/xiu5e01e
Requested by: Host: web.koho.ca
URL: https://web.koho.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.91.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-91-44.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee0cfba0faa34fce2ccdccccf563454a220b243e7de0850e516a91f69a29f8c2

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/

Response headers

content-encoding: gzip
x-amz-version-id: ZS0xuZPuaN2fI3mLpAbZ4O23yyKj5qmK
etag: "77d207eb2eb2a3e1420588cdbd7db424"
age: 468
alt-svc: h3=":443"; ma=86400
x-cache: Error from cloudfront
x-amz-cf-id: V-toS4b_iwQ8G6TK09l6URz8Ldm7topF8mn01KM6ZgwIKpkiLhlddA==
date: Tue, 12 Nov 2024 18:07:57 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding, Origin
last-modified: Tue, 12 Nov 2024 14:12:51 GMT
cache-control: max-age=300, s-maxage=300, public
cross-origin-resource-policy: cross-origin
via: 1.1 f786281b2ac676774f88041b4f1587a4.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 2666
x-amz-cf-pop: JFK52-P9
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 202 5eeb94841ab9a70a809cdc75 Show response
events.launchdarkly.com/events/diagnostic/ 0
358 B 71ms
70ms XHR
application/json 34.203.87.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/diagnostic/5eeb94841ab9a70a809cdc75

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.203.87.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-87-70.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
Referer: https://web.koho.ca/
User-Agent: this request as been triggered by a human from a costum script.
X-LaunchDarkly-User-Agent: JSClient/3.1.4
Content-Type: application/json

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
access-control-expose-headers: Date
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
content-length: 0
date: Tue, 12 Nov 2024 18:15:41 GMT
content-type: application/json
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags

GET
H3 200 favicon.ico
web.koho.ca/ 597 B
1 KB 62ms
62ms Other
image/x-icon 104.18.6.38
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://web.koho.ca/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.6.38 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08fdb9f448abb925e6b2fef20317ff664a153e888dedb1028457e48f59cc92e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer: https://web.koho.ca/registration/identity

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
etag: W/"938872fc0d56b0353fc2f5669cb3c534"
age: 345450
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: fQsv4tZDgGM5BpkWElEgXdxuX6WYFEJQz_n04R_mNroqqKDFh7awtw==
date: Tue, 12 Nov 2024 18:15:40 GMT
content-type: image/x-icon
last-modified: Fri, 08 Nov 2024 18:17:55 GMT
x-frame-options: DENY
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=0, s-maxage=31536000
referrer-policy: same-origin
via: 1.1 9b4f2014232c90b3056e1fb1e00215fc.cloudfront.net (CloudFront)
cf-ray: 8e18823fca6ab40a-YYZ
x-xss-protection: 1; mode=block
x-amz-cf-pop: YUL62-C2
server: cloudflare

GET
H2 200 frame.f55d5ac4.js Show response
js.intercomcdn.com/ Frame 114A 842 KB
184 KB 388ms
160ms Script
application/javascript 108.139.47.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/frame.f55d5ac4.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/xiu5e01e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.47.114 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-139-47-114.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5a9394ee1b3017dfd5f200efee245e1a48bd958d3bb9dbcfe1d88bce50c0866b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

content-encoding: gzip
etag: "16fa96c7155614858c46e308eae90fc1"
x-amz-version-id: L.U939DDvrkzD8c7_DrFyXt1hc5p0MYV
age: 169
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 3qF3U81is2F9tAHQ0ZEIhpvEqDsYsdtnK04_dQJhr-mZPV5T4tlhUA==
date: Tue, 12 Nov 2024 18:12:53 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 12 Nov 2024 14:10:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy: cross-origin
via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 187615
x-amz-cf-pop: JFK50-P1
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 vendor.6349e54f.js Show response
js.intercomcdn.com/ Frame 114A 608 KB
193 KB 985ms
758ms Script
application/javascript 108.139.47.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.intercomcdn.com/vendor.6349e54f.js

Requested by

Host: widget.intercom.io
URL: https://widget.intercom.io/widget/xiu5e01e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.139.47.114 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-139-47-114.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

ddbc3fbeaa904c77f2cbc8029158dfbcd2ad2b41a8a033e8e715b9ccefd4db78

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Referer

Response headers

content-encoding: gzip
etag: "72afb86f841a4306b6702132c561fde7"
x-amz-version-id: 4n8xCZmAl7_oDgUnO52T9PPxVStFkA2d
age: 782
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: TmGUPHFk9PB9hkBk4V12Y035xlVDzca3iwaK6VIjm77f0fxcPa8drg==
date: Tue, 12 Nov 2024 18:02:40 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 12 Nov 2024 14:10:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy: cross-origin
via: 1.1 5b4b6c6517b988a4ff2c794e5583ee02.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 196869
x-amz-cf-pop: JFK50-P1
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 launcher_settings Show response
api-iam.intercom.io/messenger/web/ Frame 114A 241 B
898 B 495ms
184ms XHR
application/json 3.88.98.219
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/launcher_settings

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.f55d5ac4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.88.98.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-88-98-219.compute-1.amazonaws.com

Software

nginx /

Resource Hash

e6123a1ec3c40bd17c50ac040b12abf9b1772da8adb691e73c4b323462b9056b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 0005h2pcu3atg52oi02g
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"e6123a1ec3c40bd17c50ac040b12abf9"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Tue, 12 Nov 2024 18:15:42 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.048760
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://web.koho.ca
x-xss-protection: 1; mode=block
x-intercom-version: d18f2fb23155dd4b3d59163f18757c0d133a5fdb
x-ami-version: ami-0d82ec08b45e6923b
server: nginx

POST
H2 200 ping Show response
api-iam.intercom.io/messenger/web/ Frame 114A 4 KB
2 KB 724ms
418ms XHR
application/json 3.88.98.219
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api-iam.intercom.io/messenger/web/ping

Requested by

Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame.f55d5ac4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.88.98.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-88-98-219.compute-1.amazonaws.com

Software

nginx /

Resource Hash

2c7ebbe763272a6c9805e7ceb79b297905cbd9c27aca13681d535a9ee3400d3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: this request as been triggered by a human from a costum script.
Content-Type: application/x-www-form-urlencoded
Referer

Response headers

x-request-id: 0007vf3enk5b8d8ah5hg
access-control-expose-headers: x-request-id
content-encoding: gzip
etag: W/"2c7ebbe763272a6c9805e7ceb79b2979"
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
status: 200 OK
date: Tue, 12 Nov 2024 18:15:42 GMT
content-type: application/json; charset=utf-8
vary: Accept,Accept-Encoding
x-runtime: 0.301613
access-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31556952; includeSubDomains; preload
x-request-queueing: 0
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-origin: https://web.koho.ca
x-xss-protection: 1; mode=block
x-intercom-version: d18f2fb23155dd4b3d59163f18757c0d133a5fdb
x-ami-version: ami-0d82ec08b45e6923b
server: nginx

POST
H2 202 5eeb94841ab9a70a809cdc75 Show response
events.launchdarkly.com/events/bulk/ 0
358 B 181ms
179ms XHR
application/json 34.203.87.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5eeb94841ab9a70a809cdc75

Requested by

Host: web.koho.ca
URL: https://web.koho.ca/index.2.11.21.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.203.87.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-87-70.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

X-LaunchDarkly-Wrapper: react-client-sdk/3.0.9
X-LaunchDarkly-Event-Schema: 4
Referer: https://web.koho.ca/
X-LaunchDarkly-Payload-ID: 21102180-a122-11ef-b712-9d5e037163b0
X-LaunchDarkly-User-Agent: JSClient/3.1.4
Content-Type: application/json
User-Agent: this request as been triggered by a human from a costum script.

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 300
access-control-expose-headers: Date
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
content-length: 0
date: Tue, 12 Nov 2024 18:15:42 GMT
content-type: application/json
access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags

OPTIONS
H2 204 5eeb94841ab9a70a809cdc75
events.launchdarkly.com/events/bulk/ Frame 0
0 100ms
100ms Preflight 34.203.87.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://events.launchdarkly.com/events/bulk/5eeb94841ab9a70a809cdc75

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.203.87.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-203-87-70.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method: POST
Origin: https://web.koho.ca
Sec-Fetch-Mode: cors
User-Agent: this request as been triggered by a human from a costum script.

Response headers

access-control-allow-headers: Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Date
access-control-max-age: 300
date: Tue, 12 Nov 2024 18:15:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 24CA 0
0 36ms
36ms Document
text/html 151.101.192.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.192.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://web.koho.ca/
Upgrade-Insecure-Requests: 1
User-Agent: this request as been triggered by a human from a costum script.

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2364409
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=31536000
content-encoding: br
content-length: 122
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Tue, 12 Nov 2024 18:15:43 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Tue, 15 Oct 2024 20:06:08 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 355312
x-content-type-options: nosniff
x-request-id: 74206dac-8b36-41b7-a301-d1e5eb3e10e8
x-served-by: cache-yul1970024-YUL

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pixel-config.reddit.com
URL: https://pixel-config.reddit.com/pixels/t2_e4ba8g8u/config

Domain: truncated
URL: data:truncated

Domain: h64.online-metrix.net
URL: https://h64.online-metrix.net/OGL_WTLcl9r0PaVq?f2f340c2da432d87=bT9ElH0FjYrDOAGJOPF1IicaO1ROvaBvR3DqJ8D0GZjnL3nPHuqHpm6vYala0cZNnD7d3ywyGNn4DELlz_xxk3c1DdamYC9X1dWLYNSnirk5vI84GbAzpQLMES5wEP0ydzCgW1ThMlqHdly5cP3wVegSBlYYm3ao

Domain: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Domain: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js

Verdicts & Comments Add Verdict or Comment

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.koho.ca/	1970-01-21 03:06:51	Name: _rdt_uuid Value: 1731435336132.80f81fb6-9a76-4cb7-82e5-3e777fc261d6
.tiktok.com/	1970-01-21 10:18:51	Name: _ttp Value: 2olDb3Ph0ho2OVN4Dj2Mul5KD9O
web.koho.ca/	1970-01-21 09:42:51	Name: __spdt Value: f14796f4bfb04c12a97682e86ca1f3a8
.koho.ca/	1970-01-21 10:18:51	Name: _tt_enable_cookie Value: 1
.koho.ca/	1970-01-21 10:18:51	Name: _ttp Value: KOcyO6b5J70pQpSe0I262oWPbqm
.koho.ca/	1970-01-21 03:06:51	Name: _fbp Value: fb.1.1731435337122.302895452852309543
.t.co/	1970-01-21 10:33:15	Name: muc_ads Value: 281f689f-85b6-45cd-b7fc-68acc5141c51
.t.co/	1970-01-21 00:57:17	Name: __cf_bm Value: LGuQ0ZozqSh2wMMsDiEcyVF8GsQK1PhmHiRWX3sWfZk-1731435337-1.0.1.1-3eRqMlKV8FGSgpR850axRDFSJU4Jmj_JvE3yeiVxebWHMPLGGoeG1DyY.eF7dQVtrLdVIknau2L6y.ZW2oIXcQ
.twitter.com/	1970-01-21 10:33:15	Name: guest_id_marketing Value: v1%3A173143533745609029
.twitter.com/	1970-01-21 10:33:15	Name: guest_id_ads Value: v1%3A173143533745609029
.twitter.com/	1970-01-21 10:33:15	Name: personalization_id Value: "v1_xuhEENgSVIn7QBvqZDEXiQ=="
.twitter.com/	1970-01-21 10:33:15	Name: guest_id Value: v1%3A173143533745609029
.koho.ca/	1970-01-21 01:07:20	Name: _switch_session_id Value: e4700311-e624-469d-af9c-812088f1792b
h.online-metrix.net/	1970-01-21 10:33:15	Name: thx_guid Value: ba7db0a6961f3440b87108b631cbe132
h.online-metrix.net/	1970-01-21 10:33:15	Name: tmx_guid Value: AAyGBtyEPx1VVp5eZXvUN80oEFSVGMjarAqfouYG2P5GmQeSRd3Oqq5X7Vqo3qpE9IrBd0Op_aIrK0FsE-uwcgRl7EPw9A
.koho.ca/	1970-01-21 09:42:51	Name: ajs_anonymous_id Value: 5883ed87-97e1-481d-a0ac-4ef6a10c4006
h.online-metrix.net/	1970-01-21 10:33:15	Name: thx_global_guid Value: 2218e32300b3417f86aace611d6fe8f8
.koho.ca/	1969-12-31 23:59:59	Name: amplitude_idundefinedkoho.ca Value: eyJvcHRPdXQiOmZhbHNlLCJzZXNzaW9uSWQiOm51bGwsImxhc3RFdmVudFRpbWUiOm51bGwsImV2ZW50SWQiOjAsImlkZW50aWZ5SWQiOjAsInNlcXVlbmNlTnVtYmVyIjowfQ==
.koho.ca/	1970-01-21 10:33:15	Name: amplitude_id_10563d121b16631a278c49bd4b44caaekoho.ca Value: eyJkZXZpY2VJZCI6IjBiZDNmYzA1LTYxMTEtNGQwMy1iM2ZkLTRhMDRlN2UwOGEwNVIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTczMTQzNTMzOTgxMywibGFzdEV2ZW50VGltZSI6MTczMTQzNTMzOTgxOSwiZXZlbnRJZCI6MiwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjJ9
.koho.ca/	1970-01-21 00:58:41	Name: _gid Value: GA1.2.986843498.1731435340
.koho.ca/	1970-01-21 00:57:15	Name: _gat Value: 1
.koho.ca/	1970-01-21 03:06:51	Name: _gcl_au Value: 1.1.2102651142.1731435340
.koho.ca/	1970-01-21 10:33:15	Name: _ga Value: GA1.1.1760655221.1731435340
.doubleclick.net/	1970-01-21 00:57:16	Name: test_cookie Value: CheckForPermission
.koho.ca/	1970-01-21 10:33:15	Name: _ga_FKN7NNETLF Value: GS1.1.1731435340.1.0.1731435340.60.0.0
.koho.ca/	1970-01-21 07:26:05	Name: intercom-id-xiu5e01e Value: 20428d57-19a2-44dc-8665-1d4f5dbb044c
.koho.ca/	1970-01-21 01:07:20	Name: intercom-session-xiu5e01e Value:
.koho.ca/	1970-01-21 07:26:05	Name: intercom-device-id-xiu5e01e Value: 9735a7e7-b34c-4ddf-8439-4e2afba3b72f
m.stripe.com/	1970-01-21 10:33:15	Name: m Value: 6139ab27-f8f2-4af5-93b1-663c14443e3621371a
.web.koho.ca/	1970-01-21 09:42:51	Name: __stripe_mid Value: 8ec3adf7-6d9e-4034-af60-7648566b441281551d
.web.koho.ca/	1970-01-21 00:57:17	Name: __stripe_sid Value: c6bf3b0f-82cd-4ef7-bf3a-f001e09f8cc80e4cd8

50 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://web.koho.ca/ Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://www.redditstatic.com/ads/pixel.js Message: Refused to connect to 'https://pixel-config.reddit.com/pixels/t2_e4ba8g8u/config' because it violates the following Content Security Policy directive: "connect-src 'self' data: blob: https://.convertexperiments.com https://.cv.gpsrv.com https://.demdex.net https://.equalweb.com/ https://.ingest.sentry.io https://.koho.ca https://.kohoanalytics.ca https://.launchdarkly.com https://.onfido.com https://.onfido.com https://.pd.gpsrv.com https://.ua.gpsrv.com https://af-event-logger.appsflyer.com https://analytics.google.com/ https://analytics.tiktok.com https://api-iam.intercom.io https://api-ping.intercom.io https://api-sandbox.argyle.com https://api.amplitude.com/ https://api.argyle.com https://api.ca.onfido.com https://api.eu.onfido.com https://api.forethought.ai/ https://api.intercom.io https://api.onfido.com https://api.sandbox-koho.ca https://api.segment.io https://api.staging.pungle.co https://api.stripe.com https://api.us.onfido.com https://assets.adobedtm.com https://assets.koho.ca https://atr.veritonicmetrics.com/ https://banner.appsflyer.com https://cdn.linkedin.oribi.io https://cdn.segment.com https://cm.everesttech.net https://conversions-config.reddit.com/ https://creatives-cdn.appsflyer.com https://evnt.byspotify.com/ https://get.geojs.io/v1/ip/country https://google.com/ccm/ https://h.online-metrix.net/ https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://px.ads.linkedin.com https://sdk.iad-01.braze.com https://sdk.iad-03.braze.com https://sentry.io https://stats.g.doubleclick.net/j/collect https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vendorapi.koho.ca/ https://vendorapi.sandbox-koho.ca/ https://webgateway.sandbox-koho.ca/ https://www.google-analytics.com https://www.redditstatic.com/ https://www.woopra.com ws://localhost:/sockjs-node wss://.onfido.com wss://localhost:*/sockjs-node wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io".
security	error	URL: https://web.koho.ca/(Line 344) Message: Refused to set the document's base URI to 'https://web.koho.ca/' because it violates the following Content Security Policy directive: "base-uri 'none'".
security	error	URL: https://web.koho.ca/ Message: Refused to load the font 'data:application/font-woff;charset=utf-8;base64, d09GRgABAAAAAAZgABAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAAGRAAAABoAAAAci6qHkUdERUYAAAWgAAAAIwAAACQAYABXR1BPUwAABhQAAAAuAAAANuAY7+xHU1VCAAAFxAAAAFAAAABm2fPczU9TLzIAAAHcAAAASgAAAGBP9V5RY21hcAAAAkQAAACIAAABYt6F0cBjdnQgAAACzAAAAAQAAAAEABEBRGdhc3AAAAWYAAAACAAAAAj//wADZ2x5ZgAAAywAAADMAAAD2MHtryVoZWFkAAABbAAAADAAAAA2E2+eoWhoZWEAAAGcAAAAHwAAACQC9gDzaG10eAAAAigAAAAZAAAArgJkABFsb2NhAAAC0AAAAFoAAABaFQAUGG1heHAAAAG8AAAAHwAAACAAcABAbmFtZQAAA/gAAAE5AAACXvFdBwlwb3...OnYercZg2YVmLN/d/gczfEimrE/fs/bOuq29Zmn8tloORaXgZgGa78yO9/cnXm2BpaGvq25Dv9S4E9+5SIc9PqupJKhYFSSl47+Qcr1mYNAAAAeNptw0cKwkAAAMDZJA8Q7OUJvkLsPfZ6zFVERPy8qHh2YER+3i/BP83vIBLLySsoKimrqKqpa2hp6+jq6RsYGhmbmJqZSy0sraxtbO3sHRydnEMU4uR6yx7JJXveP7WrDycAAAAAAAH//wACeNpjYGRgYOABYhkgZgJCZgZNBkYGLQZtIJsFLMYAAAw3ALgAeNolizEKgDAQBCchRbC2sFER0YD6qVQiBCv/H9ezGI6Z5XBAw8CBK/m5iQQVauVbXLnOrMZv2oLdKFa8Pjuru2hJzGabmOSLzNMzvutpB3N42mNgZGBg4GKQYzBhYMxJLMlj4GBgAYow/P/PAJJhLM6sSoWKfWCAAwDAjgbRAAB42mNgYGBkAIIbCZo5IPrmUn0hGA0AO8EFTQAA' because it violates the following Content Security Policy directive: "font-src 'self' https://braze-images.com https://cdn.appsflyer.com https://cdn.braze.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://maxcdn.bootstrapcdn.com https://res.cloudinary.com/argyle-media https://sdk.onfido.com https://use.fontawesome.com".
security	error	URL: https://pixel.byspotify.com/ping.min.js Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the following Content Security Policy directive: "connect-src 'self' data: blob: https://.convertexperiments.com https://.cv.gpsrv.com https://.demdex.net https://.equalweb.com/ https://.ingest.sentry.io https://.koho.ca https://.kohoanalytics.ca https://.launchdarkly.com https://.onfido.com https://.onfido.com https://.pd.gpsrv.com https://.ua.gpsrv.com https://af-event-logger.appsflyer.com https://analytics.google.com/ https://analytics.tiktok.com https://api-iam.intercom.io https://api-ping.intercom.io https://api-sandbox.argyle.com https://api.amplitude.com/ https://api.argyle.com https://api.ca.onfido.com https://api.eu.onfido.com https://api.forethought.ai/ https://api.intercom.io https://api.onfido.com https://api.sandbox-koho.ca https://api.segment.io https://api.staging.pungle.co https://api.stripe.com https://api.us.onfido.com https://assets.adobedtm.com https://assets.koho.ca https://atr.veritonicmetrics.com/ https://banner.appsflyer.com https://cdn.linkedin.oribi.io https://cdn.segment.com https://cm.everesttech.net https://conversions-config.reddit.com/ https://creatives-cdn.appsflyer.com https://evnt.byspotify.com/ https://get.geojs.io/v1/ip/country https://google.com/ccm/ https://h.online-metrix.net/ https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://px.ads.linkedin.com https://sdk.iad-01.braze.com https://sdk.iad-03.braze.com https://sentry.io https://stats.g.doubleclick.net/j/collect https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vendorapi.koho.ca/ https://vendorapi.sandbox-koho.ca/ https://webgateway.sandbox-koho.ca/ https://www.google-analytics.com https://www.redditstatic.com/ https://www.woopra.com ws://localhost:/sockjs-node wss://.onfido.com wss://localhost:*/sockjs-node wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io".
javascript	error	URL: https://pixel.byspotify.com/ping.min.js Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the document's Content Security Policy.
security	error	URL: https://web.koho.ca/index.2.11.21.js(Line 117) Message: Refused to connect to 'https://checkip.amazonaws.com/' because it violates the following Content Security Policy directive: "connect-src 'self' data: blob: https://.convertexperiments.com https://.cv.gpsrv.com https://.demdex.net https://.equalweb.com/ https://.ingest.sentry.io https://.koho.ca https://.kohoanalytics.ca https://.launchdarkly.com https://.onfido.com https://.onfido.com https://.pd.gpsrv.com https://.ua.gpsrv.com https://af-event-logger.appsflyer.com https://analytics.google.com/ https://analytics.tiktok.com https://api-iam.intercom.io https://api-ping.intercom.io https://api-sandbox.argyle.com https://api.amplitude.com/ https://api.argyle.com https://api.ca.onfido.com https://api.eu.onfido.com https://api.forethought.ai/ https://api.intercom.io https://api.onfido.com https://api.sandbox-koho.ca https://api.segment.io https://api.staging.pungle.co https://api.stripe.com https://api.us.onfido.com https://assets.adobedtm.com https://assets.koho.ca https://atr.veritonicmetrics.com/ https://banner.appsflyer.com https://cdn.linkedin.oribi.io https://cdn.segment.com https://cm.everesttech.net https://conversions-config.reddit.com/ https://creatives-cdn.appsflyer.com https://evnt.byspotify.com/ https://get.geojs.io/v1/ip/country https://google.com/ccm/ https://h.online-metrix.net/ https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://px.ads.linkedin.com https://sdk.iad-01.braze.com https://sdk.iad-03.braze.com https://sentry.io https://stats.g.doubleclick.net/j/collect https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vendorapi.koho.ca/ https://vendorapi.sandbox-koho.ca/ https://webgateway.sandbox-koho.ca/ https://www.google-analytics.com https://www.redditstatic.com/ https://www.woopra.com ws://localhost:/sockjs-node wss://.onfido.com wss://localhost:*/sockjs-node wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io".
javascript	error	URL: https://web.koho.ca/index.2.11.21.js(Line 117) Message: Refused to connect to 'https://checkip.amazonaws.com/' because it violates the document's Content Security Policy.
security	error	URL: https://web.koho.ca/index.2.11.21.js(Line 117) Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the following Content Security Policy directive: "connect-src 'self' data: blob: https://.convertexperiments.com https://.cv.gpsrv.com https://.demdex.net https://.equalweb.com/ https://.ingest.sentry.io https://.koho.ca https://.kohoanalytics.ca https://.launchdarkly.com https://.onfido.com https://.onfido.com https://.pd.gpsrv.com https://.ua.gpsrv.com https://af-event-logger.appsflyer.com https://analytics.google.com/ https://analytics.tiktok.com https://api-iam.intercom.io https://api-ping.intercom.io https://api-sandbox.argyle.com https://api.amplitude.com/ https://api.argyle.com https://api.ca.onfido.com https://api.eu.onfido.com https://api.forethought.ai/ https://api.intercom.io https://api.onfido.com https://api.sandbox-koho.ca https://api.segment.io https://api.staging.pungle.co https://api.stripe.com https://api.us.onfido.com https://assets.adobedtm.com https://assets.koho.ca https://atr.veritonicmetrics.com/ https://banner.appsflyer.com https://cdn.linkedin.oribi.io https://cdn.segment.com https://cm.everesttech.net https://conversions-config.reddit.com/ https://creatives-cdn.appsflyer.com https://evnt.byspotify.com/ https://get.geojs.io/v1/ip/country https://google.com/ccm/ https://h.online-metrix.net/ https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://px.ads.linkedin.com https://sdk.iad-01.braze.com https://sdk.iad-03.braze.com https://sentry.io https://stats.g.doubleclick.net/j/collect https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vendorapi.koho.ca/ https://vendorapi.sandbox-koho.ca/ https://webgateway.sandbox-koho.ca/ https://www.google-analytics.com https://www.redditstatic.com/ https://www.woopra.com ws://localhost:/sockjs-node wss://.onfido.com wss://localhost:*/sockjs-node wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io".
javascript	error	URL: https://web.koho.ca/index.2.11.21.js(Line 117) Message: Refused to connect to 'https://pixels.spotify.com/v1/ingest' because it violates the document's Content Security Policy.
security	error	URL: https://js.stripe.com/v3 Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://cdn.equalweb.com/core/4.5.6/accessibility.js Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://cdn.equalweb.com/core/4.5.6/accessibility.js Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://solve-widget.forethought.ai/embed.js Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
network	error	URL: https://app.launchdarkly.com/sdk/evalx/5eeb94841ab9a70a809cdc75/contexts/eyJhbm9ueW1vdXMiOnRydWUsImtpbmQiOiJ1c2VyIiwia2V5IjoiMWUxN2M5MTAtYTEyMi0xMWVmLWI3MTItOWQ1ZTAzNzE2M2IwIn0 Message: Failed to load resource: the server responded with a status of 400 ()
security	error	URL: https://h.online-metrix.net/yfl6aimao9582uu2.js?zjsllou1r3jxt0nz=2ulrybyx&iyj04fyq5o7u4c8i=cb3109a4-ce34-4974-ba7c-71481acfbf18(Line 48) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://h.online-metrix.net/yfl6aimao9582uu2.js?zjsllou1r3jxt0nz=2ulrybyx&iyj04fyq5o7u4c8i=cb3109a4-ce34-4974-ba7c-71481acfbf18(Line 48) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d(Line 1265) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d(Line 1187) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d(Line 1187) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d(Line 1187) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://h.online-metrix.net/oIJvWfcqJc2JGKOS?c5cb31d263630bd0=Eb-AY1-LBOmDBQpZ2P0fMh7T6mdKEzHNtqeQJU7XsDyDT5UR2tTgCi4KZB9CElMPu9s-hJ6eRPTCqhv5R_SnW239al9GyTGknMrdpTAK-CwWdb9pJJlFZ7YC2TTXyTQvJvqk2O3qVV_5qaLo_kQXmY0dGMEiviIem76BzA3KINafS37ZyqDHUhSyWmjivxnzByPVCCsXuUBG2-US&jb=313124266a7b6f75354e696c75702662716f354e696c7770246a736a753d416a706d6d6d(Line 950) Message: Refused to load the script 'https://h64.online-metrix.net/OGL_WTLcl9r0PaVq?f2f340c2da432d87=bT9ElH0FjYrDOAGJOPF1IicaO1ROvaBvR3DqJ8D0GZjnL3nPHuqHpm6vYala0cZNnD7d3ywyGNn4DELlz_xxk3c1DdamYC9X1dWLYNSnirk5vI84GbAzpQLMES5wEP0ydzCgW1ThMlqHdly5cP3wVegSBlYYm3ao' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.cloudfront.net/ https://.convertexperiments.com https://.demdex.net https://.equalweb.com/ https://.kohoanalytics.ca https://.sardine.ai/ https://ajax.cloudflare.com https://analytics.tiktok.com/i18n/pixel/ https://analytics.twitter.com/ https://api-iam.intercom.io https://app.intercom.io https://assets.adobedtm.com https://assets.koho.ca https://assets.onfido.com https://cdn.amplitude.com https://cdn.plaid.com https://cdn.segment.com https://cdn.veritonic.com/ https://cm.everesttech.net https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/599633800219052 https://connect.facebook.net/signals/plugins/identity.js https://evnt.byspotify.com/ https://googleads.g.doubleclick.net https://h.online-metrix.net/ https://js.appboycdn.com https://js.intercomcdn.com https://js.stripe.com https://optimize.google.com https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://plugin.argyle.com https://sdk.onfido.com https://sentry.io https://solve-widget.forethought.ai https://static.ads-twitter.com/ https://static.cloudflareinsights.com https://tag.rmp.rakuten.com/122943.ct.js https://websdk.appsflyer.com https://widget.intercom.io https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.redditstatic.com/ https://www.woopra.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
rendering	warning	URL: https://web.koho.ca/registration/identity Message: [GroupMarkerNotSet(crbug.com/242999)!:A0405403EC3C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://web.koho.ca/registration/identity Message: [GroupMarkerNotSet(crbug.com/242999)!:A0807000EC3C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://web.koho.ca/registration/identity Message: [GroupMarkerNotSet(crbug.com/242999)!:A0A02C03EC3C0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
security	error	URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz Message: Refused to load the script 'https://snap.licdn.com/li.lms-analytics/insight.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.cloudfront.net/ https://.convertexperiments.com https://.demdex.net https://.equalweb.com/ https://.kohoanalytics.ca https://.sardine.ai/ https://ajax.cloudflare.com https://analytics.tiktok.com/i18n/pixel/ https://analytics.twitter.com/ https://api-iam.intercom.io https://app.intercom.io https://assets.adobedtm.com https://assets.koho.ca https://assets.onfido.com https://cdn.amplitude.com https://cdn.plaid.com https://cdn.segment.com https://cdn.veritonic.com/ https://cm.everesttech.net https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/599633800219052 https://connect.facebook.net/signals/plugins/identity.js https://evnt.byspotify.com/ https://googleads.g.doubleclick.net https://h.online-metrix.net/ https://js.appboycdn.com https://js.intercomcdn.com https://js.stripe.com https://optimize.google.com https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://plugin.argyle.com https://sdk.onfido.com https://sentry.io https://solve-widget.forethought.ai https://static.ads-twitter.com/ https://static.cloudflareinsights.com https://tag.rmp.rakuten.com/122943.ct.js https://websdk.appsflyer.com https://widget.intercom.io https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.redditstatic.com/ https://www.woopra.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 150) Message: Refused to connect to 'https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fweb.koho.ca%2Fregistration%2Fidentity&scrsrc=www.googletagmanager.com&frm=0&rnd=1486742599.1731435340&auid=2102651142.1731435340&npa=0&gtm=45be4b70v892118992za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101823848~101925629~102077854&tft=1731435340169&tfd=5002&apve=1' because it violates the following Content Security Policy directive: "connect-src 'self' data: blob: https://.convertexperiments.com https://.cv.gpsrv.com https://.demdex.net https://.equalweb.com/ https://.ingest.sentry.io https://.koho.ca https://.kohoanalytics.ca https://.launchdarkly.com https://.onfido.com https://.onfido.com https://.pd.gpsrv.com https://.ua.gpsrv.com https://af-event-logger.appsflyer.com https://analytics.google.com/ https://analytics.tiktok.com https://api-iam.intercom.io https://api-ping.intercom.io https://api-sandbox.argyle.com https://api.amplitude.com/ https://api.argyle.com https://api.ca.onfido.com https://api.eu.onfido.com https://api.forethought.ai/ https://api.intercom.io https://api.onfido.com https://api.sandbox-koho.ca https://api.segment.io https://api.staging.pungle.co https://api.stripe.com https://api.us.onfido.com https://assets.adobedtm.com https://assets.koho.ca https://atr.veritonicmetrics.com/ https://banner.appsflyer.com https://cdn.linkedin.oribi.io https://cdn.segment.com https://cm.everesttech.net https://conversions-config.reddit.com/ https://creatives-cdn.appsflyer.com https://evnt.byspotify.com/ https://get.geojs.io/v1/ip/country https://google.com/ccm/ https://h.online-metrix.net/ https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://px.ads.linkedin.com https://sdk.iad-01.braze.com https://sdk.iad-03.braze.com https://sentry.io https://stats.g.doubleclick.net/j/collect https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vendorapi.koho.ca/ https://vendorapi.sandbox-koho.ca/ https://webgateway.sandbox-koho.ca/ https://www.google-analytics.com https://www.redditstatic.com/ https://www.woopra.com ws://localhost:/sockjs-node wss://.onfido.com wss://localhost:*/sockjs-node wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 146) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 146) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 146) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 460) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://td.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src 'self' data: blob: https://.demdex.net https://.sardine.ai/ https://accounts.accessibe.com/ https://bid.g.doubleclick.net https://cdn.plaid.com https://h.online-metrix.net/ https://hooks.stripe.com https://intercom-sheets.com https://js.stripe.com https://koho-api.private.fin.ag/ https://koho-iframe.private.fin.ag/v2/ https://kohodev-iframe.private.fin.ag/v2/ https://optimize.google.com https://sdk.onfido.com https://solve-widget.forethought.ai https://web.koho.ca https://web.sandbox-koho.ca https://www.facebook.com/ https://www.google.com".
security	error	Message: Refused to load the script 'https://tags.srv.stackadapt.com/events.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.cloudfront.net/ https://.convertexperiments.com https://.demdex.net https://.equalweb.com/ https://.kohoanalytics.ca https://.sardine.ai/ https://ajax.cloudflare.com https://analytics.tiktok.com/i18n/pixel/ https://analytics.twitter.com/ https://api-iam.intercom.io https://app.intercom.io https://assets.adobedtm.com https://assets.koho.ca https://assets.onfido.com https://cdn.amplitude.com https://cdn.plaid.com https://cdn.segment.com https://cdn.veritonic.com/ https://cm.everesttech.net https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/599633800219052 https://connect.facebook.net/signals/plugins/identity.js https://evnt.byspotify.com/ https://googleads.g.doubleclick.net https://h.online-metrix.net/ https://js.appboycdn.com https://js.intercomcdn.com https://js.stripe.com https://optimize.google.com https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://plugin.argyle.com https://sdk.onfido.com https://sentry.io https://solve-widget.forethought.ai https://static.ads-twitter.com/ https://static.cloudflareinsights.com https://tag.rmp.rakuten.com/122943.ct.js https://websdk.appsflyer.com https://widget.intercom.io https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.redditstatic.com/ https://www.woopra.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: blob: https://.demdex.net https://.sardine.ai/ https://accounts.accessibe.com/ https://bid.g.doubleclick.net https://cdn.plaid.com https://h.online-metrix.net/ https://hooks.stripe.com https://intercom-sheets.com https://js.stripe.com https://koho-api.private.fin.ag/ https://koho-iframe.private.fin.ag/v2/ https://kohodev-iframe.private.fin.ag/v2/ https://optimize.google.com https://sdk.onfido.com https://solve-widget.forethought.ai https://web.koho.ca https://web.sandbox-koho.ca https://www.facebook.com/ https://www.google.com".
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-FKN7NNETLF&cx=c&_slc=1(Line 252) Message: Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FKN7NNETLF&cid=1760655221.1731435340&gtm=45je4b70v894288470z8812560807za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101823848~101925629~102067554~102077855' because it violates the following Content Security Policy directive: "connect-src 'self' data: blob: https://.convertexperiments.com https://.cv.gpsrv.com https://.demdex.net https://.equalweb.com/ https://.ingest.sentry.io https://.koho.ca https://.kohoanalytics.ca https://.launchdarkly.com https://.onfido.com https://.onfido.com https://.pd.gpsrv.com https://.ua.gpsrv.com https://af-event-logger.appsflyer.com https://analytics.google.com/ https://analytics.tiktok.com https://api-iam.intercom.io https://api-ping.intercom.io https://api-sandbox.argyle.com https://api.amplitude.com/ https://api.argyle.com https://api.ca.onfido.com https://api.eu.onfido.com https://api.forethought.ai/ https://api.intercom.io https://api.onfido.com https://api.sandbox-koho.ca https://api.segment.io https://api.staging.pungle.co https://api.stripe.com https://api.us.onfido.com https://assets.adobedtm.com https://assets.koho.ca https://atr.veritonicmetrics.com/ https://banner.appsflyer.com https://cdn.linkedin.oribi.io https://cdn.segment.com https://cm.everesttech.net https://conversions-config.reddit.com/ https://creatives-cdn.appsflyer.com https://evnt.byspotify.com/ https://get.geojs.io/v1/ip/country https://google.com/ccm/ https://h.online-metrix.net/ https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://pixel.byspotify.com/ https://pixel.switchgrowth.com/ https://px.ads.linkedin.com https://sdk.iad-01.braze.com https://sdk.iad-03.braze.com https://sentry.io https://stats.g.doubleclick.net/j/collect https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vendorapi.koho.ca/ https://vendorapi.sandbox-koho.ca/ https://webgateway.sandbox-koho.ca/ https://www.google-analytics.com https://www.redditstatic.com/ https://www.woopra.com ws://localhost:/sockjs-node wss://.onfido.com wss://localhost:*/sockjs-node wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-FKN7NNETLF&cx=c&_slc=1(Line 248) Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://td.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src 'self' data: blob: https://.demdex.net https://.sardine.ai/ https://accounts.accessibe.com/ https://bid.g.doubleclick.net https://cdn.plaid.com https://h.online-metrix.net/ https://hooks.stripe.com https://intercom-sheets.com https://js.stripe.com https://koho-api.private.fin.ag/ https://koho-iframe.private.fin.ag/v2/ https://kohodev-iframe.private.fin.ag/v2/ https://optimize.google.com https://sdk.onfido.com https://solve-widget.forethought.ai https://web.koho.ca https://web.sandbox-koho.ca https://www.facebook.com/ https://www.google.com".
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	error	URL: https://widget.intercom.io/widget/xiu5e01e Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	error	URL: https://widget.intercom.io/widget/xiu5e01e Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	error	URL: https://js.stripe.com/v3 Message: The source list for the Content Security Policy directive 'script-src' contains an invalid source: 'https://www.canadapost=postescanada.ca/cpc/assets/cpc/js/analytics.js'. It will be ignored.
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-902961551(Line 461) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2ulrybyxacxpl7ce4qzlyr62rfeeeqn7raawf3ftabbf13a37184065dsac.d.aa.online-metrix.net
alb.reddit.com
analytics.google.com
analytics.tiktok.com
analytics.twitter.com
api-iam.intercom.io
api.amplitude.com
api.kohoanalytics.ca
app.launchdarkly.com
cdn.amplitude.com
cdn.equalweb.com
cdn.plaid.com
cdn.segment.com
connect.facebook.net
events.launchdarkly.com
googleads.g.doubleclick.net
h.online-metrix.net
h64.online-metrix.net
js.intercomcdn.com
js.stripe.com
o36260.ingest.sentry.io
pixel-config.reddit.com
pixel.byspotify.com
pixel.switchgrowth.com
snap.licdn.com
solve-widget.forethought.ai
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.rmp.rakuten.com
tags.srv.stackadapt.com
truncated
web.koho.ca
webgateway.koho.ca
websdk.appsflyer.com
widget.intercom.io
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.redditstatic.com
h64.online-metrix.net
pixel-config.reddit.com
snap.licdn.com
tags.srv.stackadapt.com
truncated
104.18.6.38
104.244.42.195
108.138.128.21
108.139.29.53
108.139.47.114
108.139.47.42
13.249.86.140
13.249.91.44
146.75.28.157
151.101.128.176
151.101.192.176
151.101.193.140
151.101.194.217
172.66.0.227
192.225.158.1
192.225.158.3
2001:4860:4802:36::181
23.49.248.20
2606:4700:10::ac43:1c5d
2606:4700:20::681a:c5f
2606:4700:310c::ac42:2caf
2606:4700:310c::ac42:2f51
2606:4700::6812:1ef6
2607:f8b0:4004:c17::9b
2607:f8b0:4006:80e::2008
2607:f8b0:4006:80f::2004
2607:f8b0:4006:816::200e
2607:f8b0:4006:81c::2002
2607:f8b0:4006:823::2003
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:600::396
3.88.98.219
34.102.147.248
34.117.162.98
34.120.195.249
34.203.87.70
52.25.130.112
014a7b4417ad3e24d4e19865a4b4feb5bf04a5b0faf4a63b527a737956198d0f
016f61f01838ce5e1d9564ffe5a84616a3c4f66048f99f1e89f410a9dc2cad9e
03d2e97aa12b5fe63ab7d32b0f34a377ea162a7f800d4e3616bda7552a1afdc1
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
08fdb9f448abb925e6b2fef20317ff664a153e888dedb1028457e48f59cc92e8
0ba6b163f965f258c24888cf11c6dfe0d044de0800284da2e78a3faf7bd12925
12c36a25e1d34c128839e6020f8bbabfc7c313852d1b6d23e5e9550fb98e9191
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1d0d0a45ad5a5bae2fedefe30ac303d8f82726e54123045dabe70d60a80e525a
1f120dbe60c10831180babf37afc0edb7c01e9f4e7b135cfedc58b3523c887fb
2173f130ca59dc5554498343432f02f92ecce45c4f9381ea12b203a2978f33d4
239dfc60011c82460b2a739ee6747a0c467405d8a8fc78e25f69466ebcd401e3
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
2c7ebbe763272a6c9805e7ceb79b297905cbd9c27aca13681d535a9ee3400d3e
2d1c917bc1057c5b58233e89e416e18ab22b68681d576bbff86fcd381d626ffe
366cb86476f137950f4dfcaf28eca163e1d9973fdb7ea160d7af2c00599a386c
36f9bf7f4514edb409609f496bb668dcf33cbaa9f6a3219663f631014c726a97
3fc2d2325282f8ceb8c6100733e41a97216e1ab93f351a3e1eace25c4099231f
40780f31a9399252b5f948ced83fc2a4e79cde535e3ebb8e001b911a71729bdd
407e0c34d3e21312cacb8bb4c971b42e288fdff2eb0f3ba33d31132947710ea8
4253aa4ecd2f7b23e3c0bbf9a69306f0d5dc4c3dffb91dda0f725d457a8e8e13
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46b6596e9fdedae08a61fed7b7512700c383b8eb822239d6691fa49e1eb372de
47c7e3e605b64ba77f691904be3540de1dd5879d4410fa46353305149b4f0876
4abc6dae982d098d315efd0bfa7fa88afe40438acf7a540cc2fce38bc50cb39f
4aca24b37a2e73ec4e4e42f3915f6137d6278bfb7385792c50e147cb728629ac
4e74350f4bf3a2f5efd977d812b0195916bb492c492840a1f717a53d1419f19f
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5242da280ecd0664d76cc8c7be9fccb3f2bebe758c04d6e700dfe7b4f1eef605
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
5a9394ee1b3017dfd5f200efee245e1a48bd958d3bb9dbcfe1d88bce50c0866b
66ac6d4756e08768ca97702b58f1d4d8a849f2a424d5cac7cdb226d5aaf73969
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ba5f3edb2c2e41a487f3791abd280e5f8bd70490535bf54d72dd503038223c7
6dcdb5d625307386c2d3b21f8b51c43bfd4683fe073b66e884372cd35710c7a1
6f58c7ab8bb73eb5c177ace1406c025e4b9203c202340ba08a1f7bf125564889
784db85aea3a8cb7915e2b2f9548ff9e6c5b5c4823a7c0bfdd87f5259c37174e
78a1d6aef842a4167a919fa6280d76b849b09dcc329bc0f9701f219546afc818
79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4
7ac87dd9f74a67f144a3913ab313da479b90f31059c3d486b48e300ef72ea13f
8239ec3813476a434d3031db13d826e1d645b9402954a82053f509dc0bb2655a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84f05a3c1c4a200ffe226be6ef96bf7f95928b2b803130618ead7733677a5f2b
86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff
8a59881aae83948c79aad351b6c2b206f08360449c9a47e725f4523b57c5d5e4
92faadbd7760e48388bed9098f51697611523a09065bcd595820d412d882d12d
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
98d77039ea9249b3dce91ad7b467ee382f29daa61213c3e2737bd4a8786c8801
9ac99f73c5bbbc597f3b6309f54c111536dfc0c00d12a628d501ace61332e68e
9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c
9f81fd8f16f2252dd378308c71da6fd438e247d2c6180e2bd08a9d561ef7b8a3
a2103d52c0675d5521296f2d63b86272f03af235df090e52d942d61a376491c6
a3a85aa207e37edde003741c864ce773dc92be01dbb348dbf525b09df7697894
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
afaed7c81302d1a08eef38549fc320ba36f714e366cbfe9ed1a492b98fc51790
bc4ae72d43593c2fc59ead95f45eb0c3b02cd465fd427b3fff5224e476d26259
cfc03db994a8f8afd3406528e8194b3cfbcd4875740a43ac823977252891c75f
cfe509d14ea02466f2fffec040bea6f9192d8cd539f11cb59d491258d7771d7b
d2118bade160d44b7b7efa9ba8fd2a91a445031bbd864f42c0e7b05239d5f87c
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
ddbc3fbeaa904c77f2cbc8029158dfbcd2ad2b41a8a033e8e715b9ccefd4db78
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e609fb1c92747ab8b0205b6e00b8a04315b127b0852ec78a56de87542109bcca
e6123a1ec3c40bd17c50ac040b12abf9b1772da8adb691e73c4b323462b9056b
ee0cfba0faa34fce2ccdccccf563454a220b243e7de0850e516a91f69a29f8c2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f476676c4aceaa3e40e438cd48275e0a69b927a0963470bf442894b1df806ca2
fc36771e1d569fdbeb8c1010b63cd457a65717efcb67dee7a7a222ded7022ed2
fc73ec523601cbd33cbc6f2d16986d1cdd77b9ea49cbe1c4b6f4cf3919c221e5

web.koho.ca Open in urlscan Pro 104.18.6.38 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

129 Requests

96 %HTTPS

39 %IPv6

33 Domains

42 Subdomains

39 IPs

2 Countries

3484 kBTransfer

11695 kBSize

31 Cookies

2 Outgoing links

Page URL History

Redirected requests

129 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

web.koho.ca Open in urlscan Pro
104.18.6.38 Public Scan

Screenshot
Live screenshot

Full Image

129
Requests

96 %
HTTPS

39 %
IPv6

33
Domains

42
Subdomains

39
IPs

2
Countries

3484 kB
Transfer

11695 kB
Size

31
Cookies

129 HTTP transactions
7 data transactions