leaderpost.com Open in urlscan Pro
34.107.199.243 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Submission: On February 17 via manual (February 17th 2022, 5:21:23 pm UTC) from US — Scanned from DE

Summary HTTP 162 Redirects Links 44 Behaviour Indicators

Summary

This website contacted 59 IPs in 6 countries across 39 domains to perform 162 HTTP transactions. The main IP is 34.107.199.243, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is leaderpost.com. The Cisco Umbrella rank of the primary domain is 333451.
TLS certificate: Issued by GTS CA 1D4 on December 30th 2021. Valid for: 3 months.

This is the only time leaderpost.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	34.107.199.243 34.107.199.243	15169 (GOOGLE) (GOOGLE)
4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	72.247.225.98 72.247.225.98	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:2638::3 2a02:2638::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	13.33.241.218 13.33.241.218	16509 (AMAZON-02) (AMAZON-02)
1	104.16.68.69 104.16.68.69	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.214.98 52.222.214.98	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3032::ac43:c0b6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::6816:48e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.66.248.23 18.66.248.23	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.29 18.66.97.29	16509 (AMAZON-02) (AMAZON-02)
28	2a00:1450:400... 2a00:1450:4001:829::2010	15169 (GOOGLE) (GOOGLE)
1	34.149.157.221 34.149.157.221	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
5	2600:9000:223... 2600:9000:223c:9e00:8:f216:eb80:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
2 5	108.157.4.38 108.157.4.38	16509 (AMAZON-02) (AMAZON-02)
3	2a04:4e42:600... 2a04:4e42:600::645	54113 (FASTLY) (FASTLY)
5	151.101.66.133 151.101.66.133	54113 (FASTLY) (FASTLY)
1	52.50.160.17 52.50.160.17	16509 (AMAZON-02) (AMAZON-02)
5	2a04:4e42:400... 2a04:4e42:400::645	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:809::200e	15169 (GOOGLE) (GOOGLE)
8	2606:4700::68... 2606:4700::6811:bab1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	2600:9000:231... 2600:9000:2315:7200:8:2ae1:d740:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
2	151.101.194.133 151.101.194.133	54113 (FASTLY) (FASTLY)
2 2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
3	2600:1f18:44f... 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6810:f015	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:ef:... 2a02:26f0:ef::5c7b:c25a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	151.101.12.157 151.101.12.157	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
1	18.66.245.59 18.66.245.59	16509 (AMAZON-02) (AMAZON-02)
2	75.2.40.13 75.2.40.13	16509 (AMAZON-02) (AMAZON-02)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	52.205.167.202 52.205.167.202	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
1	3.226.102.122 3.226.102.122	14618 (AMAZON-AES) (AMAZON-AES)
4	2606:4700:10:... 2606:4700:10::6816:49e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.210.251.31 3.210.251.31	14618 (AMAZON-AES) (AMAZON-AES)
2	18.159.85.30 18.159.85.30	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
1	52.31.15.140 52.31.15.140	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:231... 2600:9000:2315:3e00:7:75d4:e40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	54.144.244.112 54.144.244.112	() ()
162	59

1 34.107.199.243 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 243.199.107.34.bc.googleusercontent.com

leaderpost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.247.225.98 (Berlin, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-247-225-98.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.33.241.218 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-241-218.hel50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.68.69 (None, )

ASN13335 (CLOUDFLARENET, US)

hb.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-98.fra56.r.cloudfront.net

cdn.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:c0b6 (United States)

ASN13335 (CLOUDFLARENET, US)

www.npttech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:48e8 (United States)

ASN13335 (CLOUDFLARENET, US)

auth.lrcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.248.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-23.dus51.r.cloudfront.net

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-29.fra56.r.cloudfront.net

fem.prod.postmedia.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a00:1450:4001:829::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.157.221 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 221.157.149.34.bc.googleusercontent.com

smartcdn.gprod.postmedia.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:223c:9e00:8:f216:eb80:93a1 (United States)

ASN16509 (AMAZON-02, US)

d395dw5zk780j2.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 108.157.4.38 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-38.dus51.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:600::645 (United States)

ASN54113 (FASTLY, US)

jssdkcdns.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jssdks.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.66.133 (United States)

ASN54113 (FASTLY, US)

cdn.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.160.17 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-160-17.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a04:4e42:400::645 (United States)

ASN54113 (FASTLY, US)

identity.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cookiesync.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700::6811:bab1 (United States)

ASN13335 (CLOUDFLARENET, US)

experience.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2600:9000:2315:7200:8:2ae1:d740:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.viafoura.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.194.133 (United States)

ASN54113 (FASTLY, US)

consumer.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:f015 (United States)

ASN13335 (CLOUDFLARENET, US)

c2.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:ef::5c7b:c25a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

38778e4300c2defc3bdc35138647953b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.245.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-245-59.dus51.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 75.2.40.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.226.102.122 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-102-122.compute-1.amazonaws.com

i.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:49e8 (United States)

ASN13335 (CLOUDFLARENET, US)

config.lrcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.251.31 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-251-31.compute-1.amazonaws.com

notifications.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.85.30 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-85-30.eu-central-1.compute.amazonaws.com

postmedia.hub.loginradius.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.15.140 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-15-140.eu-west-1.compute.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2315:3e00:7:75d4:e40:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.ribn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.144.244.112 (None, )

ASN- ()

livecomments.viafoura.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 storage.googleapis.com — Cisco Umbrella Rank: 411	348 KB
16	viafoura.net cdn.viafoura.net — Cisco Umbrella Rank: 10769	249 KB
9	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 cm.g.doubleclick.net — Cisco Umbrella Rank: 175 googleads.g.doubleclick.net — Cisco Umbrella Rank: 37 stats.g.doubleclick.net — Cisco Umbrella Rank: 67	152 KB
8	googlesyndication.com 38778e4300c2defc3bdc35138647953b.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 92 tpc.googlesyndication.com — Cisco Umbrella Rank: 120	39 KB
8	tinypass.com experience.tinypass.com — Cisco Umbrella Rank: 6548 cdn.tinypass.com — Cisco Umbrella Rank: 4567 buy.tinypass.com — Cisco Umbrella Rank: 3969	249 KB
8	krxd.net cdn.krxd.net — Cisco Umbrella Rank: 1228 consumer.krxd.net — Cisco Umbrella Rank: 1569 beacon.krxd.net — Cisco Umbrella Rank: 371	180 KB
8	mparticle.com jssdkcdns.mparticle.com — Cisco Umbrella Rank: 5051 identity.mparticle.com — Cisco Umbrella Rank: 2515 cookiesync.mparticle.com — Cisco Umbrella Rank: 13848 jssdks.mparticle.com — Cisco Umbrella Rank: 4790	59 KB
6	viafoura.co api.viafoura.co — Cisco Umbrella Rank: 11152 i.viafoura.co — Cisco Umbrella Rank: 11043 notifications.viafoura.co — Cisco Umbrella Rank: 12345 livecomments.viafoura.co	4 KB
6	google.com 1 redirects ampcid.google.com — Cisco Umbrella Rank: 1677 adservice.google.com — Cisco Umbrella Rank: 59 www.google.com — Cisco Umbrella Rank: 2	3 KB
6	lrcontent.com auth.lrcontent.com — Cisco Umbrella Rank: 37875 config.lrcontent.com — Cisco Umbrella Rank: 18192	96 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 9027 ampcid.google.de — Cisco Umbrella Rank: 50820 www.google.de — Cisco Umbrella Rank: 6342	2 KB
5	scorecardresearch.com 2 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 129	3 KB
5	cloudfront.net d395dw5zk780j2.cloudfront.net	18 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	227 KB
4	gstatic.com fonts.gstatic.com	91 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 263	40 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
2	loginradius.com postmedia.hub.loginradius.com — Cisco Umbrella Rank: 106623	559 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	313 B
2	sail-personalize.com api.sail-personalize.com — Cisco Umbrella Rank: 2482	497 B
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 2498 p1.parsely.com — Cisco Umbrella Rank: 1996	21 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	115 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 830	3 KB
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 99	16 KB
2	postmedia.digital fem.prod.postmedia.digital — Cisco Umbrella Rank: 86165 smartcdn.gprod.postmedia.digital — Cisco Umbrella Rank: 68899	147 KB
2	adsafeprotected.com cdn.adsafeprotected.com — Cisco Umbrella Rank: 3336 pixel.adsafeprotected.com — Cisco Umbrella Rank: 519	7 KB
1	ribn.com assets.ribn.com — Cisco Umbrella Rank: 44469	4 KB
1	rlcdn.com api.rlcdn.com — Cisco Umbrella Rank: 739	327 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 295	542 B
1	t.co t.co — Cisco Umbrella Rank: 456	337 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 468	458 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 539	6 KB
1	piano.io c2.piano.io — Cisco Umbrella Rank: 3966	3 KB
1	sail-horizon.com ak.sail-horizon.com — Cisco Umbrella Rank: 2571	43 KB
1	npttech.com www.npttech.com — Cisco Umbrella Rank: 4023	3 KB
1	districtm.io hb.districtm.io — Cisco Umbrella Rank: 70016	268 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 638	41 KB
1	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 618	43 KB
1	leaderpost.com leaderpost.com — Cisco Umbrella Rank: 333451	70 KB
162	39

	Domain	Requested by
28	storage.googleapis.com	leaderpost.com storage.googleapis.com
16	cdn.viafoura.net	fem.prod.postmedia.digital cdn.viafoura.net
6	buy.tinypass.com	cdn.tinypass.com buy.tinypass.com
5	cdn.krxd.net	fem.prod.postmedia.digital cdn.krxd.net
5	sb.scorecardresearch.com	2 redirects fem.prod.postmedia.digital leaderpost.com
5	d395dw5zk780j2.cloudfront.net	fem.prod.postmedia.digital d395dw5zk780j2.cloudfront.net
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	config.lrcontent.com	auth.lrcontent.com
4	www.google.com	1 redirects leaderpost.com tpc.googlesyndication.com
4	identity.mparticle.com	jssdkcdns.mparticle.com
4	www.googletagmanager.com	fem.prod.postmedia.digital www.googletagmanager.com
4	fonts.gstatic.com	fonts.googleapis.com
4	c.amazon-adsystem.com	leaderpost.com c.amazon-adsystem.com
4	securepubads.g.doubleclick.net	leaderpost.com securepubads.g.doubleclick.net
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	www.google.de	leaderpost.com
3	api.viafoura.co	cdn.viafoura.net
3	www.google-analytics.com	jssdkcdns.mparticle.com www.google-analytics.com
3	fonts.googleapis.com	leaderpost.com buy.tinypass.com client
2	postmedia.hub.loginradius.com	auth.lrcontent.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	www.facebook.com	leaderpost.com
2	api.sail-personalize.com	ak.sail-horizon.com
2	jssdks.mparticle.com	jssdkcdns.mparticle.com
2	connect.facebook.net	leaderpost.com connect.facebook.net
2	snap.licdn.com	www.googletagmanager.com snap.licdn.com
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
2	cm.g.doubleclick.net	2 redirects
2	consumer.krxd.net	cdn.krxd.net
2	auth.lrcontent.com	leaderpost.com cdn.viafoura.net
1	livecomments.viafoura.co	cdn.viafoura.net
1	assets.ribn.com	leaderpost.com
1	beacon.krxd.net	cdn.krxd.net
1	api.rlcdn.com	js-sec.indexww.com
1	match.adsrvr.org	js-sec.indexww.com
1	notifications.viafoura.co	cdn.viafoura.net
1	i.viafoura.co	leaderpost.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	p1.parsely.com	leaderpost.com
1	t.co	leaderpost.com
1	analytics.twitter.com	static.ads-twitter.com
1	cdn.parsely.com	www.googletagmanager.com
1	38778e4300c2defc3bdc35138647953b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	ampcid.google.de	www.google-analytics.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	static.ads-twitter.com	leaderpost.com
1	c2.piano.io	cdn.tinypass.com
1	cookiesync.mparticle.com	leaderpost.com
1	ampcid.google.com	www.google-analytics.com
1	cdn.tinypass.com	experience.tinypass.com
1	experience.tinypass.com	fem.prod.postmedia.digital
1	pixel.adsafeprotected.com	cdn.adsafeprotected.com
1	jssdkcdns.mparticle.com	fem.prod.postmedia.digital
1	smartcdn.gprod.postmedia.digital	leaderpost.com
1	fem.prod.postmedia.digital	leaderpost.com
1	ak.sail-horizon.com	leaderpost.com
1	www.npttech.com	leaderpost.com
1	cdn.adsafeprotected.com	leaderpost.com
1	hb.districtm.io	leaderpost.com
1	static.criteo.net	leaderpost.com
1	js-sec.indexww.com	leaderpost.com
1	leaderpost.com
162	63

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.reddit.com
pinterest.com
www.linkedin.com
www.tumblr.com
nationalpost.com
postpandemic.nationalpost.com
www.tkqlhce.com
local.leaderpost.com
business.financialpost.com
leaderpost.sportstonews.com
movies.leaderpost.com
leaderpost.remembering.ca
obituariesreginaleaderpost.adperfect.com
classifieds.leaderpost.com
leaderpost.adperfect.com
working.leaderpost.com
shopping.leaderpost.com
regina.postmediaauctions.com
www.driving.ca
driving.ca
epaper.leaderpost.com
calgaryherald.com
pages.postmedia.com
www.youtube.com
www.instagram.com
www.postmediasolutions.com
adregistry.postmedia.com
www.postmedia.com

Subject Issuer	Validity	Valid
leaderpost.com GTS CA 1D4	`2021-12-30` - `2022-03-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-02` - `2022-05-03`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
*.adsafeprotected.com Amazon	`2021-07-21` - `2022-08-19`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
ak.sail-horizon.com Amazon	`2022-01-06` - `2023-02-02`	a year	crt.sh
fem.prod.postmedia.digital Amazon	`2021-11-08` - `2022-12-06`	a year	crt.sh
*.storage.googleapis.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
smartcdn.gprod.postmedia.digital GTS CA 1D4	`2022-02-12` - `2022-05-13`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
jssdkcdns.mparticle.com R3	`2021-12-27` - `2022-03-27`	3 months	crt.sh
cdn.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-12-30` - `2022-12-29`	a year	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
identity.mparticle.com Go Daddy Secure Certificate Authority - G2	`2021-07-07` - `2022-08-08`	a year	crt.sh
*.piano.io Sectigo RSA Domain Validation Secure Server CA	`2021-08-19` - `2022-09-18`	a year	crt.sh
viafoura.com Amazon	`2021-10-07` - `2022-11-05`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
consumer.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-13` - `2022-07-12`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2021-07-15` - `2022-07-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-27` - `2022-02-25`	3 months	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
jssdks.mparticle.com R3	`2021-12-27` - `2022-03-27`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.parsely.com Amazon	`2021-07-05` - `2022-08-03`	a year	crt.sh
api.sail-personalize.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-01-06` - `2023-01-05`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-02-07` - `2022-05-02`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh
*.loginradius.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-13` - `2022-12-13`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-11-03` - `2022-11-02`	a year	crt.sh
*.ribn.com Amazon	`2021-09-20` - `2022-10-19`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-01-17` - `2022-04-11`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Frame ID: FD0AECD3516752BC03E1DDAB24AB5769
Requests: 135 HTTP requests in this frame

Frame: https://d395dw5zk780j2.cloudfront.net/v51.1/xd.html
Frame ID: A9AA51E988554131EF6F678E013DE182
Requests: 2 HTTP requests in this frame

Frame: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Frame ID: 73967DAB16CD5072B62DD43B6F0AD16B
Requests: 4 HTTP requests in this frame

Frame: https://38778e4300c2defc3bdc35138647953b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 03A8B7D5C730E79CAD91D29EE1878419
Requests: 1 HTTP requests in this frame

Frame: https://buy.tinypass.com/checkout/template/cacheableShow?aid=rJ8lIP2AXv&templateId=OTSVJI5XE8XL&offerId=fakeOfferId&experienceId=EXRQQNLPHXAZ&iframeId=offer_e855a9f1a87c3712d7e7-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fleaderpost.com
Frame ID: 852AEEFE013D3BAB2F82CDD71BBB855C
Requests: 6 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 3D8FA71FCE3278DA346BDD765E1ED3A6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 31F1F10019AAB7FF2828B23C935DC918
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D00A11A4AD4D51089644DE49C6555456
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Couple who donated to convoy worried about effects of GiveSendGo hack | Regina Leader PostRegina Leader PostUserToggle menuClose menu

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

Page Statistics

162
Requests

97 %
HTTPS

53 %
IPv6

39
Domains

63
Subdomains

59
IPs

6
Countries

2303 kB
Transfer

7239 kB
Size

36
Cookies

44 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/dialog/share?app_id=144435319507370&display=popup&href=https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&quote=
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A//leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&text=Sask.%20couple%20who%20donated%20to%20freedom%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack&via=leaderpost
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.reddit.com/submit?kind=link&url=https%3A//leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&title=Sask.%20couple%20who%20donated%20to%20freedom%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack
Title: Reddit

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&media=https://smartcdn.gprod.postmedia.digital/leaderpost/wp-content/uploads/2022/02/0212-convoy-mbs-06_267332877-w-1.jpg
Title: Pinterest

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/widgets/share/tool?canonicalUrl=https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&title=Sask.%20couple%20who%20donated%20to%20freedom%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack
Title: Tumblr

Search URL Search Domain Scan URL

URL: https://nationalpost.com/tag/coronavirus/
Title: COVID-19

Search URL Search Domain Scan URL

URL: http://postpandemic.nationalpost.com/
Title: PostPandemic

Search URL Search Domain Scan URL

URL: https://www.tkqlhce.com/click-8833680-11570746?url=https://leaderpost.newspapers.com/?xid=1846/
Title: Archives

Search URL Search Domain Scan URL

URL: https://local.leaderpost.com/categories/shop-local/
Title: Open during COVID

Search URL Search Domain Scan URL

URL: http://business.financialpost.com/markets/
Title: FP Markets

Search URL Search Domain Scan URL

URL: http://leaderpost.sportstonews.com/
Title: Golf Videos

Search URL Search Domain Scan URL

URL: http://movies.leaderpost.com/movies.aspx/
Title: Movie Listings

Search URL Search Domain Scan URL

URL: https://nationalpost.com/nyt-puzzle/
Title: New York Times Crossword

Search URL Search Domain Scan URL

URL: https://leaderpost.remembering.ca/
Title: Obituaries

Search URL Search Domain Scan URL

URL: https://leaderpost.remembering.ca/obituary/create/
Title: Place an Obituary

Search URL Search Domain Scan URL

URL: https://obituariesreginaleaderpost.adperfect.com/channel/C0A801FE1df5d23683gT6659D225/publication/7F0000010a61620EC4Jj1AC43A30/category/7F0000010a616210B7RYCB10A640/classification/7F0000010a616210BApRCB64B8B0?create=new/
Title: Place an In Memoriam

Search URL Search Domain Scan URL

URL: https://classifieds.leaderpost.com/
Title: Classifieds

Search URL Search Domain Scan URL

URL: https://leaderpost.adperfect.com/
Title: Place an Ad

Search URL Search Domain Scan URL

URL: https://classifieds.leaderpost.com/regina/business-card-directory/search/
Title: Business Card Directory

Search URL Search Domain Scan URL

URL: https://classifieds.leaderpost.com/regina/celebrating/search/
Title: Celebrations

Search URL Search Domain Scan URL

URL: https://classifieds.leaderpost.com/regina/real-estate-for-sale/search/
Title: Real Estate Marketplace

Search URL Search Domain Scan URL

URL: https://working.leaderpost.com/
Title: Working

Search URL Search Domain Scan URL

URL: https://shopping.leaderpost.com/
Title: Shopping

Search URL Search Domain Scan URL

URL: https://regina.postmediaauctions.com/
Title: Auction

Search URL Search Domain Scan URL

URL: https://www.driving.ca/
Title: All Driving

Search URL Search Domain Scan URL

URL: https://driving.ca/category/auto-news/
Title: News

Search URL Search Domain Scan URL

URL: https://driving.ca/category/reviews/
Title: Reviews

Search URL Search Domain Scan URL

URL: https://driving.ca/car-comparison/
Title: Car Comparison

Search URL Search Domain Scan URL

URL: https://driving.ca/buyers-guide/2015/
Title: Buyer’s Guide

Search URL Search Domain Scan URL

URL: http://epaper.leaderpost.com/
Title: ePaper

Search URL Search Domain Scan URL

URL: https://www.facebook.com/dialog/share?app_id=144435319507370&display=popup&href=https%3A//leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&quote=

Search URL Search Domain Scan URL

URL: https://nationalpost.com/news/civil-servants-nasa-employees-and-an-american-billionaire-among-donors-leaked-in-givesendgo-hack
Title: among thousands of Canadians who had their email addresses, names and postal codes leaked after hackers gained access to the website GiveSendGo this past weekend

Search URL Search Domain Scan URL

URL: https://nationalpost.com/news/politics/0214-na-emergencies-act
Title: ctivation of the Emergencies Act to deal with the protesters.

Search URL Search Domain Scan URL

URL: https://calgaryherald.com/news/local-news/mounties-arrest-11-armed-militant-protesters-at-coutts-blockade
Title: On Sunday, Alberta RCMP arrested 13 people after raiding trailers associated with the illegal border blockade in Coutts. A cache of guns, armour and ammunition were also seized.

Search URL Search Domain Scan URL

URL: https://pages.postmedia.com/community-guidelines/
Title: Community Guidelines

Search URL Search Domain Scan URL

URL: https://pages.postmedia.com/community-guidelines/#FAQ8
Title: email

Search URL Search Domain Scan URL

URL: https://www.facebook.com/reginaleaderpost/

Search URL Search Domain Scan URL

URL: https://twitter.com/leaderpost

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCNjXZ_e01dMqfjbb9lGCoWA

Search URL Search Domain Scan URL

URL: https://www.instagram.com/leaderpost/

Search URL Search Domain Scan URL

URL: https://www.postmediasolutions.com/contact-us/
Title: Advertise With Us

Search URL Search Domain Scan URL

URL: https://adregistry.postmedia.com/
Title: Digital Ad Registry

Search URL Search Domain Scan URL

URL: https://www.postmedia.com/brands

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://cm.g.doubleclick.net/pixel?google_nid=mparticle_dmp&google_cm&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mparticle_dmp&google_cm=&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2&google_tc= HTTP 302
https://cookiesync.mparticle.com/v1/sync/?id=CAESEPWfuxqgslC6JLVJ0tTaW0U&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2&google_cver=1

Request Chain 81

https://sb.scorecardresearch.com/b?c1=2&c2=10276888&ns__t=1645118477150&ns_c=UTF-8&c8=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&c7=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1645118477150&ns_c=UTF-8&c8=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&c7=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&c9=

Request Chain 106

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&auid=1838617308.1645118477&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=DYQOYpWoILizx_APltSgyAM&sscte=1&crd=CNPgGwjRpLEC&eitems=ChEIgIG4kAYQ_8_r1LjE56OIARIdANvdRuOz5AQgg7OzTbFLaLtv0uKvgYqiI4lgcxE HTTP 302
https://www.google.com/pagead/1p-conversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&auid=1838617308.1645118477&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGwjRpLEC&is_vtc=1&ocp_id=DYQOYpWoILizx_APltSgyAM&cid=CAQSKQCNIrLMP25OOCRcVkgJ4EW3TuiibAvjuQ-ChQdXwwXFBFHQzjgj1s_Q&eitems=ChEIgIG4kAYQ_8_r1LjE56OIARIdANvdRuMS1_V4EpDcEszH1eRGLofGV26164bV-2g&random=1916352364&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&auid=1838617308.1645118477&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGwjRpLEC&is_vtc=1&ocp_id=DYQOYpWoILizx_APltSgyAM&cid=CAQSKQCNIrLMP25OOCRcVkgJ4EW3TuiibAvjuQ-ChQdXwwXFBFHQzjgj1s_Q&eitems=ChEIgIG4kAYQ_8_r1LjE56OIARIdANvdRuMS1_V4EpDcEszH1eRGLofGV26164bV-2g&random=1916352364&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 147

https://sb.scorecardresearch.com/c2/10276888/cs.js HTTP 302
https://sb.scorecardresearch.com/internal-c2/default/cs.js

162 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack Show response
leaderpost.com/news/local-news/ 400 KB
70 KB 143ms
102ms Document
text/html 34.107.199.243
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.107.199.243 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

243.199.107.34.bc.googleusercontent.com

Software

nginx/1.19.10 /

Resource Hash

73d9b51beb0d4902120e61420dfb1801f0633c53177f1c3bfb89c570f59a9857

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

server: nginx/1.19.10
date: Thu, 17 Feb 2022 17:21:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding Accept-Encoding user-agent
expires: Thu, 17 Feb 2022 17:24:40 GMT
cache-control: max-age=300
x-frame-options: SAMEORIGIN
x-pmd-backend: cheetah-nginx pmd-nginx-proxy-76c6fc48f5-mn8z6
access-control-allow-origin: *
x-pmd-cache: HIT
strict-transport-security: max-age=31536000
content-encoding: gzip
via: 1.1 google
alt-svc: clear

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
27 KB 145ms
45ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

214262f914b3c5434272e6ea7bc30eeaa0b6720de0d64263b6ba8305b7628b87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27414
x-xss-protection: 0
server: sffe
etag: "1134 / 124 of 1000 / last-modified: 1645112711"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 17 Feb 2022 17:21:16 GMT

GET
H/1.1 200
OK 184635-98241795450605.js Show response
js-sec.indexww.com/ht/p/ 164 KB
43 KB 1754ms
1685ms Script
text/javascript 72.247.225.98
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/ht/p/184635-98241795450605.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 72.247.225.98 Berlin, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-247-225-98.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d3fb20870b9f2c49fb9c9919d049a416817a9d38799da2045239f69e5b1117af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 17 Feb 2022 17:21:18 GMT
Content-Encoding: gzip
Last-Modified: Thu, 17 Feb 2022 17:21:06 GMT
Server: Apache
ETag: "7644c4-28f4f-5d839fdcc25e7"
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3599
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Content-Type: text/javascript
Expires: Thu, 17 Feb 2022 18:21:17 GMT

GET
H2 200 publishertag.js Show response
static.criteo.net/js/ld/ 127 KB
41 KB 59ms
28ms Script
text/javascript 2a02:2638::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.js

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

1edc83f7137848a661dbf5a61dbe4bb3b42fc7d064004560ea0269b45747e7d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: gzip
last-modified: Mon, 31 Jan 2022 09:04:37 GMT
server: nginx
etag: W/"61f7a625-1fc09"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 18 Feb 2022 17:21:16 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 180ms
50ms Script
application/javascript 13.33.241.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.241.218 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-241-218.hel50.r.cloudfront.net
Software: Server /
Resource Hash: 784acd540b5fcfb87c47dfe12e5311084ce692366a2ac196fd5cc8eb28ff4c23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:09:12 GMT
content-encoding: gzip
age: 724
x-cache: Hit from cloudfront
timing-allow-origin: *
server: Server
x-amz-rid: 0280B2QD1972KJ875FV2
etag: c1da564f59b83b9805e8df92eca012f5
vary: Accept-Encoding
x-amz-version-id: GtBleBshAfJx9KFXwg43LDlo50FXi9le
via: 1.1 9f6a623c512f1a1b6fd6b2d4bd697472.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: HEL50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: f1RAc-PNiomC2w3ZwTy_RK98OsNHV9ukoDT6FCiDP4Tn0hTBdb2CFw==

GET
H2 204 all.postmedia.js Show response
hb.districtm.io/prod/100549/ 0
268 B 59ms
31ms Script
text/plain 104.16.68.69
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.districtm.io/prod/100549/all.postmedia.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.68.69 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 6df0b0ee5aec91d8-FRA
access-control-allow-headers: Content-Type, Origin

GET
H/1.1 200
OK iasPET.1.js Show response
cdn.adsafeprotected.com/ 22 KB
7 KB 53ms
7ms Script
application/javascript 52.222.214.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adsafeprotected.com/iasPET.1.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-98.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Tue, 15 Feb 2022 16:17:12 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 02 Jun 2021 17:38:57 GMT
Server: AmazonS3
Age: 176645
ETag: W/"51636de3ce868a2172f9e6996c2934e0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 7abd55cee48606340f570b45718202b6.cloudfront.net (CloudFront)
Cache-Control: max-age=604800
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA56-P3
X-Amz-Cf-Id: FjJX3nihCsmrcJPk1R7peHeaPbYZJXDl6rqzc9emyTU3ngrH7Vouew==

GET
H2 200 css
fonts.googleapis.com/ 7 KB
1 KB 134ms
48ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aa8c4f5924fd06cbaf5c65fac729f0c3207d1f70534b07fc0915948c41b29d6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 17:21:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 17 Feb 2022 17:21:16 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Feb 2022 17:21:16 GMT

GET
H2 200 advertising.js Show response
www.npttech.com/ 7 KB
3 KB 72ms
26ms Script
application/javascript 2606:4700:3032::ac43:c0b6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.npttech.com/advertising.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c0b6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 378
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: E0EAZ2J1TYXRAZ5J
x-amz-id-2: owuXg5OiLeqLLDwhSjOuA/cd5Fpo9jS52D94qpPjH/549lNf9nI3J1/m/MAzGCqKgxRzQE3LlpU=
last-modified: Wed, 19 Jun 2019 08:25:01 GMT
server: cloudflare
etag: W/"3d6f80c860866175f58a84bbbc9217c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFIJcCgYyaa2N7u6K5qtm0mzg2nvd1npqFqBtGuxkmMyIzAmSvanfgRjsugIJxiMb4oXEycFgdTL5Q6g32989kpIcUjO3UJIcVH3JQel1zWS04v3Z2n7w0n8SJQFio3jzycQij1oXLVt8pMxGXA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=28800
x-amz-version-id: hXQWgdpwSBM26VgKOeTSlm.4VT89.h9w
cf-ray: 6df0b0ef482f0b80-AMS

GET
H2 200 LoginRadiusV2.js Show response
auth.lrcontent.com/v2/js/ 199 KB
47 KB 57ms
24ms Script
application/javascript 2606:4700:10::6816:48e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.lrcontent.com/v2/js/LoginRadiusV2.js

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:48e8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c

Security Headers

Name	Value
Strict-Transport-Security	max-age= 63072000; includeSubdomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
via: 1.1 0abfc04b3868b6760be5e12dccdfc7d4.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
age: 5121
cf-polished: origSize=1238069
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 05:19:58 GMT
server: cloudflare
etag: W/"ae3463c4a59ae100b160ed4dd5dbf4b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age= 63072000; includeSubdomains; preload
content-type: application/javascript
cache-control: max-age=14400
x-amz-cf-pop: JFK51-C1
cf-ray: 6df0b0ee69c09280-FRA
x-amz-cf-id: yeqFFdoDzymXbGWM-hQEHgdlHWCDRLGD9tgLi1E5Ua9wPkkm5engOQ==
cf-bgj: minify

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 121 KB
43 KB 69ms
10ms Script
application/javascript 18.66.248.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.248.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-248-23.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:15:38 GMT
content-encoding: gzip
last-modified: Tue, 08 Jun 2021 04:22:34 GMT
server: AmazonS3
age: 339
etag: W/"b22b4f4738e8722be1636447be239da2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 1b18b0df6149933160ee945c6867dc2c.cloudfront.net (CloudFront)
cache-control: max-age=600; must-revalidate
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: UDjB-PMYAvDCYWpJDanChQAbLncFz3RTj-IF6ER7qE830VfduCD_LA==

GET
H2 200 fem.js Show response
fem.prod.postmedia.digital/v51.1/ 259 KB
77 KB 62ms
9ms Script
application/javascript 18.66.97.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-29.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 79c381d0b010da04e31a1da615ecb7b142984a8fa33f080485a2c109ce064f15

Request headers

Referer: https://leaderpost.com/
Origin: https://leaderpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 19:35:31 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 769546
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Mon, 07 Feb 2022 18:52:49 GMT
server: AmazonS3
etag: W/"4cc3e49974273ce5cad6c7cb78d3c130"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
via: 1.1 e44e0b24e706487eaec6b9e01f2166dc.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: YMNXPvv_TktCP4uIqe2pFRxYog3P9RRG_xQGNs64INsfJPVArzKW9g==

GET
H2 200 share-modal-icon-close.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 284 B
547 B 152ms
52ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/share-modal-icon-close.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: bb4fb0059425e84fccb29bdbdaa7c010b6fc4a5e831487b1eeb9c4b108e214b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:32:31 GMT
age: 2925
x-guploader-uploadid: ADPycdsXyFrshIu4Csxb9BbrKQhm5PrUFb4haKY9MCNS-P6xF4rA4Kzs-nrvxZnsdU-WJZTe26R6OXJ8lO3w3TXoVnE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 284
last-modified: Tue, 15 Feb 2022 20:46:22 GMT
server: UploadServer
etag: "aeffa4d673f9046357d018cd83f36303"
x-goog-hash: crc32c=mQjXfA==, md5=rv+k1nP5BGNX0BjNg/NjAw==
x-goog-generation: 1644881484842044
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 284
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:32:31 GMT

GET
H2 200 icon-circle-email.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 976 B
1 KB 148ms
47ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-circle-email.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2a647bbfb5c6723ca10f9833ae08d3381b0061f982959571e56a55d7768cb7a5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:26:58 GMT
age: 3258
x-guploader-uploadid: ADPycdu5ceohU_ROm9wp1I5ZRI8GtOUE6sQ8w9EWpbc4iuUIAo9fuZsTGVOHoxrr4Y9WKIOiWsVD-woukxG9QasMRAs
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 976
last-modified: Tue, 15 Feb 2022 20:46:22 GMT
server: UploadServer
etag: "bef02ad8b1f137bbb303cefe8614b69f"
x-goog-hash: crc32c=ZVCajw==, md5=vvAq2LHxN7uzA87+hhS2nw==
x-goog-generation: 1644881484388357
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 976
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:26:58 GMT

GET
H2 200 icon-soc-fb.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 775 B
1 KB 147ms
47ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-fb.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 40e562e806ce113ae7879d0dd76db82797b5c274794751c260381f2c8b283641

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:26:07 GMT
age: 3309
x-guploader-uploadid: ADPycdsBon7jS1GAF7mNO8a4og72iB9rDjuLON1oAP_HEAcsSesrUelEY3tQzK78MsV8d0kk6J2Zjhj-e4F-nitelimQ3eE4sg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 775
last-modified: Tue, 15 Feb 2022 20:46:19 GMT
server: UploadServer
etag: "993353c51244defcc16154eac23ff88d"
x-goog-hash: crc32c=Z/aKUg==, md5=mTNTxRJE3vzBYVTqwj/4jQ==
x-goog-generation: 1644881481677612
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 775
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:26:07 GMT

GET
H2 200 icon-soc-tw.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 2 KB
2 KB 145ms
45ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-tw.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 975a64dc9bbc5e1884ba8ca2e76d9b2791d16d5c9f3619bf30477cd21a8636d2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:26:30 GMT
age: 3286
x-guploader-uploadid: ADPycdtgUJh6DN4_rgcKpSaxWEqsBemAmUkA4GqKT1sHnzHpzgZ-Xm4XAD22rsaitTQH7ailPJB220yeqoEz8sTTMYg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1698
last-modified: Tue, 15 Feb 2022 20:46:23 GMT
server: UploadServer
etag: "df82c342c1176b84253c53e6e10eed05"
x-goog-hash: crc32c=cbPk0w==, md5=34LDQsEXa4QlPFPm4Q7tBQ==
x-goog-generation: 1644881485821808
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 1698
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:26:30 GMT

GET
H2 200 icon-soc-rdit.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 2 KB
2 KB 149ms
49ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-rdit.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 1fb82c9bb456f6d5336430ebb3d5b1e596ceb303ee99690f0c9187aa13a0cd43

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:24:30 GMT
age: 3406
x-guploader-uploadid: ADPycdtHMYBkybnbnaRhKMRC5SequCwWXuawt33kYSdl6vapKevLvaD1c5fECIP2FaAcDCztvyxxsBswYZ-BJ_3a4vHyNh4cpA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2135
last-modified: Tue, 15 Feb 2022 20:46:18 GMT
server: UploadServer
etag: "0304b8d3870cc1f4f888574a14022da4"
x-goog-hash: crc32c=GJubKw==, md5=AwS404cMwfT4iFdKFAItpA==
x-goog-generation: 1644881480619090
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 2135
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:24:30 GMT

GET
H2 200 icon-soc-pin.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 2 KB
2 KB 149ms
49ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-pin.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 73ce21104cbd5c5d38a7f58633f41f6aaf3cf9bb58d2166935871115df10086f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:27:23 GMT
age: 3233
x-guploader-uploadid: ADPycdsTqiJlg-kcpvL_stgg95x_fH8SIhHhIoLP_sumti7XpqdRix4ZWueLMIicpglZE3gXklcs1TPlgeiXg4HKuWNzVw31ww
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1904
last-modified: Tue, 15 Feb 2022 20:46:20 GMT
server: UploadServer
etag: "7dbe30e1f3c16e83b217e86f8fe87986"
x-goog-hash: crc32c=CmGx6w==, md5=fb4w4fPBboOyF+hvj+h5hg==
x-goog-generation: 1644881482571150
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 1904
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:27:23 GMT

GET
H2 200 icon-soc-li.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 739 B
1 KB 79ms
42ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-li.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 73f5cb8f7a137847e41aeb849588174535651b6e140d8b13575f46fff0c496a2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:24:30 GMT
age: 3406
x-guploader-uploadid: ADPycdsem4MO8QsnYpe-hD8IF_uVC-Za6-Mw9Fy-fQE8OZQkgNJN7DEykvo-uvR1kiW6wJj1keq8jGJ3OKOrGIbf6yk
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 739
last-modified: Tue, 15 Feb 2022 20:46:23 GMT
server: UploadServer
etag: "071e5c7f2df5f3dc2b856b2576752f1c"
x-goog-hash: crc32c=PfZM8A==, md5=Bx5cfy3189wrhWsldnUvHA==
x-goog-generation: 1644881485373676
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 739
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:24:30 GMT

GET
H2 200 icon-soc-tblr.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 479 B
745 B 51ms
50ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-tblr.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: bd42ab1e963caae23b78541c50e8b5d8146d0c6b2151fcfcfa938c17c417f68e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:26:50 GMT
age: 3266
x-guploader-uploadid: ADPycdsOxWDm-0bhpbmtroTa_ONz5czrS_wCCo2qSI9ZMsyskHS6Qj3KgY47lsZooLrrQUvKesTIF2LciuiIEwJg-XXjwUeFyA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 479
last-modified: Tue, 15 Feb 2022 20:46:20 GMT
server: UploadServer
etag: "1ace9edc1bbac746d584a7270d791ff9"
x-goog-hash: crc32c=08+Lmg==, md5=Gs6e3Bu6x0bVhKcnDXkf+Q==
x-goog-generation: 1644881483100757
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 479
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:26:50 GMT

GET
H2 200 icon-circle-share.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 561 B
813 B 84ms
48ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-circle-share.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4bef0d2ce9ddd3dcd15889345ea8e4ae1eb38c2bcf50bcd76daed2dc63f0a424

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:26:58 GMT
age: 3258
x-guploader-uploadid: ADPycdvLtO69iMcOBA_d87Kd0xJRJTlrzctlrFexwzlk0h8NlMa4QxiB56Rgd3K7PYoYa-cZJLu4VgKw8b2z0rL3w7XVqgja9Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 561
last-modified: Tue, 15 Feb 2022 20:46:21 GMT
server: UploadServer
etag: "cbc289873c015f5baae7e9e8d4876ea9"
x-goog-hash: crc32c=9Je3tg==, md5=y8KJhzwBX1uq5+no1IduqQ==
x-goog-generation: 1644881483454653
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 561
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:26:58 GMT

GET
H2 200 0212-convoy-mbs-06_267332877-w-1.jpg
smartcdn.gprod.postmedia.digital/leaderpost/wp-content/uploads/2022/02/ 70 KB
70 KB 328ms
270ms Image
image/webp 34.149.157.221
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://smartcdn.gprod.postmedia.digital/leaderpost/wp-content/uploads/2022/02/0212-convoy-mbs-06_267332877-w-1.jpg?quality=90&strip=all&w=564&h=423&type=webp
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.157.221 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 221.157.149.34.bc.googleusercontent.com
Software: nginx/1.19.10 /
Resource Hash: 826a2a1830fe1a09b4b925a910ed8808623aecd72649e8f2ef81e1adcc727bbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-pmd-smartcdn-requester: leaderpost
date: Thu, 17 Feb 2022 17:21:16 GMT
via: 1.1 google
server: nginx/1.19.10
cache-control: max-age=2592000,public
etag: "03325565cb55f6186a735529646c08b59deeba66"
vary: Accept
content-type: image/webp
x-cache-hit: miss
x-pmd-smart-cdn-proxy: thumbor-proxy-64c799cd7-2cjmp
alt-svc: clear
content-length: 71254

GET
H2 200 icon-soc-yt.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 744 B
1006 B 52ms
50ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-yt.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 99394b0f6e9f0aefd71dd6a9ad59129ff7852e7734905bead2f2cec5789e3436

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:35:11 GMT
age: 2765
x-guploader-uploadid: ADPycdsU2n5ZlQRKR5UqEiSvdxEAL7DQ7Vj2aChV8IPcUUFPZ48VaY32GGXTxRykrfjtuIsjcK0PPCA8BCw2o4WPAZs
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 744
last-modified: Tue, 15 Feb 2022 20:46:20 GMT
server: UploadServer
etag: "c7b3b346ada043e6e241bca3e7f698d0"
x-goog-hash: crc32c=8iXYKg==, md5=x7OzRq2gQ+biQbyj5/aY0A==
x-goog-generation: 1644881482123381
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 744
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:35:11 GMT

GET
H2 200 icon-soc-ig.svg
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/ 2 KB
2 KB 56ms
55ms Image
image/svg+xml 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/images/share-icons/icon-soc-ig.svg
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 179f43e8abd5e7bd49d05571dc29d22c9f5044eb17ca8253a49e3e28e716af61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 16:31:39 GMT
age: 2977
x-guploader-uploadid: ADPycdvAPWkuDFJzXnxYGcw0RotQW7ZlPjcTE66OYVKkCujpoI0E9_e-w-ri9A2jqn-pNHPe5vhynHjfpBlosi_20-zmudywKQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1898
last-modified: Tue, 15 Feb 2022 20:46:16 GMT
server: UploadServer
etag: "cf38c08bd0b7e49f4550f048b7c4e2cf"
x-goog-hash: crc32c=bCiZ9w==, md5=zzjAi9C35J9FUPBIt8Tizw==
x-goog-generation: 1644881478629061
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 1898
accept-ranges: bytes
content-type: image/svg+xml
expires: Fri, 17 Feb 2023 16:31:39 GMT

GET
H2 200 shared.d33e6484d03b.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/ 24 KB
24 KB 125ms
40ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: d33e6484d03b08f00e8578780f4562ddadf7f80650c06bdc3a139c136b034857

Request headers

Referer: https://leaderpost.com/
Origin: https://leaderpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:17:33 GMT
age: 223
x-guploader-uploadid: ADPycdvI4TtGyZJrcA6_fpS4_7XpSAlUIXAX8vbHGJBU13iLvYS1gv8gGSzKklawQdyLf7eXCdFABbeQJalUTGJRYoI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24147
last-modified: Tue, 15 Feb 2022 20:59:16 GMT
server: UploadServer
etag: "f23f4bdf010727323373c771ec257045"
x-goog-hash: crc32c=C7wvUA==, md5=8j9L3wEHJzIzc8dx7CVwRQ==
x-goog-generation: 1644882199559179
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: max-age=31536000
x-goog-stored-content-length: 24147
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:17:33 GMT

GET
H2 200 main.9f8ffd0b38bc.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/ 95 KB
95 KB 162ms
77ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/main.9f8ffd0b38bc.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9f8ffd0b38bc5e22245c02bdf6c4f492fc20bbd187186f9c707a202f44f6eef9

Request headers

Referer: https://leaderpost.com/
Origin: https://leaderpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:21 GMT
age: 175
x-guploader-uploadid: ADPycdtV86RtJDOcCjMJlxo07cs9bykNNEx7hLtFF-E5KtUdE5Itc8PwXVRqv1Ph4AUem-3qSLbfgD2VnyxtUZYTI74F9i9_nQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 97234
last-modified: Tue, 15 Feb 2022 20:59:16 GMT
server: UploadServer
etag: "7a98e87510707bd512960ff7437bbff6"
x-goog-hash: crc32c=7ywTDA==, md5=epjodRBwe9USlg/3Q3u/9g==
x-goog-generation: 1644882200306198
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: max-age=31536000
x-goog-stored-content-length: 97234
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 128ms
40ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://leaderpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 166887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Feb 2023 18:59:49 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v24/ 15 KB
15 KB 134ms
50ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v24/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://leaderpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 19:30:30 GMT
x-content-type-options: nosniff
age: 78646
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15660
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:19:40 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 19:30:30 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 164ms
80ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700%7CRoboto:400,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://leaderpost.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 162801
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 15 Feb 2023 20:07:55 GMT

GET
H2 200 xd.html Show response
d395dw5zk780j2.cloudfront.net/v51.1/ Frame A9AA 167 B
507 B 35ms
7ms Document
text/html 2600:9000:223c:9e00:8:f216:eb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d395dw5zk780j2.cloudfront.net/v51.1/xd.html
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:9e00:8:f216:eb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1aefec411441da454a39e812f8300125bfd117abc33f50f98c124419314da704

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/

Response headers

content-type: text/html
content-length: 167
date: Mon, 07 Feb 2022 21:40:52 GMT
last-modified: Mon, 07 Feb 2022 18:52:49 GMT
etag: "1cb7c3921583ebfd6049b00de4ee73de"
cache-control: max-age=31536000
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: HdyH9Sq2i0jcYhn8zJSBn8jnOJuEKdyDAL3_kTz_6f6J7cGu9a1kJA==
age: 848425

GET
H2 200 9a7c27a08915980838a7.js Show response
d395dw5zk780j2.cloudfront.net/v51.1/chunks/ 8 KB
3 KB 31ms
7ms Script
application/javascript 2600:9000:223c:9e00:8:f216:eb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d395dw5zk780j2.cloudfront.net/v51.1/chunks/9a7c27a08915980838a7.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:9e00:8:f216:eb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d04afc774d80c39a178f6b42d961777a3cec7be7dfe585618d75f02abc515a97

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 07 Feb 2022 21:40:52 GMT
content-encoding: gzip
last-modified: Mon, 07 Feb 2022 18:52:50 GMT
server: AmazonS3
age: 848425
etag: W/"3d25530a5100a84944d4cedefbec0c9e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: 28nx8ZPFOr6okW-x3KT6X6y6hGg5ON2DuIHfP-aIsirFk4hFfB3klA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 491 KB
109 KB 146ms
58ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer

Requested by

Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c21160da384157ec08e4c6357133fd7ed4dcea5a6892555a987a794a23534b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111779
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 16:23:25 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Feb 2022 17:21:16 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 45ms
14ms Script
application/javascript 108.157.4.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-38.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 06:20:17 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 39660
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: fpUSsfoWzz7d0TB7klG_7n10Y4D1BSgOkLM1ENFpSzGBUt81j8bGBg==

GET
H2 200 mparticle.js Show response
jssdkcdns.mparticle.com/js/v2/cd4afed6a2719d439af431746c942e3c/ 503 KB
58 KB 31ms
7ms Script
application/javascript 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdkcdns.mparticle.com/js/v2/cd4afed6a2719d439af431746c942e3c/mparticle.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 74827385d216e6c6e67f46832b930057afb02e98a099fb63896df2d1d6c055b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
via: 1.1 varnish, 1.1 varnish
server: Kestrel
age: 76
x-origin-name: fastlyshield--shield_ssl_cache_iad_kcgs7200065_IAD
x-served-by: cache-iad-kcgs7200065-IAD, cache-hhn4055-HHN
vary: Accept, Accept-Encoding
x-cache: HIT, HIT
content-type: application/javascript
content-encoding: gzip
cache-control: public, max-age=3600
accept-ranges: bytes
x-timer: S1645118477.765695,VS0,VE1
content-length: 58682
x-cache-hits: 2, 1

GET
H2 200 uep0netg6.js Show response
cdn.krxd.net/controltag/ 27 KB
6 KB 67ms
6ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/uep0netg6.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a27f7fe38b712f49c5a534ebeb70f5d965b04dcf1fa804ea9ac43d16672564c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Thu, 17 Feb 2022 17:21:16 GMT
via: 1.1 varnish, 1.1 varnish
age: 778
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 5925
x-served-by: config-service-a001-ash-prod.krxd.net, cache-iad-kjyo7100171-IAD, cache-hhn4077-HHN
x-response-time: 0
x-do-esi: esi
x-timer: S1645118477.805033,VS0,VE0
etag: "75f4c6d60fc7128a9244e7f798921e7d4e3404a6"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 110 KB
34 KB 126ms
49ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer

Requested by

Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

23ed9e43d3a7a0a92381e60256c5116a0760f62f707ba7c9508c21d63cef88ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34222
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 16:23:25 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Feb 2022 17:21:16 GMT

GET
H2 200 pub Show response
pixel.adsafeprotected.com/services/ 590 B
823 B 140ms
41ms XHR
application/json 52.50.160.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/services/pub?anId=928934&slot=%7Bid:ad-1,ss:%5B1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/leaderpost.com/news/local-news/story,t:display%7D&slot=%7Bid:ad-2,ss:%5B6.6,1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/leaderpost.com/news/local-news/story,t:display%7D&slot=%7Bid:ad-3,ss:%5B7.7,1200.250,1200.90,970.90,970.250,728.90,300.250%5D,p:/3081/leaderpost.com/news/local-news/story,t:display%7D&slot=%7Bid:ad-native-1,ss:%5B5.5%5D,p:/3081/leaderpost.com/news/local-news/story,t:display%7D&wr=1600.1200&sr=1600.1200&sessionId=9644c94d-9ac6-fc2e-340e-8acc722ce247&url=https%253A%252F%252Fleaderpost.com%252Fnews%252Flocal-news%252Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Requested by: Host: cdn.adsafeprotected.com
URL: https://cdn.adsafeprotected.com/iasPET.1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.160.17 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-160-17.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: f0fac28aced9059761b7c48d72ee3cfba9ec945ae2d42d5fa9f4d578f3efc52f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
x-server-name: app08.ie.303net.net
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://leaderpost.com
access-control-expose-headers: X-Server-Name
access-control-allow-credentials: true
timing-allow-origin: *
server: nginx

GET
H2 200 pubads_impl_2022021401.js Show response
securepubads.g.doubleclick.net/gpt/ 360 KB
121 KB 41ms
40ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021401.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

8e2dcb9912e96ad6472e010d4e66d67c647dfc385f09d652c1ff8d4d752baf14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:03:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1065
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123280
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 09:43:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 17 Feb 2023 17:03:31 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 175 B
140 B 96ms
49ms XHR
application/json 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=leaderpost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

478dc5cf0081c0e87de29362a19d61bcf104de99b9ff1b2a2bffad621376bc7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
expires: Thu, 17 Feb 2022 17:21:16 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ 0
311 B 59ms
58ms XHR
text/plain 13.33.241.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3528&u=https%3A%2F%2Fleaderpost.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.241.218 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-241-218.hel50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 11:27:15 GMT
via: 1.1 9f6a623c512f1a1b6fd6b2d4bd697472.cloudfront.net (CloudFront)
server: Server
age: 21241
x-cache: Hit from cloudfront
access-control-allow-origin: https://leaderpost.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: HEL50-C1
x-amz-cf-id: c3KMMYXxhF7XlyXK2w_WU6JorOOQduKx-FSrYRmyom7rRZq5u_uhRw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 137ms
69ms XHR
application/javascript 13.33.241.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.241.218 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-241-218.hel50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: eaU6ir6qmGswM2SGRmLi7PKhBcBrRdvn
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 41971
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 21 Jan 2022 02:54:57 GMT
server: AmazonS3
date: Thu, 17 Feb 2022 05:41:46 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 a529b95d300020af7b6819ecefd572f4.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: HEL50-C1
x-amz-cf-id: 0xG4UNR1uO4444n3AFRRTVQO6T8s8VzzCd9chjPFgQs_Bt8X_G2uCg==

GET
H2 200 b0a8d692e0f2d945bf56.js Show response
d395dw5zk780j2.cloudfront.net/v51.1/chunks/ 3 KB
1 KB 7ms
7ms Script
application/javascript 2600:9000:223c:9e00:8:f216:eb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d395dw5zk780j2.cloudfront.net/v51.1/chunks/b0a8d692e0f2d945bf56.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:9e00:8:f216:eb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efe645e30b1c609185fa0cb178858f9097e6f4b3407f23feffe6b4087f697cc5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 07 Feb 2022 21:40:55 GMT
content-encoding: gzip
last-modified: Mon, 07 Feb 2022 18:52:50 GMT
server: AmazonS3
age: 848422
etag: W/"75db323e22a4eaef2177f44b4722c4c2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: yOnbgsRtZBeYOSyZac0JAMNXBl5541SX0JHtLHOOHUJiCq4lbpF_0Q==

GET
H2 200 xd.js Show response
d395dw5zk780j2.cloudfront.net/v51.1/ Frame A9AA 36 KB
12 KB 8ms
8ms Script
application/javascript 2600:9000:223c:9e00:8:f216:eb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d395dw5zk780j2.cloudfront.net/v51.1/xd.js
Requested by: Host: d395dw5zk780j2.cloudfront.net
URL: https://d395dw5zk780j2.cloudfront.net/v51.1/xd.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:9e00:8:f216:eb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d984a247beba5abcd72a6b6dd131ae1767b6d0cc76ad1223b33e8e3d5a7e05c0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d395dw5zk780j2.cloudfront.net/v51.1/xd.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Mon, 07 Feb 2022 21:40:52 GMT
content-encoding: gzip
last-modified: Mon, 07 Feb 2022 18:52:49 GMT
server: AmazonS3
age: 848424
etag: W/"269a198fcd379487531b391a8641fd8a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
x-amz-cf-id: aa0uabBGLC0e4S_Jwy1A2NY1y1aX6hb9H1VX09kD0h3l861MKHpOBQ==

OPTIONS
H2 204 identify
identity.mparticle.com/v1/ Frame 0
0 41ms
6ms Preflight 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-mp-key
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: Kestrel
access-control-allow-headers: content-type,x-mp-key
access-control-allow-methods: POST
access-control-allow-origin: *
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
accept-ranges: bytes
date: Thu, 17 Feb 2022 17:21:16 GMT
via: 1.1 varnish
age: 2385
x-served-by: cache-hhn4072-HHN
x-cache: HIT
x-cache-hits: 689
x-timer: S1645118477.862352,VS0,VE0
strict-transport-security: max-age=900

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 122ms
38ms Script
text/javascript 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/cd4afed6a2719d439af431746c942e3c/mparticle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 6383
date: Thu, 17 Feb 2022 15:34:53 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Thu, 17 Feb 2022 17:34:53 GMT

POST
H2 200 identify Show response
identity.mparticle.com/v1/ 175 B
278 B 120ms
119ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Requested by

Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/cd4afed6a2719d439af431746c942e3c/mparticle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

fb032624f5acc849cc61bbb2a0f7698c41cbc4a81bd914046c0ba342107b3ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

x-mp-key: cd4afed6a2719d439af431746c942e3c
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1645118477.873605,VS0,VE109
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by: cache-hhn4072-HHN
vary: Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=900
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 load Show response
experience.tinypass.com/xbuilder/experience/ 5 KB
2 KB 72ms
38ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://experience.tinypass.com/xbuilder/experience/load?aid=rJ8lIP2AXv

Requested by

Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61d4ca0200e3201193169511e7f5bc6d9bee393eb6fd14c4e92145ababfd8e72

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 2358
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: Cypjg7rJApG
wn: prod-exp-10-0-86-105
last-modified: Thu, 17 Feb 2022 16:41:58 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=1800
cf-ray: 6df0b0f07e366977-FRA
expires: Thu, 17 Feb 2022 17:51:16 GMT

GET
H2 200 80191db1329e26f9588a.js Show response
d395dw5zk780j2.cloudfront.net/v51.1/chunks/ 958 B
1 KB 7ms
7ms Script
application/javascript 2600:9000:223c:9e00:8:f216:eb80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d395dw5zk780j2.cloudfront.net/v51.1/chunks/80191db1329e26f9588a.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:9e00:8:f216:eb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a65ce992525abe57691b53f84e57f71ac9723a5ef6d67f5d351a08199b752dbf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 08 Feb 2022 19:35:22 GMT
via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
last-modified: Mon, 07 Feb 2022 18:52:50 GMT
server: AmazonS3
age: 769555
etag: "eb256db0593df3ccb09b319cb98c7005"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-P2
accept-ranges: bytes
content-length: 958
x-amz-cf-id: JlyilwWaM61AM1RGiW6Qgj8KOB_fi5gYSvbpXrWPrsLLaaDllXSzjA==

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ 259 KB
83 KB 8ms
8ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/uep0netg6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: gzip
age: 1706004
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 1653258
content-length: 84509
x-served-by: cache-hhn4077-HHN
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1645118477.876185,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
533 B 212ms
212ms XHR
text/javascript 13.33.241.218
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3528&u=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&pid=yYzUVeQo9BJgC&cb=0&ws=1600x1200&v=7.73.0&t=2000&slots=%5B%7B%22sd%22%3A%22ad-1%22%2C%22s%22%3A%5B%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-2%22%2C%22s%22%3A%5B%226x6%22%2C%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-3%22%2C%22s%22%3A%5B%227x7%22%2C%221200x250%22%2C%221200x90%22%2C%22970x90%22%2C%22970x250%22%2C%22728x90%22%2C%22300x250%22%5D%7D%2C%7B%22sd%22%3A%22ad-native-1%22%2C%22s%22%3A%5B%225x5%22%5D%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.241.218 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-241-218.hel50.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 9f6a623c512f1a1b6fd6b2d4bd697472.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: HEL50-C1
x-amz-rid: GKPMZKX5JXYMPZ8W90B6
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://leaderpost.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: 7X7OOuNSilAEqnHc4KI9CrbZsro-Df9bIbQ9y0c46I4H1iTLWEdnvg==

GET
H2 200 vf-v2.js Show response
cdn.viafoura.net/ 662 KB
156 KB 45ms
11ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/vf-v2.js
Requested by: Host: fem.prod.postmedia.digital
URL: https://fem.prod.postmedia.digital/v51.1/fem.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6b1ceb435ff95c2319b62ccd6cdfdede730eef0b05c695320801c857949f16e7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-amz-version-id: YQfUJ22j7FopBGzwwf8knyjUepuF5gSZ
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:18 GMT
server: AmazonS3
age: 160
etag: W/"77d22ae8cb1f66ff9530f58ab9fa4b11"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=300
date: Thu, 17 Feb 2022 17:18:43 GMT
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: 49E9cCqWkgmeFf30MkF6hlUOAJxGGzBsNqDMBtwHDVbIlTvzdAiBfA==

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 275 KB
80 KB 56ms
45ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tinypass.com/api/tinypass.min.js?version=2

Requested by

Host: experience.tinypass.com
URL: https://experience.tinypass.com/xbuilder/experience/load?aid=rJ8lIP2AXv

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4937b7825482a591bc12eaed55f566a457ea178a8daf8bdc749dab5a67d448

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 202
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
wn: prod-dash-10-0-132-242
last-modified: Thu, 17 Feb 2022 08:07:26 GMT
server: cloudflare
etag: W/"281674-1645085246000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.000
cache-control: public, max-age=1200
cf-ray: 6df0b0f0def76977-FRA
expires: Thu, 17 Feb 2022 17:41:16 GMT

GET
H2 200 proxy.3d2100fd7107262ecb55ce6847f01fa5.html Show response
cdn.krxd.net/partnerjs/xdi/ Frame 7396 805 B
826 B 7ms
6ms Document
text/html 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/

Response headers

last-modified: Tue, 21 Feb 2017 17:50:54 GMT
etag: "3d2100fd7107262ecb55ce6847f01fa5"
cache-control: public, max-age=315360000
expires: Fri, 19 Feb 2027 17:50:50 GMT
content-type: text/html
x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Partner_JS_S3
content-encoding: gzip
accept-ranges: bytes
date: Thu, 17 Feb 2022 17:21:16 GMT
via: 1.1 varnish
age: 842231
x-served-by: cache-hhn4077-HHN
x-cache: HIT
x-cache-hits: 297282
x-timer: S1645118477.937614,VS0,VE0
vary: Accept-Encoding
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 525

GET
H3 200 884f8a63d4124a85c5dd0.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 7 KB
7 KB 90ms
42ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/884f8a63d4124a85c5dd0.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 8efc268132d526206d433febe50d279a657513bcf23a6b6a527f84811c6ba6c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:13 GMT
age: 184
x-guploader-uploadid: ADPycdtEC0j5DiRwD0PLdTfeLFZDGkbZC8maIWl3Tsl9LGpYhQaoW3yV-ULkUt5fT6zRIRNbhuoFvRbeP70S6CIqFQIj4JxRnQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7423
last-modified: Tue, 15 Feb 2022 20:54:01 GMT
server: UploadServer
etag: "c49d96dcaef0c6bab44ff066dc8b95be"
x-goog-hash: crc32c=vViX5Q==, md5=xJ2W3K7wxrq0T/Bm3IuVvg==
x-goog-generation: 1644881890422747
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 7423
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:13 GMT

GET
H3 200 fc26f765ecbbcf90e0f11.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 17 KB
18 KB 96ms
49ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/fc26f765ecbbcf90e0f11.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2a57c084ba5fc039d4bc2f41ebe757f1aa7db0b6e3a001d4ebba63b4fc173a77

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:17:44 GMT
age: 213
x-guploader-uploadid: ADPycdsEuLenLnSQWG0IDmZkG6IeDHlC71RlEx_qyVtD9P5UEy0dSLEH8M_rSMar5bINNeB1GYXgMbvZjqzPSlNRMoE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17919
last-modified: Tue, 15 Feb 2022 20:53:06 GMT
server: UploadServer
etag: "829b09d27492cdf257b7ade24f4a6499"
x-goog-hash: crc32c=Lb73Pw==, md5=gpsJ0nSSzfJXt63iT0pkmQ==
x-goog-generation: 1644881844366403
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 17919
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:17:44 GMT

GET
H3 200 360d8cc91f278aa230437.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 12 KB
12 KB 192ms
145ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/360d8cc91f278aa230437.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 54f99710ea6dfde67c874d6f4d5e1ad6364cf81c89fceca1ae35967fd3b03855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycdu5NkxBrUZS4wonRzI8beYWNZ3FY9Ji3V7z_mDRTCz11KpUpYO4V1osJcancN1URRQqiZNtu8X03n2qafN8FVM
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11945
last-modified: Tue, 15 Feb 2022 20:54:03 GMT
server: UploadServer
etag: "7139ad87ceae4ce21c24485f7350067c"
x-goog-hash: crc32c=2A01FQ==, md5=cTmth86uTOIcJEhfc1AGfA==
x-goog-generation: 1644881892274768
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 11945
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 319134f8edfeb15b070c18.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 12 KB
12 KB 183ms
136ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/319134f8edfeb15b070c18.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: a1f4086973dc8059c20b2a680c1e4cfae4069ff3a4a063a297bbcd9281115dab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:11 GMT
age: 186
x-guploader-uploadid: ADPycdtuZaPQi98UcAQZI5G8QvwoDk6tlkzp31fsZO4T11hrC1NXfw3px_gWEuEHKSUpbfjzpa88pN646_dnGIKkVfw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11838
last-modified: Tue, 15 Feb 2022 20:57:02 GMT
server: UploadServer
etag: "da197d82bf62286fc23fe4180be5a69f"
x-goog-hash: crc32c=HDqK1w==, md5=2hl9gr9iKG/CP+QYC+Wmnw==
x-goog-generation: 1644882053300876
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 11838
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:11 GMT

GET
H3 200 2b8b86e084d1ab65e2064.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 8 KB
8 KB 179ms
133ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/2b8b86e084d1ab65e2064.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9034335635758d7a2b0d8f6f94a42f45ca55f3a87ed38929c7ab89800036e708

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycduTjez6UTl0n7-faZEhsbTBun3aJd-3F2NuMFTal5MEGmNm_1rDaGs_TU74Y3XOqze6hvU0szKVlqNT0btP0fA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7850
last-modified: Tue, 15 Feb 2022 20:56:15 GMT
server: UploadServer
etag: "5bc682e33359e3155fb28ccf2ae810da"
x-goog-hash: crc32c=0gqd7w==, md5=W8aC4zNZ4xVfsozPKugQ2g==
x-goog-generation: 1644882015915326
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 7850
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 9b98b91c7967b0fa07196.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 19 KB
19 KB 173ms
128ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/9b98b91c7967b0fa07196.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 190bc6bf64a88996a8505f258adba28cba4c993a6b1b446abd3d3ff552286a1c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:17:44 GMT
age: 213
x-guploader-uploadid: ADPycds6wKNzd4wHotiE3t7te7DsJSxzKGR-LmwpW3RNAPVZli1sZOpSPDio7S2EDExvIM94F5WFG7UmcsPgbrm_XGc
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19530
last-modified: Tue, 15 Feb 2022 20:53:32 GMT
server: UploadServer
etag: "bda424b4ee127735617303c48fa6ac6e"
x-goog-hash: crc32c=U4MBag==, md5=vaQktO4SdzVhcwPEj6asbg==
x-goog-generation: 1644881864511926
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 19530
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:17:44 GMT

GET
H3 200 4e3abf0a5d0557e6057413.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 51 KB
51 KB 160ms
115ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/4e3abf0a5d0557e6057413.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 46ba5f0b3b0f72884e66f3f7c8ac6c6195741a4e77f15f55ae16927c6c913da4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:17:33 GMT
age: 224
x-guploader-uploadid: ADPycdtewdXPD3z2idIgUUOs4VSzj7q_dfJvNsUuNwT1OoOErEgyt58Sg-zo7dHqivooIpOB0fT_MJ_3y5tk-_RNJU4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51761
last-modified: Tue, 15 Feb 2022 20:55:26 GMT
server: UploadServer
etag: "d616a676fe3a430cc820dcce8c7eb080"
x-goog-hash: crc32c=GNaSug==, md5=1hamdv46QwzIINzOjH6wgA==
x-goog-generation: 1644881971622307
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 51761
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:17:33 GMT

GET
H3 200 db17bce7ef9476ceda412.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 6 KB
6 KB 165ms
121ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/db17bce7ef9476ceda412.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 39a95bd7f8ff911c8a36dc1ae3b37f85d4684fd3897ab3df6dca5f8c3cd9b422

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycduacbv27IrwUDXwZMnEZpc_4_Thqoy0GnFlOPiJuzDyle_Nzty1dS4Up8ava7AWkQN6TLoDCsbK8JjA1tRWodI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6613
last-modified: Tue, 15 Feb 2022 20:55:11 GMT
server: UploadServer
etag: "899414f597f9d27247d11ce76474a2dc"
x-goog-hash: crc32c=A3iSGQ==, md5=iZQU9Zf50nJH0RznZHSi3A==
x-goog-generation: 1644881957885547
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 6613
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 99570a8661cf974c335a3.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 16 KB
16 KB 167ms
123ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/99570a8661cf974c335a3.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: e2cf23246faa8dc51d53f8194af77082ccfa8dff6a73596ea98c0ded52fb3a39

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycdvuWGuc6DBfseerRO_wrUMPOWgCkAWUzw3s1cJvIVPf-Jlup8IWVo9ZiC2s4qNRr5ITqSbnes0UEMoeLmR9E5A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16304
last-modified: Tue, 15 Feb 2022 20:56:57 GMT
server: UploadServer
etag: "debb89f20df701c8de2c5e6bb79a658b"
x-goog-hash: crc32c=nwPaNw==, md5=3ruJ8g33AcjeLF5rt5pliw==
x-goog-generation: 1644882049134960
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 16304
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 38f433b6a6367d1711665.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 14 KB
14 KB 151ms
107ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/38f433b6a6367d1711665.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b40fffdca8df7dcf6a825dc35de6f3ee8bca5119730c8938e77e805d8016cb78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycdv_A_ITuRHxzIZZZll8_mFwkiN_PZajG9tZNUcvc3MhjjOGlHRABSTdyAbUgkxL_3bk3rzTHp7dVgXOycM2-s0
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14524
last-modified: Tue, 15 Feb 2022 20:53:46 GMT
server: UploadServer
etag: "7e2c54fd7b84713d19c76b6feac47ef2"
x-goog-hash: crc32c=+acR1Q==, md5=fixU/XuEcT0Zx2tv6sR+8g==
x-goog-generation: 1644881876797357
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 14524
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 0c3df80a51de2ab6e84c9.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 13 KB
13 KB 137ms
95ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/0c3df80a51de2ab6e84c9.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: f79e1f14cff6f380ebbbea645bb159978ead5447a33a0ced34534b2271eb4019

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycdvkCPpK7iiBkyFp7EoUaWKM2Nd6-79HV_pX-RYQnZbLxTsY4whcyx2hK3-WwjZT5AD0tvjUSH52aM_anQM_3f8
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13044
last-modified: Tue, 15 Feb 2022 20:52:52 GMT
server: UploadServer
etag: "ee116d738b01ddbe65d02cc3fa73d054"
x-goog-hash: crc32c=MkZxRQ==, md5=7hFtc4sB3b5l0CzD+nPQVA==
x-goog-generation: 1644881834961337
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 13044
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 0c201cfbaeab033b467f14.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 9 KB
9 KB 122ms
81ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/0c201cfbaeab033b467f14.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: c5bfe7e837984f45a4b301978ceb06a03fea2e60a15b937d99fd5b30d6ae9946

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:28 GMT
age: 169
x-guploader-uploadid: ADPycdszmGXzFoPWMTTQpoqhkaxj9VHblvfBxp7MSoFFGISqjbDJHoB7LvmsSeAAqE_OQyOStg7TaPlnWJLcyAlJnuJ5l4fSvg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9458
last-modified: Tue, 15 Feb 2022 20:56:24 GMT
server: UploadServer
etag: "8e1df5b1e14f8298fc66da2c5c54d707"
x-goog-hash: crc32c=CUeVCQ==, md5=jh31seFPgpj8ZtosXFTXBw==
x-goog-generation: 1644882023741422
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 9458
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:28 GMT

GET
H3 200 e330ec2ee9969165019715.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 7 KB
7 KB 131ms
89ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/e330ec2ee9969165019715.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 7a8eeaf2b963d18188f07f3e78982938224c9e58b5fab050989e51cbf44a3d6c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycduL5hY5e2NrEQhCTBbuqLqmA0dZuKhZ_rdVVSOhSjCoPtRP18cvoespuwp_spy1PLus8--g9C3GINNWHn1A_IU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6788
last-modified: Tue, 15 Feb 2022 20:52:20 GMT
server: UploadServer
etag: "12ee1ac869a2db91363fd7388565e8b4"
x-goog-hash: crc32c=Wu4a0w==, md5=Eu4ayGmi25E2P9c4hWXotA==
x-goog-generation: 1644881811278334
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 6788
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 3b3f819d1ffe0e05145e10.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 11 KB
11 KB 113ms
72ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/3b3f819d1ffe0e05145e10.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9008ac843d4735e349bdde45c352caeb6d5c1517622730fa602d6b56cf5e4b3a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:16 GMT
age: 181
x-guploader-uploadid: ADPycdsQSnyTdi3i8imkJFcPkbaRWatcrpBTeX6vxWoUa4DeOIPu5INcp6dOljR3auMHNjqnFuO0biV5tJm7t4wb8hI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10932
last-modified: Tue, 15 Feb 2022 20:55:51 GMT
server: UploadServer
etag: "e4fab017917be3e89551208300b62fbd"
x-goog-hash: crc32c=J7wClg==, md5=5PqwF5F74+iVUSCDALYvvQ==
x-goog-generation: 1644881994961134
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 10932
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:16 GMT

GET
H3 200 7cf4d25d2e47a8e0a18e28.js Show response
storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/ 9 KB
9 KB 105ms
64ms Script
application/javascript 2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/websites/js/7cf4d25d2e47a8e0a18e28.js
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/pmd-stage-northamerica-northeast1-dcs-static-files/9.4.3/CACHE/js/shared.d33e6484d03b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 42d28b968b79182a5ce39cb1bfb0a1f62441f1fb1a5d233162712097967aa6cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:18:02 GMT
age: 195
x-guploader-uploadid: ADPycdutCK75iX9vcNs7KGfZDwMJYSnDzdkJQc962FfZJxjWrbTFjiKY1J90z6zulJ2fAjqOWY6CP6aNavhBkNiPPB8
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9689
last-modified: Tue, 15 Feb 2022 20:54:45 GMT
server: UploadServer
etag: "b4c30f6fffd2d31290da1a28b432039d"
x-goog-hash: crc32c=ctfUGg==, md5=tMMPb//S0xKQ2hootDIDnQ==
x-goog-generation: 1644881932397586
access-control-allow-origin: *
cache-control: max-age=31536000
x-goog-stored-content-length: 9689
accept-ranges: bytes
content-type: application/javascript
expires: Fri, 17 Feb 2023 17:18:02 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 73 KB
29 KB 111ms
65ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-59M8STV&l=gtm_data_layer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4d218ddf5faf24434848d295f99ad3cd8f3874aac2f030a7903e0f9ae8bb0f28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29510
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 16:23:25 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Feb 2022 17:21:17 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 172 KB
55 KB 87ms
45ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P3Q4QHW&l=gtm_data_layer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NTQ8ZV4&l=gtm_data_layer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bf29e910d65b76c674db7b9581154237e685ab3db0f37772509a7858c8401f03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55905
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 16:23:25 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 17 Feb 2022 17:21:17 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
531 B 151ms
43ms XHR
application/json 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://leaderpost.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 42fb57ac-2013-45a6-8dad-332d53e17c1b Show response
consumer.krxd.net/consent/get/ 237 B
428 B 123ms
36ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 98d6f6bbd06e3e09e464f94db0718f1d8a306cb0db5af0b335b921f6a52e27bb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a006-dub-prod.krxd.net, cache-hhn4052-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1645118477.114844,VS0,VE27
content-length: 189
x-cache-hits: 0, 0

GET
H2

204

/
cookiesync.mparticle.com/v1/sync/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=mparticle_dmp&google_cm&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2
https://cm.g.doubleclick.net/pixel?google_nid=mparticle_dmp&google_cm=&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2&google_tc=
https://cookiesync.mparticle.com/v1/sync/?id=CAESEPWfuxqgslC6JLVJ0tTaW0U&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2&google_cver=1

0
186 B

408ms
375ms

Image
text/plain

2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cookiesync.mparticle.com/v1/sync/?id=CAESEPWfuxqgslC6JLVJ0tTaW0U&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2&google_cver=1
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Server: 2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 varnish
server: Kestrel
x-timer: S1645118477.359773,VS0,VE369
x-origin-name: 6pOFtq5qpnIJ0Pt8WbH5c2--F_us1_origin
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
x-served-by: cache-hhn4041-HHN

Redirect headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cookiesync.mparticle.com/v1/sync/?id=CAESEPWfuxqgslC6JLVJ0tTaW0U&MPID=6686083867368227625&esid=29183&Key=cd4afed6a2719d439af431746c942e3c&env=2&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 382
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 uep0netg6.js Show response
cdn.krxd.net/controltag/ Frame 7396 27 KB
6 KB 7ms
6ms Script
text/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/controltag/uep0netg6.js
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: a27f7fe38b712f49c5a534ebeb70f5d965b04dcf1fa804ea9ac43d16672564c8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_config_service_ash_prod
date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 varnish, 1.1 varnish
age: 779
x-cache: MISS, HIT, HIT
x-app-cache: HIT
x-age: 0
content-encoding: gzip
content-length: 5925
x-served-by: config-service-a001-ash-prod.krxd.net, cache-iad-kjyo7100171-IAD, cache-hhn4077-HHN
x-response-time: 0
x-do-esi: esi
x-timer: S1645118477.058671,VS0,VE0
etag: "75f4c6d60fc7128a9244e7f798921e7d4e3404a6"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-hits: 0, 1, 3

POST
H2 200 v2 Show response
api.viafoura.co/v2/leaderpost.com/bootstrap/ 6 KB
3 KB 305ms
112ms XHR
application/json 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/leaderpost.com/bootstrap/v2
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: df8017f3233fba90e392777ef6489b224840ffbfd84a795366dd8d689d305649

Request headers

Accept: application/json, text/plain, */*
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
x-instance-id: i-0f57b8b5fd17921a3
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://leaderpost.com
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Thu, 17 Feb 2022 17:21:17 GMT

OPTIONS
H2 204 v2
api.viafoura.co/v2/leaderpost.com/bootstrap/ Frame 0
0 297ms
96ms Preflight 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/leaderpost.com/bootstrap/v2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
server: nginx/1.18.0 (Ubuntu)
expires: Thu, 17 Feb 2022 17:21:17 GMT
cache-control: max-age=0
access-control-allow-origin: https://leaderpost.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
access-control-max-age: 1728000

GET
H2 200 get.js Show response
buy.tinypass.com/api/v3/anon/captcha/ 153 B
413 B 194ms
183ms Script
application/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=rJ8lIP2AXv

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5e99c98dbc73d40a3542bd842c897fcada89a78313c284df57697469f1d16ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: EXPIRED
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: Chjlg7r7U64
pragma
wn: prod-dash-10-0-89-186
last-modified: Thu, 17 Feb 2022 17:04:54 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.012
cache-control: public, max-age=1200
cf-ray: 6df0b0f21a0a6977-FRA
expires: Thu, 17 Feb 2022 17:41:17 GMT

POST
H2 200 execute Show response
c2.piano.io/xbuilder/experience/ 14 KB
3 KB 161ms
138ms XHR
application/json 2606:4700::6810:f015
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.piano.io/xbuilder/experience/execute?aid=rJ8lIP2AXv

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:f015 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3afcfed67e2042d89faa911db1b1015adf1951832f11b409e835d5ae24a06b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: ydko2o56hw
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://leaderpost.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6df0b0f23cc191fc-FRA

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 152ms
53ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14879
x-xss-protection: 0
server: cafe
etag: 17635014576153706337
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 17 Feb 2022 17:21:17 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1008 B
794 B 41ms
7ms Script
application/x-javascript 2a02:26f0:ef::5c7b:c25a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKM4ZNQ&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ef::5c7b:c25a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: ef1c55f2165c2e95a1f17def4a8d5e1169931e223eab40857dbe186295cc02db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 17 Feb 2022 17:21:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Feb 2022 23:52:13 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=45350
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 481

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 22ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 26236
x-xss-protection: 0
pragma: public
x-fb-debug: HdG5VkoXsDFTBfNE+do8KVTGY97c1w/TKmva17JbCg/Tiq7SgVLcUD86fFoCNZn+U+plZ8ofgtbXb3FnUtP7OQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Thu, 17 Feb 2022 17:21:17 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 14 KB
6 KB 52ms
7ms Script
application/javascript 151.101.12.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
last-modified: Sat, 05 Feb 2022 00:44:37 GMT
etag: "8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT, HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 5410
x-served-by: cache-iad-kjyo7100029-IAD, cache-fra19181-FRA

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=10276888&ns__t=1645118477150&ns_c=UTF-8&c8=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Lead...
https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1645118477150&ns_c=UTF-8&c8=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Lea...

0
224 B

14ms
14ms

Image
text/plain

108.157.4.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1645118477150&ns_c=UTF-8&c8=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&c7=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&c9=
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Server: 108.157.4.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-38.dus51.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: PORl2A_9BV5GgfAu3PWBJ0dQm2uM5RGzzeQscHemFzihujfkFvWvMQ==
x-cache: Miss from cloudfront

Redirect headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=10276888&ns__t=1645118477150&ns_c=UTF-8&c8=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&c7=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&c9=
content-length: 370
x-amz-cf-id: dShUm2HGvqKfgqsYyRGCdMxTc2l-aNyTi3eZrAbWI3CY2Y3yWxt2TA==

OPTIONS
H2 204 identify
identity.mparticle.com/v1/ Frame 0
0 7ms
7ms Preflight 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-mp-key
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: Kestrel
access-control-allow-headers: content-type,x-mp-key
access-control-allow-methods: POST
access-control-allow-origin: *
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
accept-ranges: bytes
date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 varnish
age: 2385
x-served-by: cache-hhn4072-HHN
x-cache: HIT
x-cache-hits: 690
x-timer: S1645118477.166000,VS0,VE0
strict-transport-security: max-age=900

POST
H2 200 identify Show response
identity.mparticle.com/v1/ 175 B
228 B 116ms
116ms XHR
application/json 2a04:4e42:400::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Requested by

Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/cd4afed6a2719d439af431746c942e3c/mparticle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

fb032624f5acc849cc61bbb2a0f7698c41cbc4a81bd914046c0ba342107b3ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

x-mp-key: cd4afed6a2719d439af431746c942e3c
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1645118477.173503,VS0,VE110
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by: cache-hhn4072-HHN
vary: Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=900
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

POST
H2 202 Forwarding Show response
jssdks.mparticle.com/v1/JS/cd4afed6a2719d439af431746c942e3c/ 0
196 B 44ms
8ms XHR
text/plain 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdks.mparticle.com/v1/JS/cd4afed6a2719d439af431746c942e3c/Forwarding
Requested by: Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/cd4afed6a2719d439af431746c942e3c/mparticle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 varnish
server: Kestrel
x-timer: S1645118477.205467,VS0,VE2
x-served-by: cache-hhn4081-HHN
x-origin-name: 7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-cache: MISS
access-control-allow-origin: *
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 153ms
48ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=leaderpost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 149ms
49ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=leaderpost.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
460 B 152ms
45ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://leaderpost.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 2 KB
279 B 423ms
422ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2042813838783200&correlator=487310732469711&eid=31061814%2C44756432&output=ldjh&gdfp_req=1&vrg=2022021401&ptt=17&impl=fifs&sc=1&sfv=1-0-38&ecs=20220217&iu_parts=3081%2Cleaderpost.com%2Cnews%2Clocal-news%2Cstory&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4%2C%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C6x6%7C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C7x7%7C1200x250%7C1200x90%7C970x90%7C970x250%7C728x90%7C300x250%2C5x5&ppid=00000000ppidp6686083867368227625&prev_scp=loc%3D1%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D03c69a30-9016-11ec-87f5-0627a981dd37%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%7Cloc%3D2%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D03c69a31-9016-11ec-87f5-0627a981dd37%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%7Cloc%3D3%26refresh%3Dtrue%26rc%3D0%26amznbid%3D2%26amznp%3D2%26id%3D03c69a32-9016-11ec-87f5-0627a981dd37%26vw%3D40%2C50%2C60%2C70%2C80%26grm%3D40%2C50%2C60%2C70%7Cloc%3D1%26amznbid%3D2%26amznp%3D2%26id%3D03c69a33-9016-11ec-87f5-0627a981dd37&eri=1&cust_params=aid%3D1983321d-3af7-4c48-8ef7-cc7e4c1ec309%252C873506%26author%3DMark%2520Melnychuk%26no_pol%3Dtrue%26page%3Dstory%26pr%3Drlp%26sensitive%3Dy%26sct%3Darms_ammunition%252Cprovoking_murder_injury%252Ccrime%252Cpolitics_canada%26negative%3Dy%26nkb%3DGM%252CHyundaiNegative%252CJLR%252CHyundai%252CQuestTradeNegative%252CBoeing%252CCANGOV%252CSamsung%252CVolkswagen%252CQuestTradePositive%252CBLM%252Ccovid%252Cloblaw%26asrc%3Drlp%26ck%3Dnews%26sck%3Dlocal-news%26kuid%3D%26amznbid%3D0%26amznp%3D0%26fr%3Dfalse%26adt%3DveryLow%26alc%3DveryLow%26dlm%3DveryLow%26drg%3DveryLow%26hat%3DveryLow%26off%3DveryLow%26vio%3DveryLow%26ias-kw%3DIAS_1506123_PG&cookie_enabled=1&bc=31&abxe=1&dt=1645118477225&lmt=1645118477&dlt=1645118476480&idt=405&frm=20&biw=1600&bih=1200&oid=2&adxs=200%2C797%2C797%2C534&adys=277%2C1496%2C2985%2C4446&adks=3783597139%2C4127894303%2C2235545574%2C3427767528&ucis=1%7C2%7C3%7C4&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&vis=1&scr_x=0&scr_y=0&psz=1600x250%7C1600x250%7C1600x250%7C1x5&msz=1600x-1%7C1600x-1%7C1600x-1%7C5x5&ga_vid=322333578.1645118477&ga_sid=1645118477&ga_hid=17479732&ga_fc=false&fws=4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1&btvi=0%7C1%7C2%7C3&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021401.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

f1eb5270010ae9baf2e304fcb663e23d4f07a54e71ee3ff1730956b1a4eb9f1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 248
x-xss-protection: 0
google-lineitem-id: -2,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://leaderpost.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
38778e4300c2defc3bdc35138647953b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 03A8 6 KB
4 KB 170ms
47ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://38778e4300c2defc3bdc35138647953b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Thu, 17 Feb 2022 17:21:17 GMT
expires: Fri, 17 Feb 2023 17:21:17 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 p.js Show response
cdn.parsely.com/keys/leaderpost.com/ 56 KB
21 KB 54ms
11ms Script
application/javascript 18.66.245.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/leaderpost.com/p.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P3Q4QHW&l=gtm_data_layer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.245.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-245-59.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 4e2baa0eca4c9b84bebfc0870c29b9594360a355684b1c248996f860707eb273

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: public
date: Thu, 17 Feb 2022 03:24:36 GMT
content-encoding: gzip
last-modified: Fri, 29 Oct 2021 15:27:48 GMT
server: nginx
age: 50201
etag: W/"617c12f4-df42"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
cache-control: max-age=86400, public
x-amz-cf-pop: DUS51-P1
x-amz-cf-id: gebVqSZ7JHnqz3qXBW68fpfHFf8hoshxzIScxlfJx_FjIPvTTkLUEQ==
expires: Fri, 18 Feb 2022 03:24:36 GMT

GET
H2 200 controltag.js.a1705c5ac5f06cf0c202ff70908fc042 Show response
cdn.krxd.net/ctjs/ Frame 7396 259 KB
83 KB 10ms
10ms Script
application/javascript 151.101.66.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/uep0netg6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.66.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/partnerjs/xdi/proxy.3d2100fd7107262ecb55ce6847f01fa5.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-cdn-backend: 4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
age: 1706005
x-amz-server-side-encryption: AES256
x-cache: HIT
x-cache-hits: 1653263
content-length: 84509
x-served-by: cache-hhn4077-HHN
last-modified: Mon, 02 Aug 2021 12:06:17 GMT
x-timer: S1645118477.259262,VS0,VE0
etag: "a1705c5ac5f06cf0c202ff70908fc042"
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Jul 2031 12:06:16 GMT

GET
H/1.1 200
OK insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 5 KB
2 KB 8ms
7ms Script
application/x-javascript 2a02:26f0:ef::5c7b:c25a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:ef::5c7b:c25a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9081938d5c9644dacf6668cb6c1283d208fb92b487b159235a0d92fd0a4f6379

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 17 Feb 2022 17:21:17 GMT
Content-Encoding: gzip
Last-Modified: Wed, 16 Feb 2022 23:52:14 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=23452
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2214

GET
H3 200 1685973801652415 Show response
connect.facebook.net/signals/config/ 310 KB
88 KB 17ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1685973801652415?v=2.9.52&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1a1cb145978036238fc717a47ecca7efce5f18634a29ee41c0d57ce7f24eaf83

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 90182
x-xss-protection: 0
pragma: public
x-fb-debug: aqf4vDBdQuLoF5LQWhClRFZeuPi+9AR0vARBJtLv915fV5km9ZhFtA/66VQFU7vR9vl3ya6b2JtgmHISz/d7LQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Thu, 17 Feb 2022 17:21:17 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 288 B
497 B 105ms
105ms Fetch
application/json 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by: Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: 0e857156220593413334008dc6f7b33c9783b3d189da9a262fa118c95b4cc6d9

Request headers

x-lib-version: v1.0.1
Accept-Language: de-DE,de;q=0.9
authorization: Bearer b9d3df2fccd108b5eff3c44f573b2cd6
content-type: application/json
accept: application/json
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
x-referring-url: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 196
allowedmethods: GET,OPTIONS
expires: -1

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 306ms
97ms Preflight
text/plain 75.2.40.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 75.2.40.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-type: text/plain
content-length: 18
access-control-allow-origin: https://leaderpost.com
access-control-allow-credentials: true
access-control-max-age: 1800
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
allow: HEAD,GET,OPTIONS

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
458 B 142ms
115ms Script
application/javascript 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o01de&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=7076e6c1-1fdf-4425-b4d3-a0659286b6be&tw_document_href=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tpx_cb=twttr.conversion.loadPixels

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time: 108
date: Thu, 17 Feb 2022 17:21:16 GMT
content-encoding: gzip
server: tsa_o
strict-transport-security: max-age=631138519
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 0cb820b41c61a5c8e005839a2e9f6c056f744d1dd3e2933318120840bdf442ed
content-type: application/javascript;charset=utf-8
content-length: 57

GET
H2 200 adsct
t.co/i/ 43 B
337 B 143ms
114ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o01de&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=7076e6c1-1fdf-4425-b4d3-a0659286b6be&tw_document_href=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time: 107
date: Thu, 17 Feb 2022 17:21:17 GMT
server: tsa_o
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: 078bdf9fd867f6b632d4e4dd74bc58b54dec3dbe4005943f597091bb2da02ddc
content-length: 43

GET
H2 200 42fb57ac-2013-45a6-8dad-332d53e17c1b Show response
consumer.krxd.net/consent/get/ Frame 7396 222 B
282 B 45ms
45ms Script
text/javascript 151.101.194.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://consumer.krxd.net/consent/get/42fb57ac-2013-45a6-8dad-332d53e17c1b?idt=device&dt=kxcookie&callback=Krux.ns.postmedia.kxjsonp_consent_get_0
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf5b5560fe04415286fbe9ef482f37c284d20aef32572d0929bfed9e1f1edad0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.krxd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 varnish
age: 0
x-served-by: consumer-a005-dub-prod.krxd.net, cache-hhn4052-HHN
vary: Accept-Encoding
x-cache: MISS, MISS
content-type: text/javascript; charset=UTF-8
content-encoding: gzip
cache-control: max-age=1800
x-age: 0
accept-ranges: bytes
x-timer: S1645118477.370889,VS0,VE33
content-length: 182
x-cache-hits: 0, 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 28ms
12ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1685973801652415&ev=PageView&dl=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&rl=&if=false&ts=1645118477385&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&par[0]=%7B%22extractorID%22%3A%22514537319740368%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[1]=%7B%22extractorID%22%3A%22503487844400487%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[2]=%7B%22extractorID%22%3A%221042784969583558%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%22priceCurrency%22%3A%22CAD%22%7D%7D%7D&par[3]=%7B%22extractorID%22%3A%22858678751523779%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[4]=%7B%22extractorID%22%3A%221127243281129742%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&par[5]=%7B%22extractorID%22%3A%22497819211464386%22%2C%22jsonLD%22%3A%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Product%22%2C%22offers%22%3A%7B%7D%7D%7D&fbp=fb.1.1645118477383.570443552&it=1645118477263&coo=false&rqm=GET

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Thu, 17 Feb 2022 17:21:17 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 93ms
47ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=17479732&t=pageview&_s=1&dl=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&ul=en-us&de=UTF-8&dt=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aAjAAEABAAQCAC~&jid=844503595&gjid=915436034&cid=322333578.1645118477&tid=UA-138335866-11&_gid=20450625.1645118477&_r=1&gtm=2wg290MKM4ZNQ&z=1343637022

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://leaderpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 89ms
46ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=17479732&t=pageview&ni=1&_s=1&dl=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&dp=%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&ul=en-us&de=UTF-8&dt=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aAjAAEABAAQCAC~&jid=600772154&gjid=201166027&cid=322333578.1645118477&tid=UA-24419597-5&_gid=20450625.1645118477&_r=1&_slc=1&cd7=HTML&cd13=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&cd19=false&cd152=6686083867368227625&cd188=7EC8064A-6FA8-44E6-861B-7B3EE88005AD&z=1526875392

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://leaderpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/580448699/ 2 KB
1 KB 95ms
49ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/580448699/?random=1645118477467&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&auid=1838617308.1645118477&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

285cd4bd434ced1e61745af830ee62997aed72195709e76b0afa03ff2a02f1eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1319
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/990309138/ 3 KB
2 KB 146ms
54ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/990309138/?random=1645118477471&cv=9&fst=1645118477471&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b2a56b0eb602448d41fc9129c0b36b4478f9688ada3a5a7aa105ee3406c4026

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1114
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
259 B 421ms
100ms Image
image/gif 52.205.167.202
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1645118477481&plid=51337003&idsite=leaderpost.com&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&sref=&sts=1645118477476&slts=0&title=Couple+who+donated+to+convoy+worried+about+effects+of+GiveSendGo+hack+%7C+Regina+Leader+Post&date=Thu+Feb+17+2022+17%3A21%3A17+GMT%2B0000+(GMT)&action=pageview&pvid=29511079&u=pid%3D5dcb833171df5209e9315ee748f427a1
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-167-202.compute-1.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 17 Feb 2022 17:21:17 GMT
Cache-Control: no-cache
Last-Modified: Thursday, 17-Feb-2022 17:21:17 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
441 B 56ms
18ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-24419597-5&cid=322333578.1645118477&jid=600772154&gjid=201166027&_gid=20450625.1645118477&_u=aAjAAEABAAQCAC~&z=1947349431

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Thu, 17 Feb 2022 17:21:17 GMT
content-type: text/plain
access-control-allow-origin: https://leaderpost.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/580448699/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&...
https://www.google.com/pagead/1p-conversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_...
https://www.google.de/pagead/1p-conversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_a...

42 B
64 B

108ms
59ms

Image
image/gif

2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&auid=1838617308.1645118477&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGwjRpLEC&is_vtc=1&ocp_id=DYQOYpWoILizx_APltSgyAM&cid=CAQSKQCNIrLMP25OOCRcVkgJ4EW3TuiibAvjuQ-ChQdXwwXFBFHQzjgj1s_Q&eitems=ChEIgIG4kAYQ_8_r1LjE56OIARIdANvdRuMS1_V4EpDcEszH1eRGLofGV26164bV-2g&random=1916352364&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/580448699/?random=1986450641&cv=9&fst=1645118477467&num=1&value=0&label=FmJTCMOu_N8BELvj45QC&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&auid=1838617308.1645118477&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=CNPgGwjRpLEC&is_vtc=1&ocp_id=DYQOYpWoILizx_APltSgyAM&cid=CAQSKQCNIrLMP25OOCRcVkgJ4EW3TuiibAvjuQ-ChQdXwwXFBFHQzjgj1s_Q&eitems=ChEIgIG4kAYQ_8_r1LjE56OIARIdANvdRuMS1_V4EpDcEszH1eRGLofGV26164bV-2g&random=1916352364&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 149ms
60ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-24419597-5&cid=322333578.1645118477&jid=600772154&_u=aAjAAEABAAQCAC~&z=1518641482

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 150ms
65ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-24419597-5&cid=322333578.1645118477&jid=600772154&_u=aAjAAEABAAQCAC~&z=1518641482

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/990309138/ 42 B
548 B 132ms
49ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/990309138/?random=1645118477471&cv=9&fst=1645117200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&async=1&fmt=3&is_vtc=1&random=3248851568&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/990309138/ 42 B
548 B 137ms
57ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/990309138/?random=1645118477471&cv=9&fst=1645117200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg290&sendb=1&frm=0&url=https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack&tiba=Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post&async=1&fmt=3&is_vtc=1&random=3248851568&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 thirdpartycookie Show response
api.viafoura.co/v2/leaderpost.com/ 45 B
648 B 100ms
100ms XHR
application/json 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viafoura.co/v2/leaderpost.com/thirdpartycookie?section=
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 61a2b2588acde0ccae626edbff25bbe32c1ff43cc0d89859c4ef48af507cd356

Request headers

Accept: application/json, text/plain, */*
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: gzip
server: nginx/1.18.0 (Ubuntu)
x-instance-id: i-0cf4776916792190c
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://leaderpost.com
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires: Thu, 17 Feb 2022 17:21:17 GMT

POST
H3 200 loadTemplateContext Show response
buy.tinypass.com/api/v3/anon/template/ 588 B
849 B 200ms
179ms XHR
application/json 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/template/loadTemplateContext?aid=rJ8lIP2AXv

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0db09b88f189116f13431f1360ece41070508b5108a84311a9bf0adf8461cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: Chjlg7rGepF
pragma: no-cache
wn: prod-dash-10-0-132-242
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
server-time: 0.015
cf-ray: 6df0b0f5fae05ba4-FRA
expires: 0

GET
H3 200 cacheableShow Show response
buy.tinypass.com/checkout/template/ Frame 852A 5 KB
3 KB 93ms
53ms Document
text/html 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/checkout/template/cacheableShow?aid=rJ8lIP2AXv&templateId=OTSVJI5XE8XL&offerId=fakeOfferId&experienceId=EXRQQNLPHXAZ&iframeId=offer_e855a9f1a87c3712d7e7-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fleaderpost.com

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js?version=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d99d763e44086d6f3af82fad5623e1ff9948568e251cad967b14455ed7b41189

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-type: text/html;charset=UTF-8
access-control-allow-methods: *
access-control-allow-origin: https://dashboard.piano.io
cache-control: public, max-age=4654
expires: Thu, 17 Feb 2022 18:38:51 GMT
p3p: CP="NON DSP COR OUR IND"
pragma
server-time: 0.002
strict-transport-security: max-age=86400; includeSubDomains
vary: accept-encoding
wn: prod-dash-10-0-130-145
x-forwarded-https: on
x-request-id: Crsgg7riCXC
x-xss-protection: 0
cf-cache-status: HIT
age: 6146
last-modified: Thu, 17 Feb 2022 15:38:51 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6df0b0f61837695d-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 intl-messageformat.721712b4f53ccb298fe3.js Show response
cdn.viafoura.net/chunks/vendors~languages/ 17 KB
5 KB 10ms
9ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/vendors~languages/intl-messageformat.721712b4f53ccb298fe3.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6d9427c37b3f513b94c8f561aec82cc71bf4e92a819f0b476dcfbb31fe8f0856

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:32:55 GMT
server: AmazonS3
age: 96465
etag: W/"19b55465c8c41be3849f0643c1a54d3f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: EeEV6Ms87bnUSQa923G3Bzdu6oEl4Qg8
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: qqM7fZsVpWFgNt6vG4XuIL9vPwuuER8XYmHoQdEHgiohrhTyexLIwQ==

GET
H2 200 intl-messageformat.1904f5dca8d3c4f3e477.js Show response
cdn.viafoura.net/chunks/languages/ 134 B
563 B 10ms
10ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/intl-messageformat.1904f5dca8d3c4f3e477.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 30068496cc913fb89e328b82897afe14f815ac0babab80b60758488f344bf75f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
last-modified: Wed, 16 Feb 2022 14:32:57 GMT
server: AmazonS3
age: 96465
etag: "afd849c389e669e31c469daae1664a65"
x-cache: Hit from cloudfront
x-amz-version-id: LZVm.m4A45PfUsVT.2R1Ykqt8qo8Gj.Y
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 134
x-amz-cf-id: sGnZJGrM4lOjqYsxM9HS4NmDMc2z6EttYuPyacaYg7y88jrXMDcy7g==

GET
H2 200 en-us-base-json.2ed140ca116dbab98f42.js Show response
cdn.viafoura.net/chunks/languages/ 19 KB
5 KB 12ms
12ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/en-us-base-json.2ed140ca116dbab98f42.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6c217cf4a70824e150c9b84635540ccebfacd9f4a6b024d8d3d13e7226ca0ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:32:59 GMT
server: AmazonS3
age: 96465
etag: W/"dc9b47e81a8086b22edb56f64883dacd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: ULOAI0CV3qgG6VwURD7IstiW8NhJtddG
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: bN3qOv-Y8M_AiDKzjMrNqtyt7heGYu03y7Fb--dGn3NdmtHew61r2g==

GET
H2 200 vf-css.c4f8582ccd63bbe45d66.js Show response
cdn.viafoura.net/chunks/ 119 KB
17 KB 10ms
9ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/vf-css.c4f8582ccd63bbe45d66.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 06ad4c5b3f1e8ac2ef3629a33b2c1c370d1b713b36c2f9252ae81d8dcf739b7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:12 GMT
server: AmazonS3
age: 96465
etag: W/"40e12c871e290bc591ada015c196ff6a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: X7rw8Bocr_PIIxKvllwNVXZBKsH4TQPP
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: iI42M3idIVhpZTAcy-MavbjzWId4d90snt0x8m_R7MEFxgQeVpGBDA==

GET
H2 200 LoginRadiusV2.js Show response
auth.lrcontent.com/v2/ 199 KB
46 KB 26ms
26ms Script
application/javascript 2606:4700:10::6816:48e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.lrcontent.com/v2/LoginRadiusV2.js

Requested by

Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:48e8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c

Security Headers

Name	Value
Strict-Transport-Security	max-age= 63072000; includeSubdomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
via: 1.1 73d76685a18ed386cef8f6fb5f61f844.cloudfront.net (CloudFront)
vary: Accept-Encoding
cf-cache-status: HIT
age: 5098
cf-polished: origSize=1238069
x-cache: Hit from cloudfront
content-encoding: gzip
last-modified: Mon, 13 Dec 2021 05:19:58 GMT
server: cloudflare
etag: W/"ae3463c4a59ae100b160ed4dd5dbf4b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age= 63072000; includeSubdomains; preload
content-type: application/javascript
cache-control: max-age=14400
x-amz-cf-pop: JFK51-C1
cf-ray: 6df0b0f6791b9280-FRA
x-amz-cf-id: oW9_AFQE7EB2wlcMLAzWkPUXk5puSKh43kpCnte1t0X4-tpNiah-rA==
cf-bgj: minify

GET
H3 200 template.bundle.1.0.css
buy.tinypass.com/widget/dist/template/css/ Frame 852A 33 KB
6 KB 37ms
37ms Stylesheet
text/css 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=rJ8lIP2AXv&templateId=OTSVJI5XE8XL&offerId=fakeOfferId&experienceId=EXRQQNLPHXAZ&iframeId=offer_e855a9f1a87c3712d7e7-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fleaderpost.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=rJ8lIP2AXv&templateId=OTSVJI5XE8XL&offerId=fakeOfferId&experienceId=EXRQQNLPHXAZ&iframeId=offer_e855a9f1a87c3712d7e7-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fleaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 221
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
wn: prod-dash-10-0-141-102
last-modified: Mon, 14 Feb 2022 13:52:46 GMT
server: cloudflare
etag: W/"33843-1644846766000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/css
server-time: 0.001
cache-control: public, max-age=7200
cf-ray: 6df0b0f6892d695d-FRA
expires: Thu, 17 Feb 2022 19:21:17 GMT

GET
H3 200 H4sIAAAAAAAAAD3IwQ6AIAgA0B9KmJ76m4bJHI6oBa7f7-bt7eEnrXNgEw8Mvh6lYBy-DHVaU95QpTqS9an0pgwFSkHJu63T-yTlgy1Nh-E_BjVxNVoAAAA Show response
buy.tinypass.com/_sam/ Frame 852A 519 KB
156 KB 88ms
87ms Script
text/javascript 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/_sam/H4sIAAAAAAAAAD3IwQ6AIAgA0B9KmJ76m4bJHI6oBa7f7-bt7eEnrXNgEw8Mvh6lYBy-DHVaU95QpTqS9an0pgwFSkHJu63T-yTlgy1Nh-E_BjVxNVoAAAA?compressed=true&v=14.87.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c3a0156aa31c957ce7628ffdcd9ad892c6a5a9998e31eb447e5d94adfbb779ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=rJ8lIP2AXv&templateId=OTSVJI5XE8XL&offerId=fakeOfferId&experienceId=EXRQQNLPHXAZ&iframeId=offer_e855a9f1a87c3712d7e7-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fleaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:17 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 218
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
wn: prod-dash-10-0-130-145
last-modified: Thu, 17 Feb 2022 12:45:06 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/javascript
server-time: 0.004
cache-control: public, max-age=604582
x-optimized-by: _sam
cf-ray: 6df0b0f68936695d-FRA
expires: Thu, 24 Feb 2022 17:17:39 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 852A 8 KB
704 B 97ms
49ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bda2c84e2934508dd2b995f28876c68e3f0cf0955173bcf040b76ecc63e03786

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 17:00:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 17 Feb 2022 17:21:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Feb 2022 17:21:17 GMT

GET
H3 200 css
fonts.googleapis.com/ 16 KB
952 B 91ms
48ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,500,500i,700,700i

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9583896b055daf21c4eb2e4badf13da0f2a0415d52107f5cf32717fac3eac9fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 17 Feb 2022 17:06:16 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Thu, 17 Feb 2022 17:21:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 17 Feb 2022 17:21:17 GMT

GET
H2 200 en-us-trending_articles-json.d51e493d5cbc8a3590f3.js Show response
cdn.viafoura.net/chunks/languages/ 1 KB
961 B 11ms
11ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/en-us-trending_articles-json.d51e493d5cbc8a3590f3.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 99099350f5b5c07c53cdf8e58b5a50f60b945456dfa9efc54bf731385817f560

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:35 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:32:57 GMT
server: AmazonS3
age: 96463
etag: W/"1767f70735683df10a4bd61a339b05b1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: SlxQEzMS2YLT7RGS2S1P0Mz0AbjFBMve
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: GZ8i_MTO36HPoxHZaIlBlUteV6hSWzulB8F-m8CjgBw-eqwG3zviZg==

GET
H2 200 en-us-conversations-json.40fe2ec9a126c6034f66.js Show response
cdn.viafoura.net/chunks/languages/ 14 KB
3 KB 12ms
11ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/languages/en-us-conversations-json.40fe2ec9a126c6034f66.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ee7fa9758461125ca596582dc9082a355124c94c6b989f188bac28ad1ff5c191

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:01 GMT
server: AmazonS3
age: 96465
etag: W/"90961159f3d814380877bc80bcc47368"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: ULB9gxXwtAN3WmDLtDyztGq4tqXOVdjS
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: IyvGlFrvfCGCRbsV39yvS4CaavA-Yw0StTw4PjuFwd8TrpKv-vj_vg==

GET
H2 200 0.8c16f3b0d992c7af156b.css
cdn.viafoura.net/ 86 KB
10 KB 12ms
11ms Stylesheet
text/css 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/0.8c16f3b0d992c7af156b.css
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a0c488cf1be315faa11f5ac3e8d0a5aaecf055ceceacb96e5bb373c6446cffde

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:18 GMT
server: AmazonS3
age: 96465
etag: W/"2a7d2ad49570f1958257cfa576dad834"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: 9kDgm0O4MdY6Sq2rLtsboSq2pVtd4_j5
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: DUS51-P2
content-type: text/css; charset=utf-8
x-amz-cf-id: Zs0c3ohjZV-drbIfWZkUNC1Nqr6_gBKY7ykzmPE5GuPZdi_ZgovBSg==

GET
H2 200 da.6ef02ccabc74e3cd969f.js Show response
cdn.viafoura.net/chunks/ 143 KB
34 KB 12ms
12ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/da.6ef02ccabc74e3cd969f.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b0fa638224ea15ec6ceca9e109aad95fbc9cebb41fa822712258b48bf91271cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:14 GMT
server: AmazonS3
age: 96465
etag: W/"a377db1607d74aed7bff14d680992861"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: LtsmfMfPbepAsFQAutmkJ978vbd86Y2f
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: zKYNoelKzAXY0gr-zJIo2DhCKD47yMpbBd8r-X-bTj3yydSmFyLuAQ==

GET
H2 200 134.85323042c60e6ad2c8a4.css
cdn.viafoura.net/ 1 KB
858 B 13ms
13ms Stylesheet
text/css 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/134.85323042c60e6ad2c8a4.css
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0f771d519306d5ae99473e06775b77f1697c6992f74fa699c347baf01ddcb12c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:18 GMT
server: AmazonS3
age: 96465
etag: W/"517c194d691465e12bd636932d338ae9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: UBobDlpXXywkW7grIpOHjlVCnyDADx6W
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: DUS51-P2
content-type: text/css; charset=utf-8
x-amz-cf-id: yPsgULL_DeYUKS6evVsehvEqIe9kXRwiaIwUQSMumL8eZ_svEXkwgQ==

GET
H2 200 tray-trigger.6837b0621b279cf81b0c.js Show response
cdn.viafoura.net/chunks/ 4 KB
2 KB 13ms
13ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/tray-trigger.6837b0621b279cf81b0c.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 942720ed4dc6c4877c872c9bf504624cfd62c56b1b30e0b3713707d7e0ae5d05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:12 GMT
server: AmazonS3
age: 96465
etag: W/"e7887b1c484ac58f70b4d5030f780351"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: yaZjhYsBoblEmjww1hv8BnddMOjpaClP
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: P38ISICEAmfGzBK9xPPpWcl4jYhWe32ZpMk76smwWqc4ZElEjEVVkA==

GET
H2 200 ingest
i.viafoura.co/v3/leaderpost.com/ 67 B
325 B 310ms
100ms Image
image/png 3.226.102.122
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.viafoura.co/v3/leaderpost.com/ingest?t=%7B%22view%22%3A%7B%22domain%22%3A%22leaderpost.com%22%2C%22siteUuid%22%3A%2200000000-0000-4000-8000-086ae4e8d034%22%2C%22pageViews%22%3A1%2C%22outgoing%22%3A10%2C%22sessionStart%22%3A1645118478%2C%22isRecirculation%22%3Afalse%2C%22referrerStart%22%3A1645118478%2C%22refVisitCount%22%3A1%2C%22ref%22%3A%7B%22medium%22%3A%22direct%22%2C%22source%22%3A%22%22%2C%22sharer_uuid%22%3A%22%22%2C%22terms%22%3A%22%22%7D%2C%22uniqueId%22%3A%22980aa7bb-85c4-4ff4-b2e0-87f38171828c%22%2C%22firstVisit%22%3A1645118478%2C%22previousVisit%22%3A1645118478%2C%22currentVisit%22%3A1645118478%2C%22visitCount%22%3A1%7D%2C%22meta%22%3A%7B%22domain%22%3A%22leaderpost.com%22%2C%22site%22%3A%2200000000-0000-4000-8000-086ae4e8d034%22%2C%22section%22%3A%2200000000-0000-4000-8000-086ae4e8d034%22%2C%22pageImage%22%3A%22https%3A%2F%2Fsmartcdn.gprod.postmedia.digital%2Fleaderpost%2Fwp-content%2Fuploads%2F2022%2F02%2F0212-convoy-mbs-06_267332877-w-1.jpg%22%2C%22ref%22%3A%7B%7D%2C%22vf%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fleaderpost.com%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack%22%2C%22path%22%3A%22%2Fnews%2Flocal-news%2Fsask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack%22%2C%22title%22%3A%22Sask.%20couple%20who%20donated%20to%20freedom%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%22%2C%22privilege%22%3A%22guest%22%2C%22page_type%22%3A%22article%22%2C%22page_description%22%3A%22Vicki%20Dutton%20said%20she%20and%20her%20husband%20do%20not%20regret%20their%20business%E2%80%99%20donation%20to%20the%20freedom%20convoy%2C%20but%20are%20worried%20about%20reprisals.%22%2C%22topics%22%3A%5B%5D%2C%22git%22%3A%228d3d7c187899dff0fcc7d1c2a6cdbf005150ca13%22%2C%22amp%22%3Afalse%2C%22thirdparty_enabled%22%3Atrue%2C%22container_id%22%3A%221983321d-3af7-4c48-8ef7-cc7e4c1ec309%22%7D%2C%22ua%22%3A%7B%22nl%22%3A%22en-US%22%2C%22nu%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F98.0.4758.80%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%2C%22sd%22%3A24%2C%22vp%22%3A%221600x1200%22%2C%22dt%22%3A%22Couple%20who%20donated%20to%20convoy%20worried%20about%20effects%20of%20GiveSendGo%20hack%20%7C%20Regina%20Leader%20Post%22%2C%22de%22%3A%22UTF-8%22%2C%22dl%22%3A%22en-CA%22%7D%2C%22rq%22%3A%225aef52b8-49a6-4151-bdd3-98e3793a85b0%22%2C%22rs%22%3A0%2C%22w%22%3A%5B%22vf-content-recirculation%22%2C%22vf-conversations%22%2C%22vf-tray-trigger%22%2C%22vf-tray%22%5D%2C%22v%22%3A5%2C%22event_type%22%3A%22analytics.view%22%7D
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.226.102.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-226-102-122.compute-1.amazonaws.com
Software: /
Resource Hash: ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/png
content-length: 67
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 3D8F 0
18 B 17ms
7ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://leaderpost.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://leaderpost.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0
date: Thu, 17 Feb 2022 17:21:17 GMT

GET
H2 200 svod-module-js.aeb4be38870abec34812.js Show response
cdn.viafoura.net/chunks/vuex_store/ 7 KB
3 KB 9ms
9ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/vuex_store/svod-module-js.aeb4be38870abec34812.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6eab537d5690517231ae773a9e61878f08cedfe44fec4bad67276c66796a6b5a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:36 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:04 GMT
server: AmazonS3
age: 96462
etag: W/"ea68d077277c496c6e58d7c11fd40a09"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: iM9f7Xp5fYBewVakHEPA5SRmRaU97iEE
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: mX019i7NRgFsZ4VK99tXuAY5c0DT_RwwPizBzfbWuPC5kTjNMkoJNA==

OPTIONS
H2 204 appInfo
config.lrcontent.com/ciam/ Frame 0
0 216ms
160ms Preflight 2606:4700:10::6816:49e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
access-control-allow-headers: x-requested-with
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://leaderpost.com
allow: GET, OPTIONS
vary: Origin
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6df0b0f758799094-FRA

GET
H2 200 appInfo Show response
config.lrcontent.com/ciam/ 4 KB
1 KB 108ms
108ms XHR
application/json 2606:4700:10::6816:49e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Requested by: Host: auth.lrcontent.com
URL: https://auth.lrcontent.com/v2/LoginRadiusV2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5895cfad1cfce0c1e987cc4afb960e1a80806f2182246a72e4ee3c09224bd773

Request headers

Referer: https://leaderpost.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json
access-control-allow-origin: https://leaderpost.com
cache-control: max-age=86400
cf-ray: 6df0b0f86a689094-FRA

GET
H2 200 content-module-js.94155180ef0d70e91900.js Show response
cdn.viafoura.net/chunks/vuex_store/ 11 KB
3 KB 10ms
9ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/vuex_store/content-module-js.94155180ef0d70e91900.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39c70b462953e470d215f5dce3cecc1266e79464ba71480cae5b044b9d04bedc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:04 GMT
server: AmazonS3
age: 96465
etag: W/"0324478fe2e706a97dc0a17565fcacde"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: LI_8I0IhaeBSVL8oKANwOzVfx2gvIwvv
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: Ci8xNHV99mD8fy8N5oJc5znaqmlDg7VIMPedK2e3yJp_7O-SyF8NeQ==

GET
H2 200 all Show response
notifications.viafoura.co/v5/notifications/00000000-0000-4000-8000-086ae4e8d034/ 36 B
223 B 414ms
101ms XHR
application/json 3.210.251.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://notifications.viafoura.co/v5/notifications/00000000-0000-4000-8000-086ae4e8d034/all
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.251.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-251-31.compute-1.amazonaws.com
Software: /
Resource Hash: b6dc85459fbb9d03f478d91eae99e6627e04c8f805b08e4b97423ffbc3870d9d

Request headers

Accept: application/json, text/plain, */*
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin: https://leaderpost.com
date: Thu, 17 Feb 2022 17:21:18 GMT
content-encoding: gzip
access-control-allow-credentials: true
content-length: 59
content-type: application/json; charset=utf-8

GET
H3 200 fail-icon.png
buy.tinypass.com/widget/dist/template/css/img/ Frame 852A 2 KB
3 KB 50ms
49ms Image
image/png 2606:4700::6811:bab1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://buy.tinypass.com/widget/dist/template/css/img/fail-icon.png

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:bab1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
cf-cache-status: HIT
age: 220
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2177
wn: prod-dash-10-0-118-43
last-modified: Thu, 17 Feb 2022 12:58:08 GMT
server: cloudflare
etag: W/"2177-1645102688000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
server-time: 0.000
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6df0b0f7ab93695d-FRA
expires: Thu, 17 Feb 2022 19:21:18 GMT

GET
H3 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ Frame 852A 44 KB
44 KB 81ms
37ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 00:14:34 GMT
x-content-type-options: nosniff
age: 148004
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Thu, 28 Oct 2021 00:30:43 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 16 Feb 2023 00:14:34 GMT

GET
H/1.1 200
OK login Show response
postmedia.hub.loginradius.com/ssologin/ 38 B
559 B 73ms
57ms XHR
application/json 18.159.85.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://postmedia.hub.loginradius.com/ssologin/login

Requested by

Host: auth.lrcontent.com
URL: https://auth.lrcontent.com/v2/LoginRadiusV2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.159.85.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-85-30.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

f7a4a046540cd7b682afc0d129cbbdea16081d1a54dfd3385115725f960c54c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://leaderpost.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Thu, 17 Feb 2022 17:21:18 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS, POST, GET, PUT, OPTIONS, DELETE
Content-Type: application/json
Access-Control-Allow-Origin: https://leaderpost.com
X-LoginRadius-Server: Primary - IDX - AWS
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Server: ms_hub_hostedpage_primary
Content-Length: 38

OPTIONS
H/1.1 204
No Content login
postmedia.hub.loginradius.com/ssologin/ Frame 0
0 418ms
59ms Preflight 18.159.85.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://postmedia.hub.loginradius.com/ssologin/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

18.159.85.30 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-159-85-30.eu-central-1.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Server: nginx
Date: Thu, 17 Feb 2022 17:21:18 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with
Access-Control-Allow-Methods: HEAD,GET,POST,PUT,DELETE,OPTIONS POST, GET, PUT, OPTIONS, DELETE
Access-Control-Allow-Origin: https://leaderpost.com
X-Server: ms_hub_hostedpage_primary
X-LoginRadius-Server: Primary - IDX - AWS
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
542 B 113ms
37ms XHR
application/json 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=184635
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-98241795450605.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e6bc4c20dcc1a55d6be470b28e96cde219e2f0b28bf3163df19a95841a6492e8

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://leaderpost.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Sat, 19 Mar 2022 17:21:18 GMT

GET
H2 451 identity Show response
api.rlcdn.com/api/ 44 B
327 B 70ms
19ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rlcdn.com/api/identity?pid=2&rt=envelope

Requested by

Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/184635-98241795450605.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

55.133.120.34.bc.googleusercontent.com

Software

Resource Hash

da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
via: 1.1 google
x-content-type-options: nosniff
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
access-control-allow-methods: GET, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://leaderpost.com
access-control-allow-credentials: true
alt-svc: clear
content-length: 44

OPTIONS
H2 204 appInfo
config.lrcontent.com/ciam/ Frame 0
0 127ms
127ms Preflight 2606:4700:10::6816:49e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
access-control-allow-headers: x-requested-with
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://leaderpost.com
allow: GET, OPTIONS
vary: Origin
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6df0b0f94bff9094-FRA

GET
H2 200 appInfo Show response
config.lrcontent.com/ciam/ 4 KB
1 KB 106ms
106ms XHR
application/json 2606:4700:10::6816:49e8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://config.lrcontent.com/ciam/appInfo?apikey=1a9a7ccf-c3f1-4ec9-a65f-2c3e8d9510a5
Requested by: Host: auth.lrcontent.com
URL: https://auth.lrcontent.com/v2/js/LoginRadiusV2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:49e8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5895cfad1cfce0c1e987cc4afb960e1a80806f2182246a72e4ee3c09224bd773

Request headers

Referer: https://leaderpost.com/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json
access-control-allow-origin: https://leaderpost.com
cache-control: max-age=86400
cf-ray: 6df0b0fa2dac9094-FRA

GET
H2 200 optout_check Show response
beacon.krxd.net/ 82 B
242 B 97ms
28ms Script
text/javascript 52.31.15.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.krxd.net/optout_check?callback=Krux.ns.postmedia.kxjsonp_optOutCheck
Requested by: Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.a1705c5ac5f06cf0c202ff70908fc042
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.15.140 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-15-140.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ce692bec554444462b048acc008f1485cfd4f76e7435f0f511e2699a8a42c115

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
cache-control: private, max-age=0, s-max-age=0
x-request-time: D=20 t=1645118478
x-served-by: beacon-n005-dub-prod.krxd.net
content-type: text/javascript

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
10 KB 135ms
52ms XHR
application/json 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022021401&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

55cf3c8ccae9912ebc0db05ea8a4cd0ad49a8e9cf9f1cf9407e70ede00c35bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin: *
date: Thu, 17 Feb 2022 17:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9697
x-xss-protection: 0

GET
H2 200 ribn-postmedia.min.js Show response
assets.ribn.com/v2/production/ 13 KB
4 KB 67ms
9ms Script
application/javascript 2600:9000:2315:3e00:7:75d4:e40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.ribn.com/v2/production/ribn-postmedia.min.js
Requested by: Host: leaderpost.com
URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:3e00:7:75d4:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c81cab8c63d469329c0e0724770c6c8622f0d5d1fb8b6f919b6d7dddfadba190

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 07:36:13 GMT
content-encoding: gzip
last-modified: Wed, 01 Sep 2021 18:06:03 GMT
server: AmazonS3
age: 35133
etag: W/"baaa6497dd2dea88d8fdb6d6cca08cf2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 c1c42e732809880dbf4b6deb496490ae.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: RQM8viVrZ94z962EaqIVRecSimiM0u3goOMADnIvZQI6oDX8r3mrkA==

GET
H2

200

cs.js Show response
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain

https://sb.scorecardresearch.com/c2/10276888/cs.js
https://sb.scorecardresearch.com/internal-c2/default/cs.js

0
351 B

9ms
9ms

Script
application/javascript

108.157.4.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol: H2
Server: 108.157.4.38 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-38.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:02:19 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
etag: "d41d8cd98f00b204e9800998ecf8427e"
last-modified: Mon, 01 Mar 2021 20:42:20 GMT
server: AmazonS3
age: 1140
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 0
x-amz-cf-id: MdZyJmrI71RHiWHtbjjNYtvQWhUmFzzS_lUVuCOcjQGEGE7G1OXR8Q==

Redirect headers

date: Thu, 17 Feb 2022 17:21:18 GMT
via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
x-amz-cf-pop: DUS51-P2
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: /internal-c2/default/cs.js
content-length: 48
x-amz-cf-id: Cjf5kdJNc31kGPBOlWD0TAl902CkxbDtBF-WuU6yX3GqmAupDc-M_A==

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 286ms
199ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022021401.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 17 Feb 2022 17:21:18 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 31F1 13 KB
5 KB 83ms
36ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 17 Feb 2022 16:10:58 GMT
expires: Fri, 17 Feb 2023 16:10:58 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 4220
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D00A 783 B
536 B 97ms
49ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

aa7f0ad6c00133d2dcbdf466bc3e3205527e8f8b89d2f0b5b4ad488926713bad

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-u0DJYDvFjYk4w2ToyGlzfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Thu, 17 Feb 2022 17:21:18 GMT
date: Thu, 17 Feb 2022 17:21:18 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-u0DJYDvFjYk4w2ToyGlzfw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 amNa6lhdd-Oid2bHU1unpRJ57vx5QG5_ysqcoHUTmoo.js Show response
pagead2.googlesyndication.com/bg/ Frame 31F1 35 KB
13 KB 86ms
39ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/amNa6lhdd-Oid2bHU1unpRJ57vx5QG5_ysqcoHUTmoo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6a635aea585d77e3a27766c7535ba7a51279eefc79406e7fcaca9ca075139a8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 01:40:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 229236
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13572
x-xss-protection: 0
last-modified: Mon, 14 Feb 2022 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 01:40:42 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D00A 0
0 117ms
80ms Image
text/html 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022021401&jk=2042813838783200&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 31F1 0
9 B 36ms
36ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?tobNlg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Thu, 17 Feb 2022 17:21:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022021401&jk=2042813838783200&bg=!t7SltPDNAAbf-5Dq3_s7ACkAdvg8Wrr1TJDFXYbWFCVxd_tQ3aqv9qJ-v-sclaxjGeJP1msmBzUthAIAAABWUgAAAAJoAQeZAryzpHpF1G5yHJ-RPSNy3c_YS74Lfyco5GE7rbzJ_MeI-FfdMT43fFzC7Z3v-jj-e30S325vwHsWAy4Eao9u6xVOZlJK5gYMZLbXeIAyQB9IdKvGsPpBMEAxJvD73Q7B5G-03RFJspyAl1Mw3L2GaDKMj0N04Gu4Gq2JyY8dv2xBYSXI6m8jS-tjMEiV1k0-cgkmTL7RsYiQrncoWz5phaRn2WI4cBKhUblBG6PsA5K6CrWNJUGXCFG2lxSS1M-hPBO-cJgxxnD6uMRGsFRu_yZ98JE3TscKnQbhmc341BajB-ZaMqFgNRp26RyAGR7w39HNyXBxoQpOS2CvOebRpDWHz6c4ZLMzQ3IIrOP61XEWJlHTaqqcdAcJar_PYTbwnh8L-Ui_GQJ_liWTclsi0nVJPTqd-DztpGUY-fCMjineFzo-rxPusGA-uZxxrQl_NJaZxMiNL_8d3OhHPtYy0dL5LDIQHuezRNluIqy68QW_V-SRChKMxbC6OL8gkHSure8j8hGJl0mcbbkITw8IoKPns8nSCzuI_yDkKs071Ic0e9Ou5d1xmjCqizP0dxN5G5cXLABSlTJflwEohGrx70p4-gdni-8PljZ8UGpOZca1x_n7Yh4st1zgd6lEAdnpZdwveqwHKjU5dXVMcgE21tkq1DAAu7sntksmXCW_TrX56F7RMh7hAS4a3chRBCDtN6LX1DxXsPpOwDojf6jnPlYO1Wy0EAtOrjNbSz1gJkOJ_Y18HYs5_923Rwv8v16WUYFbAHzdDKVr4a3YSsKDiYT1G_HrKjZLkVPEOWbxOFVNCLNHF6zJg9mK0YUnrkIg663RA1BNf8BVpvxOeDe0TAy18JA6lmIx9ynZxYWy93IvECafVLQEJx6i8h2tIdolkpSLdGaEVJBcM8fRASc-O4w4hMIQIs9j8l9_8uA1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 17 Feb 2022 17:21:19 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 202 events Show response
jssdks.mparticle.com/v3/JS/cd4afed6a2719d439af431746c942e3c/ 41 B
170 B 12ms
12ms Fetch
application/json 2a04:4e42:600::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdks.mparticle.com/v3/JS/cd4afed6a2719d439af431746c942e3c/events
Requested by: Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/cd4afed6a2719d439af431746c942e3c/mparticle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 7d1ab3db0ae01e2d01a90f374077991c4bbd5ee4c077fb6397be13b4c553f6cd

Request headers

Accept: text/plain;charset=UTF-8
Referer: https://leaderpost.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 17 Feb 2022 17:21:22 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1645118482.050846,VS0,VE5
x-origin-name: 7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by: cache-hhn4081-HHN
vary: Accept-Encoding
x-cache: MISS
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 135.c44ca0cc014a65bacdbe.css
cdn.viafoura.net/ 5 KB
2 KB 11ms
10ms Stylesheet
text/css 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/135.c44ca0cc014a65bacdbe.css
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 612bb5073177979407029e64e8e7c9724366129c49adf6f2185727d7b483d550

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:39 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:16 GMT
server: AmazonS3
age: 96464
etag: W/"f36d48fb2d15bcc6083ea5093620c177"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: W.5TZ5tKwjKkEjuqo2l1yASzrKivXG6m
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: DUS51-P2
content-type: text/css; charset=utf-8
x-amz-cf-id: meQRtD_Oee6Wx6v36ehSmyE3XRrKGi9bi1Wbwd7JLRB6A8HCosCKPQ==

GET
H2 200 trending_articles_js.a16e550cc98ed621937a.js Show response
cdn.viafoura.net/chunks/ 18 KB
6 KB 12ms
11ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/trending_articles_js.a16e550cc98ed621937a.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5533cbbe9d75503538dd815cf22882b28590e552b96c8382368a541391f243f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:39 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:07 GMT
server: AmazonS3
age: 96464
etag: W/"e79ec6057edd1e74011711b3d14a585c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: rQ.8k4JZkm3Xr26sk7jnzMBoZ.1tHCuk
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: PENDING
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: nUDEzrXdC1eUiWc_AM9KdddqNomiY5CtJhwe2LR7oYKQFK3U8bulhA==

GET
H2 200 trending_articles-module-js.c2eeb241b794ecee7f0f.js Show response
cdn.viafoura.net/chunks/vuex_store/ 3 KB
2 KB 12ms
11ms Script
application/javascript 2600:9000:2315:7200:8:2ae1:d740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viafoura.net/chunks/vuex_store/trending_articles-module-js.c2eeb241b794ecee7f0f.js
Requested by: Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/vf-v2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2315:7200:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70fa4d64a0ce7865405b042c69f8c8bd41bf64d627797b3b85bd1a7bb19e4737

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://leaderpost.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date: Wed, 16 Feb 2022 14:33:33 GMT
content-encoding: br
last-modified: Wed, 16 Feb 2022 14:33:05 GMT
server: AmazonS3
age: 96470
etag: W/"2c6704c78b8c8f5a49784be773ef1693"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-version-id: P0VAMzdQw5firk9mMbANzAW5VG59KnSI
via: 1.1 9f88eecf68d9192420b110f5f3f14fd6.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-replication-status: COMPLETED
x-amz-cf-pop: DUS51-P2
content-type: application/javascript; charset=utf-8
x-amz-cf-id: SkF18CCzAYwaiNFYIO8bUTDIB27p1FXFlWVVmTJTdcm6a564kOG_1A==

OPTIONS
H2 200 trendingrecommended
livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-086ae4e8d034/ Frame 0
0 308ms
101ms Preflight 54.144.244.112

General

Check archive.org

Show headers Download Go to

Full URL: https://livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-086ae4e8d034/trendingrecommended?limit=6&content_container_window_days=7&content_window_hours=3&sorted_by=total_visible_contents
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.144.244.112 -, , ASN (),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,x-unique-id
Origin: https://leaderpost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Thu, 17 Feb 2022 17:21:23 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://leaderpost.com
access-control-allow-methods: DELETE,GET,POST,PUT,PATCH
access-control-allow-headers: authorization,X-REQUEST-SIGNATURE,content-type,X-UNIQUE-ID
access-control-max-age: 43200

GET trendingrecommended
livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-086ae4e8d034/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: livecomments.viafoura.co
URL: https://livecomments.viafoura.co/v4/livecomments/00000000-0000-4000-8000-086ae4e8d034/trendingrecommended?limit=6&content_container_window_days=7&content_window_hours=3&sorted_by=total_visible_contents

Verdicts & Comments Add Verdict or Comment

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

36 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
leaderpost.com/	1970-01-20 01:08:43	Name: x-id Value: {"data":{"id":"c3j7hcwmvdw3axgtdh1e53h7i7snaniff","updated":1645118476843},"exp":604800000,"ts":1645118476844,"mac":-64642885}
d395dw5zk780j2.cloudfront.net/	1970-01-20 01:08:43	Name: x-id Value: {"data":{"id":"c3j7hcwmvdw3axgtdh1e53h7i7snaniff","updated":1645118476843},"exp":604800000,"ts":1645118476870,"mac":-64640126}
leaderpost.com/	1970-01-20 01:08:43	Name: political-ad-opt-out Value: {"data":false,"exp":604800000,"ts":1645118476875,"mac":1484017378}
leaderpost.com/	1970-01-20 00:58:38	Name: __adblocker Value: false
leaderpost.com/	1970-01-20 03:08:14	Name: __pnahc Value: 0
.leaderpost.com/	1970-01-20 03:08:14	Name: _gcl_au Value: 1.1.1838617308.1645118477
.scorecardresearch.com/	1970-01-20 18:15:26	Name: UID Value: 18361fae589633cdae659b31645118477
leaderpost.com/	1970-01-20 00:58:40	Name: sailthru_pageviews Value: 1
.piano.io/	1970-01-20 00:58:40	Name: __cf_bm Value: CygXCQ_Xuy7HusvSC9Z2yV3AiA_7YlBNZQ4hRKbzJe4-1645118477-0-AaqoRHCKoBfqsg2vBR6SFyptI2WIReqKCoa/f103JMUdB23K490+t1JMgUnkImnlBG8MW85SFJnZnewvgFskeeY=
.leaderpost.com/	1970-01-20 09:44:14	Name: mprtcl-v4_CF49E3A7 Value: {'gs':{'ie':1\|'dt':'cd4afed6a2719d439af431746c942e3c'\|'av':'1.0.0'\|'cgid':'b11fb363-bc4e-4290-9a92-bc3b63f8f447'\|'das':'2de2d21a-f5ae-4116-8bb4-cd675e59ba35'\|'csm':'WyI2Njg2MDgzODY3MzY4MjI3NjI1Il0='\|'sid':'7EC8064A-6FA8-44E6-861B-7B3EE88005AD'\|'les':1645118477165\|'ssd':1645118476824}\|'l':0\|'6686083867368227625':{'fst':1645118477031\|'ui':'eyIwIjoiYzNqN2hjd212ZHczYXhndGRoMWU1M2g3aTdzbmFuaWZmIn0='}\|'cu':'6686083867368227625'}
.krxd.net/	1970-01-20 05:17:50	Name: _kuid_ Value: OqxVxKQf
.leaderpost.com/	1970-01-20 03:08:14	Name: _fbp Value: fb.1.1645118477383.570443552
.leaderpost.com/	1970-01-20 00:58:42	Name: AMP_TOKEN Value: %24NOT_FOUND
.leaderpost.com/	1970-01-20 18:29:50	Name: _ga Value: GA1.2.322333578.1645118477
.leaderpost.com/	1970-01-20 01:00:04	Name: _gid Value: GA1.2.20450625.1645118477
.leaderpost.com/	1970-01-20 00:58:38	Name: _gat_UA-138335866-11 Value: 1
.leaderpost.com/	1970-01-20 00:58:38	Name: _gat_mpgaTracker1 Value: 1
.twitter.com/	1970-01-20 18:29:50	Name: personalization_id Value: "v1_y00xU3LvZiGYHMwUSUbAzA=="
.t.co/	1970-01-20 18:29:50	Name: muc_ads Value: 5ea5fbdf-be87-4730-9229-d14b0ab1fcb1
.leaderpost.com/	1970-01-20 00:58:40	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack%22%2C%22sref%22:%22%22%2C%22sts%22:1645118477476%2C%22slts%22:0}
.leaderpost.com/	1970-01-20 10:28:02	Name: _parsely_visitor Value: {%22id%22:%22pid=5dcb833171df5209e9315ee748f427a1%22%2C%22session_count%22:1%2C%22last_session_ts%22:1645118477476}
.doubleclick.net/	1970-01-20 10:20:14	Name: IDE Value: AHWqTUm1xt_5zm1IuCHHucx-CB6K8bQ62MnAL2I-RpHv5vB7DUE55IATDOH_Ymu5EzU
.leaderpost.com/	1970-01-20 10:20:14	Name: __gads Value: ID=08244badb3ba3f89:T=1645118477:S=ALNI_MYVGCr6y9dFhP3eNYynXvCC9IwXZA
.viafoura.co/	1970-01-20 01:41:50	Name: VfSess Value: v4um7acb39jdl1jlkmgaq84hf2
.viafoura.co/	1969-12-31 23:59:59	Name: vfThirdpartyCookiesEnabled Value: true
leaderpost.com/	1970-01-20 09:44:14	Name: sailthru_content Value: 36901e8bd4e94977f3e0fbc386e041f3
leaderpost.com/	1970-01-20 09:44:14	Name: sailthru_visitor Value: 22687169-0e40-4de7-bb70-5c293e26c00a
.leaderpost.com/	1970-01-20 18:29:50	Name: __tbc Value: %7Bkpex%7DqCSkQO3bUx3Vdf2SUk2oecqsXOrqOTsfHtpuOZZP9hEBt2D_GRKSmazoc7xozeiVbeaMCq0BWJunGy-Qkt3Hp0C1PxRA891o5liRAaWvW9Y
.leaderpost.com/	1970-01-20 01:41:50	Name: __pat Value: -18000000
.leaderpost.com/	1970-01-20 01:00:04	Name: __pvi Value: %7B%22id%22%3A%22v-2022-02-17-17-21-17-113-3Ev91TxXdRXRA3yX-e5f4ac8188502e308277d625c6c781a7%22%2C%22domain%22%3A%22.leaderpost.com%22%2C%22time%22%3A1645118477727%7D
.leaderpost.com/	1970-01-20 18:29:50	Name: xbc Value: %7Bkpex%7Dx2RhWw245ZK4wKbEXSRvHRJoSUKVqH5bVHw-mb1yEP7PQEOMr5dl8adG4Wlrf0HAxZ4rvDbxiKVVeKe89PembHF0FApAFZym6pNsp-K9CxERn5_cGBlTn2-GeDZYtCG-
leaderpost.com/	1970-01-20 00:58:40	Name: _vfb Value: leaderpost%2Ecom.00000000-0000-4000-8000-086ae4e8d034.1.10.1645118478....
leaderpost.com/	1970-01-20 00:58:38	Name: _vfz Value: leaderpost%2Ecom.00000000-0000-4000-8000-086ae4e8d034.1645118478.1.medium=direct\|source=\|sharer_uuid=\|terms=
leaderpost.com/	1970-01-20 09:44:14	Name: _vfa Value: leaderpost%2Ecom.00000000-0000-4000-8000-086ae4e8d034.980aa7bb-85c4-4ff4-b2e0-87f38171828c.1645118478.1645118478.1645118478.1
.viafoura.co/	1970-01-20 09:44:14	Name: vfDeviceId Value: d27b960e-7770-4088-9795-8c42ac8e8f73
.adsrvr.org/	1970-01-20 09:44:14	Name: TDID Value: 7d78259d-6a7f-455c-a490-21acef5caa32

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.googleadservices.com/pagead/conversion_async.js(Line 71) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope Message: Failed to load resource: the server responded with a status of 451 ()
javascript	warning	URL: https://leaderpost.com/news/local-news/sask-couple-who-donated-to-freedom-convoy-worried-about-effects-of-givesendgo-hack Message: The resource https://static.criteo.net/js/ld/publishertag.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

38778e4300c2defc3bdc35138647953b.safeframe.googlesyndication.com
adservice.google.com
adservice.google.de
ak.sail-horizon.com
ampcid.google.com
ampcid.google.de
analytics.twitter.com
api.rlcdn.com
api.sail-personalize.com
api.viafoura.co
assets.ribn.com
auth.lrcontent.com
beacon.krxd.net
buy.tinypass.com
c.amazon-adsystem.com
c2.piano.io
cdn.adsafeprotected.com
cdn.krxd.net
cdn.parsely.com
cdn.tinypass.com
cdn.viafoura.net
cm.g.doubleclick.net
config.lrcontent.com
connect.facebook.net
consumer.krxd.net
cookiesync.mparticle.com
d395dw5zk780j2.cloudfront.net
experience.tinypass.com
fem.prod.postmedia.digital
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hb.districtm.io
i.viafoura.co
identity.mparticle.com
js-sec.indexww.com
jssdkcdns.mparticle.com
jssdks.mparticle.com
leaderpost.com
livecomments.viafoura.co
match.adsrvr.org
notifications.viafoura.co
p1.parsely.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
postmedia.hub.loginradius.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
smartcdn.gprod.postmedia.digital
snap.licdn.com
static.ads-twitter.com
static.criteo.net
stats.g.doubleclick.net
storage.googleapis.com
t.co
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.npttech.com
livecomments.viafoura.co
104.16.68.69
104.244.42.195
104.244.42.69
108.157.4.38
13.33.241.218
142.250.185.194
142.250.186.162
142.250.186.98
151.101.12.157
151.101.194.133
151.101.66.133
18.159.85.30
18.66.245.59
18.66.248.23
18.66.97.29
2600:1f18:44f0:4864:2e6d:ca5a:dd6:8b7c
2600:9000:223c:9e00:8:f216:eb80:93a1
2600:9000:2315:3e00:7:75d4:e40:93a1
2600:9000:2315:7200:8:2ae1:d740:93a1
2606:4700:10::6816:48e8
2606:4700:10::6816:49e8
2606:4700:3032::ac43:c0b6
2606:4700::6810:f015
2606:4700::6811:bab1
2a00:1450:4001:808::2002
2a00:1450:4001:809::2001
2a00:1450:4001:809::2003
2a00:1450:4001:809::200e
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:811::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2001
2a00:1450:4001:813::2002
2a00:1450:4001:828::2008
2a00:1450:4001:828::200a
2a00:1450:4001:829::2010
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2004
2a00:1450:400c:c0c::9b
2a02:2638::3
2a02:26f0:ef::5c7b:c25a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:400::645
2a04:4e42:600::645
3.210.251.31
3.226.102.122
34.107.199.243
34.120.133.55
34.149.157.221
35.71.131.137
52.205.167.202
52.222.214.98
52.31.15.140
52.50.160.17
54.144.244.112
72.247.225.98
75.2.40.13
06ad4c5b3f1e8ac2ef3629a33b2c1c370d1b713b36c2f9252ae81d8dcf739b7f
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
083ec931e5517a4ab713afbe9561e72b9186cb54e21b8b1eface9caefb54a966
0e857156220593413334008dc6f7b33c9783b3d189da9a262fa118c95b4cc6d9
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f771d519306d5ae99473e06775b77f1697c6992f74fa699c347baf01ddcb12c
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
179f43e8abd5e7bd49d05571dc29d22c9f5044eb17ca8253a49e3e28e716af61
190bc6bf64a88996a8505f258adba28cba4c993a6b1b446abd3d3ff552286a1c
1a1cb145978036238fc717a47ecca7efce5f18634a29ee41c0d57ce7f24eaf83
1aefec411441da454a39e812f8300125bfd117abc33f50f98c124419314da704
1edc83f7137848a661dbf5a61dbe4bb3b42fc7d064004560ea0269b45747e7d3
1fb82c9bb456f6d5336430ebb3d5b1e596ceb303ee99690f0c9187aa13a0cd43
214262f914b3c5434272e6ea7bc30eeaa0b6720de0d64263b6ba8305b7628b87
23ed9e43d3a7a0a92381e60256c5116a0760f62f707ba7c9508c21d63cef88ca
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
285cd4bd434ced1e61745af830ee62997aed72195709e76b0afa03ff2a02f1eb
2a57c084ba5fc039d4bc2f41ebe757f1aa7db0b6e3a001d4ebba63b4fc173a77
2a647bbfb5c6723ca10f9833ae08d3381b0061f982959571e56a55d7768cb7a5
2afcabe2eb6314148dfd9dfdec1333b973d97d0780cc08fddab8501afbb013e9
30068496cc913fb89e328b82897afe14f815ac0babab80b60758488f344bf75f
39a95bd7f8ff911c8a36dc1ae3b37f85d4684fd3897ab3df6dca5f8c3cd9b422
39c70b462953e470d215f5dce3cecc1266e79464ba71480cae5b044b9d04bedc
3bcfa04dbc2db44af54bd72a0f7b98912368f16f525729a1b9b673f62ca7e5c9
3c21160da384157ec08e4c6357133fd7ed4dcea5a6892555a987a794a23534b4
3d4937b7825482a591bc12eaed55f566a457ea178a8daf8bdc749dab5a67d448
40e562e806ce113ae7879d0dd76db82797b5c274794751c260381f2c8b283641
42d28b968b79182a5ce39cb1bfb0a1f62441f1fb1a5d233162712097967aa6cd
46ba5f0b3b0f72884e66f3f7c8ac6c6195741a4e77f15f55ae16927c6c913da4
478dc5cf0081c0e87de29362a19d61bcf104de99b9ff1b2a2bffad621376bc7e
4bef0d2ce9ddd3dcd15889345ea8e4ae1eb38c2bcf50bcd76daed2dc63f0a424
4d218ddf5faf24434848d295f99ad3cd8f3874aac2f030a7903e0f9ae8bb0f28
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e2baa0eca4c9b84bebfc0870c29b9594360a355684b1c248996f860707eb273
54f99710ea6dfde67c874d6f4d5e1ad6364cf81c89fceca1ae35967fd3b03855
5533cbbe9d75503538dd815cf22882b28590e552b96c8382368a541391f243f5
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55cf3c8ccae9912ebc0db05ea8a4cd0ad49a8e9cf9f1cf9407e70ede00c35bd6
5895cfad1cfce0c1e987cc4afb960e1a80806f2182246a72e4ee3c09224bd773
58d6350da5588a52d6baa4efc27a3362b4ee69dba3504fc762f934d7bb5d0bc4
612bb5073177979407029e64e8e7c9724366129c49adf6f2185727d7b483d550
61a2b2588acde0ccae626edbff25bbe32c1ff43cc0d89859c4ef48af507cd356
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61d4ca0200e3201193169511e7f5bc6d9bee393eb6fd14c4e92145ababfd8e72
68a335c0d87dce935fee1811892070e78c514828d50bfe2ae21fde739ec1002c
6a635aea585d77e3a27766c7535ba7a51279eefc79406e7fcaca9ca075139a8a
6b1ceb435ff95c2319b62ccd6cdfdede730eef0b05c695320801c857949f16e7
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d9427c37b3f513b94c8f561aec82cc71bf4e92a819f0b476dcfbb31fe8f0856
6eab537d5690517231ae773a9e61878f08cedfe44fec4bad67276c66796a6b5a
70fa4d64a0ce7865405b042c69f8c8bd41bf64d627797b3b85bd1a7bb19e4737
734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5
73ce21104cbd5c5d38a7f58633f41f6aaf3cf9bb58d2166935871115df10086f
73d9b51beb0d4902120e61420dfb1801f0633c53177f1c3bfb89c570f59a9857
73f5cb8f7a137847e41aeb849588174535651b6e140d8b13575f46fff0c496a2
74827385d216e6c6e67f46832b930057afb02e98a099fb63896df2d1d6c055b2
7538e8f23fac8278c6027d8865bd1240514a3ff64b2c0af3b8ed3583e8ecce6b
784acd540b5fcfb87c47dfe12e5311084ce692366a2ac196fd5cc8eb28ff4c23
79c381d0b010da04e31a1da615ecb7b142984a8fa33f080485a2c109ce064f15
7a8eeaf2b963d18188f07f3e78982938224c9e58b5fab050989e51cbf44a3d6c
7b2a56b0eb602448d41fc9129c0b36b4478f9688ada3a5a7aa105ee3406c4026
7d1ab3db0ae01e2d01a90f374077991c4bbd5ee4c077fb6397be13b4c553f6cd
826a2a1830fe1a09b4b925a910ed8808623aecd72649e8f2ef81e1adcc727bbe
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8e2dcb9912e96ad6472e010d4e66d67c647dfc385f09d652c1ff8d4d752baf14
8efc268132d526206d433febe50d279a657513bcf23a6b6a527f84811c6ba6c8
9008ac843d4735e349bdde45c352caeb6d5c1517622730fa602d6b56cf5e4b3a
9034335635758d7a2b0d8f6f94a42f45ca55f3a87ed38929c7ab89800036e708
9081938d5c9644dacf6668cb6c1283d208fb92b487b159235a0d92fd0a4f6379
942720ed4dc6c4877c872c9bf504624cfd62c56b1b30e0b3713707d7e0ae5d05
9583896b055daf21c4eb2e4badf13da0f2a0415d52107f5cf32717fac3eac9fa
975a64dc9bbc5e1884ba8ca2e76d9b2791d16d5c9f3619bf30477cd21a8636d2
98d6f6bbd06e3e09e464f94db0718f1d8a306cb0db5af0b335b921f6a52e27bb
99099350f5b5c07c53cdf8e58b5a50f60b945456dfa9efc54bf731385817f560
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
99394b0f6e9f0aefd71dd6a9ad59129ff7852e7734905bead2f2cec5789e3436
9f8ffd0b38bc5e22245c02bdf6c4f492fc20bbd187186f9c707a202f44f6eef9
a0c488cf1be315faa11f5ac3e8d0a5aaecf055ceceacb96e5bb373c6446cffde
a0db09b88f189116f13431f1360ece41070508b5108a84311a9bf0adf8461cea
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1f4086973dc8059c20b2a680c1e4cfae4069ff3a4a063a297bbcd9281115dab
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a27f7fe38b712f49c5a534ebeb70f5d965b04dcf1fa804ea9ac43d16672564c8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a65ce992525abe57691b53f84e57f71ac9723a5ef6d67f5d351a08199b752dbf
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa7f0ad6c00133d2dcbdf466bc3e3205527e8f8b89d2f0b5b4ad488926713bad
aa8c4f5924fd06cbaf5c65fac729f0c3207d1f70534b07fc0915948c41b29d6e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0fa638224ea15ec6ceca9e109aad95fbc9cebb41fa822712258b48bf91271cb
b3afcfed67e2042d89faa911db1b1015adf1951832f11b409e835d5ae24a06b2
b40fffdca8df7dcf6a825dc35de6f3ee8bca5119730c8938e77e805d8016cb78
b6dc85459fbb9d03f478d91eae99e6627e04c8f805b08e4b97423ffbc3870d9d
bb4fb0059425e84fccb29bdbdaa7c010b6fc4a5e831487b1eeb9c4b108e214b5
bd42ab1e963caae23b78541c50e8b5d8146d0c6b2151fcfcfa938c17c417f68e
bda2c84e2934508dd2b995f28876c68e3f0cf0955173bcf040b76ecc63e03786
be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e
bf29e910d65b76c674db7b9581154237e685ab3db0f37772509a7858c8401f03
c3a0156aa31c957ce7628ffdcd9ad892c6a5a9998e31eb447e5d94adfbb779ac
c5bfe7e837984f45a4b301978ceb06a03fea2e60a15b937d99fd5b30d6ae9946
c81cab8c63d469329c0e0724770c6c8622f0d5d1fb8b6f919b6d7dddfadba190
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce692bec554444462b048acc008f1485cfd4f76e7435f0f511e2699a8a42c115
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf5b5560fe04415286fbe9ef482f37c284d20aef32572d0929bfed9e1f1edad0
d04afc774d80c39a178f6b42d961777a3cec7be7dfe585618d75f02abc515a97
d06ae5e97e495832fc4526c3e93d7e9440f1faf5f77669b41678c9d564a25faf
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d33e6484d03b08f00e8578780f4562ddadf7f80650c06bdc3a139c136b034857
d3fb20870b9f2c49fb9c9919d049a416817a9d38799da2045239f69e5b1117af
d5e99c98dbc73d40a3542bd842c897fcada89a78313c284df57697469f1d16ac
d984a247beba5abcd72a6b6dd131ae1767b6d0cc76ad1223b33e8e3d5a7e05c0
d99d763e44086d6f3af82fad5623e1ff9948568e251cad967b14455ed7b41189
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
df8017f3233fba90e392777ef6489b224840ffbfd84a795366dd8d689d305649
e2cf23246faa8dc51d53f8194af77082ccfa8dff6a73596ea98c0ded52fb3a39
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6bc4c20dcc1a55d6be470b28e96cde219e2f0b28bf3163df19a95841a6492e8
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
ee7fa9758461125ca596582dc9082a355124c94c6b989f188bac28ad1ff5c191
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef1c55f2165c2e95a1f17def4a8d5e1169931e223eab40857dbe186295cc02db
efe645e30b1c609185fa0cb178858f9097e6f4b3407f23feffe6b4087f697cc5
f0fac28aced9059761b7c48d72ee3cfba9ec945ae2d42d5fa9f4d578f3efc52f
f1eb5270010ae9baf2e304fcb663e23d4f07a54e71ee3ff1730956b1a4eb9f1b
f6c217cf4a70824e150c9b84635540ccebfacd9f4a6b024d8d3d13e7226ca0ec
f79e1f14cff6f380ebbbea645bb159978ead5447a33a0ced34534b2271eb4019
f7a4a046540cd7b682afc0d129cbbdea16081d1a54dfd3385115725f960c54c9
fb032624f5acc849cc61bbb2a0f7698c41cbc4a81bd914046c0ba342107b3ef8

leaderpost.com Open in urlscan Pro 34.107.199.243 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

162 Requests

97 %HTTPS

53 %IPv6

39 Domains

63 Subdomains

59 IPs

6 Countries

2303 kBTransfer

7239 kBSize

36 Cookies

44 Outgoing links

Redirected requests

162 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

leaderpost.com Open in urlscan Pro
34.107.199.243 Public Scan

Screenshot
Live screenshot

Full Image

162
Requests

97 %
HTTPS

53 %
IPv6

39
Domains

63
Subdomains

59
IPs

6
Countries

2303 kB
Transfer

7239 kB
Size

36
Cookies

162 HTTP transactions
0 data transactions