Submitted URL: https://bankruptcysaskatchewan.ca/
Effective URL: https://mnpdebt.ca/en
Submission: On April 12 via automatic, source certstream-suspicious

Summary

This website contacted 30 IPs in 6 countries across 23 domains to perform 75 HTTP transactions. The main IP is 2606:4700:20::ac43:6049, located in United States and belongs to CLOUDFLARENET, US. The main domain is mnpdebt.ca.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 4th 2020. Valid for: a year.
This is the only time mnpdebt.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 19 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 142.250.74.198 15169 (GOOGLE)
5 2a03:2880:f01... 32934 (FACEBOOK)
1 13.226.146.155 16509 (AMAZON-02)
2 2 2606:2800:234... 15133 (EDGECAST)
2 199.232.136.157 54113 (FASTLY)
5 2620:116:800d... 16509 (AMAZON-02)
1 4 52.30.2.3 16509 (AMAZON-02)
3 93.184.220.42 15133 (EDGECAST)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2600:9000:218... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.244.42.69 13414 (TWITTER)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
6 2a03:2880:f11... 32934 (FACEBOOK)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 212.82.100.181 34010 (YAHOO-IRD)
1 172.217.16.130 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.226.154.171 16509 (AMAZON-02)
2 104.244.42.131 13414 (TWITTER)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
75 30
Domain Requested by
19 mnpdebt.ca 1 redirects mnpdebt.ca
code.jquery.com
6 www.facebook.com mnpdebt.ca
4653320.fls.doubleclick.net
5 connect.facebook.net mnpdebt.ca
connect.facebook.net
4653320.fls.doubleclick.net
5 www.google.com mnpdebt.ca
4653320.fls.doubleclick.net
www.gstatic.com
www.google.com
4 insight.adsrvr.org 1 redirects mnpdebt.ca
d1eoo1tco6rr5e.cloudfront.net
js.adsrvr.org
3 www.gstatic.com www.google.com
3 static.olark.com mnpdebt.ca
static.olark.com
3 secure.quantserve.com mnpdebt.ca
4653320.fls.doubleclick.net
3 4653320.fls.doubleclick.net 1 redirects www.googletagmanager.com
adservice.google.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
mnpdebt.ca
2 analytics.twitter.com platform.twitter.com
2 t.co mnpdebt.ca
4653320.fls.doubleclick.net
2 pixel.quantserve.com mnpdebt.ca
4653320.fls.doubleclick.net
2 rules.quantcount.com secure.quantserve.com
2 static.ads-twitter.com mnpdebt.ca
4653320.fls.doubleclick.net
2 platform.twitter.com 2 redirects
1 www.google.de 4653320.fls.doubleclick.net
1 d1eoo1tco6rr5e.cloudfront.net 4653320.fls.doubleclick.net
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com 4653320.fls.doubleclick.net
1 sp.analytics.yahoo.com 4653320.fls.doubleclick.net
1 s.yimg.com 4653320.fls.doubleclick.net
1 adservice.google.de 1 redirects
1 adservice.google.com 4653320.fls.doubleclick.net
1 stats.g.doubleclick.net www.google-analytics.com
1 js.adsrvr.org www.googletagmanager.com
1 code.jquery.com mnpdebt.ca
1 fonts.gstatic.com fonts.googleapis.com
1 www.googletagmanager.com mnpdebt.ca
1 fonts.googleapis.com mnpdebt.ca
1 bankruptcysaskatchewan.ca 1 redirects
75 31
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-04 -
2021-08-04
a year crt.sh
upload.video.google.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
www.google.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
jquery.org
Sectigo RSA Domain Validation Secure Server CA
2020-10-06 -
2021-10-16
a year crt.sh
*.doubleclick.net
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-02-10 -
2021-05-10
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2020-08-14 -
2021-08-19
a year crt.sh
*.quantserve.com
DigiCert SHA2 High Assurance Server CA
2020-10-02 -
2021-10-07
a year crt.sh
s2.wac.edgecastcdn.net
DigiCert TLS RSA SHA256 2020 CA1
2020-11-17 -
2021-11-23
a year crt.sh
*.g.doubleclick.net
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1
2021-02-05 -
2022-02-04
a year crt.sh
*.google.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.yahoo.com
DigiCert SHA2 High Assurance Server CA
2021-03-24 -
2021-05-12
2 months crt.sh
*.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2020-12-29 -
2021-06-22
6 months crt.sh
www.googleadservices.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.cloudfront.net
DigiCert Global CA G2
2021-02-22 -
2022-02-21
a year crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2021-02-05 -
2022-02-04
a year crt.sh
www.google.de
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh

This page contains 9 frames:

Primary Page: https://mnpdebt.ca/en
Frame ID: 93936E292AE885374741CFCD4C7DF859
Requests: 41 HTTP requests in this frame

Frame: https://4653320.fls.doubleclick.net/activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Frame ID: 1E5A1FD99AC23BBAB34DCB4AD1F80799
Requests: 1 HTTP requests in this frame

Frame: https://static.olark.com/jsclient/app.js
Frame ID: 64E1A398A9063D83523E2A772390BF36
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Frame ID: 34CB19A5562AF5AD3C3026477204D23A
Requests: 1 HTTP requests in this frame

Frame: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Frame ID: 88EA6DE0A69CCEA02D96CA12C1659532
Requests: 21 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/v0a83xf/br3816j9/iframe
Frame ID: 11359068D1C7FF765054E1B7315B3D20
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3ijo97gwxgi0
Frame ID: 988A591427AC8000CC7D9721B95CEE84
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
Frame ID: 9531E289DCF11C8091D7FE5B1D5E7F1B
Requests: 5 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=i4v66ce&ref=https%3A%2F%2Fmnpdebt.ca%2Fen&upid=nfk090t&upv=1.1.0
Frame ID: 1A8FEAF1702349B4D7B68EAEDE57CCD0
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://bankruptcysaskatchewan.ca/ HTTP 301
    https://mnpdebt.ca/ HTTP 301
    https://mnpdebt.ca/en Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

75
Requests

99 %
HTTPS

69 %
IPv6

23
Domains

31
Subdomains

30
IPs

6
Countries

1320 kB
Transfer

3433 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bankruptcysaskatchewan.ca/ HTTP 301
    https://mnpdebt.ca/ HTTP 301
    https://mnpdebt.ca/en Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://4653320.fls.doubleclick.net/activityi;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen HTTP 302
  • https://4653320.fls.doubleclick.net/activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Request Chain 21
  • https://platform.twitter.com/oct.js HTTP 301
  • https://static.ads-twitter.com/oct.js
Request Chain 39
  • https://adservice.google.de/ddm/fls/i/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen HTTP 302
  • https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Request Chain 41
  • https://platform.twitter.com/oct.js HTTP 301
  • https://static.ads-twitter.com/oct.js
Request Chain 54
  • https://insight.adsrvr.org/tags/v0a83xf/br3816j9/iframe HTTP 303
  • https://d1eoo1tco6rr5e.cloudfront.net/v0a83xf/br3816j9/iframe

75 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request en
mnpdebt.ca/
Redirect Chain
  • https://bankruptcysaskatchewan.ca/
  • https://mnpdebt.ca/
  • https://mnpdebt.ca/en
64 KB
14 KB
Document
General
Full URL
https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75a25aa822f4dbf0021bd3ca3b6f5a0f4f78f6d9ceffe56c73313d908a6434c2
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
mnpdebt.ca
:scheme
https
:path
/en
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dfc96f993336b1726c6366d2e1b9f644d1618264250; TiPMix=2.09139245659643; x-ms-routing-name=self; ARRAffinity=f24026fcd3ac0c6f8bfecb011c95920d499c2c4b25624a8d4ed52fb00ec0d013; ARRAffinitySameSite=f24026fcd3ac0c6f8bfecb011c95920d499c2c4b25624a8d4ed52fb00ec0d013
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-type
text/html; charset=utf-8
cache-control
private
vary
Accept-Encoding
set-cookie
website#lang=en; path=/ ASP.NET_SessionId=0ogej4005k1xz0forifoxj0w; path=/; HttpOnly; SameSite=Lax website#lang=en; path=/ ASP.NET_SessionId=0ogej4005k1xz0forifoxj0w; path=/; HttpOnly; SameSite=Lax SC_ANALYTICS_GLOBAL_COOKIE=9605e195986445bd88858e51e103dcbf|False; expires=Thu, 10-Apr-2031 21:50:51 GMT; path=/; HttpOnly __RequestVerificationToken=E6A8M8x4lwQ9Tmpzyppwvz4knESh-m2Rdx1miEedy7KEC8qoQmrHe31acGH0tO_DfYd7q0fstc1El2bkO_MHVMq6fx7S-rQuHp8GCAo-PeM1; path=/; HttpOnly
x-frame-options
SAMEORIGIN
cf-cache-status
DYNAMIC
cf-request-id
0969a9f2be00004deeb99dc000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sh6ff1%2Ffdy0Q%2BEbaJZCYYPxVF64282gcgPe23dI4nj9U84Ugsh3Ub%2F7wq4vpufMghqvG6l%2FC0GBym6TZz2zTrJcHSzwR%2Fgm0XPymwqUARZP3iuiVRpex"}]}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
63efac312e614dee-FRA
content-encoding
br

Redirect headers

date
Mon, 12 Apr 2021 21:50:51 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dfc96f993336b1726c6366d2e1b9f644d1618264250; expires=Wed, 12-May-21 21:50:50 GMT; path=/; domain=.mnpdebt.ca; HttpOnly; SameSite=Lax; Secure TiPMix=2.09139245659643; path=/; HttpOnly; Domain=mnpdebt.ca; Max-Age=3600; Secure x-ms-routing-name=self; path=/; HttpOnly; Domain=mnpdebt.ca; Max-Age=3600; Secure ARRAffinity=f24026fcd3ac0c6f8bfecb011c95920d499c2c4b25624a8d4ed52fb00ec0d013;Path=/;HttpOnly;Secure;Domain=mnpdebt.ca ARRAffinitySameSite=f24026fcd3ac0c6f8bfecb011c95920d499c2c4b25624a8d4ed52fb00ec0d013;Path=/;HttpOnly;SameSite=None;Secure;Domain=mnpdebt.ca
location
https://mnpdebt.ca/en
cf-cache-status
DYNAMIC
cf-request-id
0969a9f0f200004deeff36a000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Jzg61dGGbkZq9dXBfWrjFoG%2F%2BBrUlaIYTlW%2Bza3msJa6gKrWwbCHgXy2kGv%2FIxz1%2FLRxsycRIYEjaQQrFRQViUOuqKIxQYn%2FYBGscUrtu4tIoC9Tffvf"}]}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
63efac2e59904dee-FRA
VisitorIdentification.js
mnpdebt.ca/layouts/system/
2 KB
975 B
Script
General
Full URL
https://mnpdebt.ca/layouts/system/VisitorIdentification.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 22 Nov 2019 01:16:17 GMT
server
cloudflare
age
5810
etag
W/"85992271d2a0d51:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yXb9dbBEGPxQGbKIa2AQ9zJLerm8QB5lhedgLPn%2B3tmp1rPs2GGAuHCwMSayraSAxWTtRFpyB9jSVv%2BI0gQVeiqX9kpXxFFyfH3f09lE9EiXTQ8965BB"}]}
content-type
application/x-javascript
cache-control
max-age=14400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63efac384a284dee-FRA
cf-request-id
0969a9f73100004deec330a000000001
icon
fonts.googleapis.com/
568 B
474 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1cf458acc26fd5be1cc1ad94b164e5a05f97af3ea6b2686c154fadd61a1219cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 12 Apr 2021 21:50:52 GMT
server
ESF
date
Mon, 12 Apr 2021 21:50:52 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 12 Apr 2021 21:50:52 GMT
website.min.css
mnpdebt.ca/Assets/
537 KB
65 KB
Stylesheet
General
Full URL
https://mnpdebt.ca/Assets/website.min.css?v=oRQiKUcjHDRMjC0dAG9G4NWWHiYzG8KwQUYPK8LzUEQ1
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27e9001a7511027e8f8fd223f360f1a694367cf4eb6c213cc171c0a88497944e

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 02 Apr 2021 00:59:57 GMT
server
cloudflare
age
939054
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent,Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7HRQnPpLcph3XXA%2FuyYs%2FBauUSI9c7qvt3rNa3x7%2FgG96qr8K2Ng515RRuezxOV57UA1JlZzCSJKCGkjUXeNgO7pnON6V5y1Seg67g7qDaQRd6RTk9Ea"}]}
content-type
text/css; charset=utf-8
cache-control
public, max-age=14400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63efac384a2b4dee-FRA
cf-request-id
0969a9f73100004deeff3cd000000001
expires
Sat, 02 Apr 2022 00:59:57 GMT
mnp-310_logo_343-png.png
mnpdebt.ca/-/media/images/mnpdebt/branding/
8 KB
8 KB
Image
General
Full URL
https://mnpdebt.ca/-/media/images/mnpdebt/branding/mnp-310_logo_343-png.png?h=259&w=490&hash=4298041970DAA3BF90E29F6498AA67D2
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2993c26dee73b35f7a11de5aa4c3252752ab0e002084cf85c351994fec4c9d4

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
cf-cache-status
EXPIRED
nel
{"max_age":604800,"report_to":"cf-nel"}
content-disposition
inline; filename="MNP-310_logo_343 png.png"
content-length
8190
cf-request-id
0969a9f74200004deea0039000000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MeTER20C1m008fPv6K%2BbwOAjgd4lbdqekesHOh0a1AZMF00sRZ%2ByWDDzvP3TjonN11bibLLw6EhAtRhR1PIrTAFvOA4l46Uc8SjkfDVgkf9EQyc1lppj"}]}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
63efac386a604dee-FRA
expires
-1
consumer-mobile-logo.png
mnpdebt.ca/-/media/images/mnpdebt/branding/
2 KB
3 KB
Image
General
Full URL
https://mnpdebt.ca/-/media/images/mnpdebt/branding/consumer-mobile-logo.png?h=55&w=125&hash=9CCA7CA96776EF7F851B95A459513470
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
067cc995531f1cb16875cc806d500fe69d91e059b67ce468aa8a5c3280bcafa1

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
cf-cache-status
EXPIRED
nel
{"max_age":604800,"report_to":"cf-nel"}
content-disposition
inline; filename="consumer mobile logo.png"
content-length
2466
cf-request-id
0969a9f74300004deeea844000000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VfQ%2BA4OJOoZDLLvgaSHQo%2FA70%2FO3H3L8ZoHQUSLD6C7F9ToBTByS1thkJDSVf8u3ASmVic7VfNWMEG6EQk0Cq%2BARovoK1V6ArUxGlxmcmlqan1YmRLBt"}]}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
63efac386a644dee-FRA
expires
-1
homepage-image_0013_10---asian-woman---shutterstock_104037125-png.png
mnpdebt.ca/-/media/images/mnpdebt/hero-banner-backgrounds/consumer/home-page/persona/
209 KB
210 KB
Image
General
Full URL
https://mnpdebt.ca/-/media/images/mnpdebt/hero-banner-backgrounds/consumer/home-page/persona/homepage-image_0013_10---asian-woman---shutterstock_104037125-png.png
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb9185b7c83f7eaa5e493441f9acb59dea62954cee04030563f4c8bb7dff4518

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
cf-cache-status
EXPIRED
nel
{"max_age":604800,"report_to":"cf-nel"}
content-disposition
inline; filename="Homepage-image_0013_10---Asian-Woman---shutterstock_104037125 png.png"
content-length
214503
cf-request-id
0969a9f74400004dee0536b000000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M%2FIap7Az6Mhd%2Be6tyLvC9MJbNtGGIkkNknpSuCrmh3Ofrk55pSk5j8PeHmhUl5IcnBw0RNntNXfybvwYa%2F%2B9Y7vR7%2FG84Aolut91w5tpWKylfSNHj%2B0P"}]}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
63efac386a664dee-FRA
expires
-1
personal-bankruptcy-overview_video-thumbnail.jpg
mnpdebt.ca/-/media/images/mnpdebt/consumer/video-thumbnails/landing-pages/
23 KB
23 KB
Image
General
Full URL
https://mnpdebt.ca/-/media/images/mnpdebt/consumer/video-thumbnails/landing-pages/personal-bankruptcy-overview_video-thumbnail.jpg?h=480&w=640&hash=44B45CD3ACEB6A28D2C8BB973B33030A
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
976f29c8a8ee58439d74e1f1bb53120ad3092de25cc8cc1c5283f012dc906464

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
cf-cache-status
EXPIRED
nel
{"max_age":604800,"report_to":"cf-nel"}
content-disposition
inline; filename="Personal Bankruptcy Overview_video thumbnail.jpg"
content-length
23055
cf-request-id
0969a9f74400004deee83f5000000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vN3Xq08N5UM7x2MbqfTmxiwx%2Fzu4FWwdfdyUvZeysQ1zGsnP76QOaUyg%2B1zAr3sktqfQu740IpxA9wsLey7TPAoY48cEMdg8WD%2FS%2FKt8WcxVHYTHpOFb"}]}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
63efac386a674dee-FRA
expires
-1
consumer-proposal-overview_video-thumbnail.jpg
mnpdebt.ca/-/media/images/mnpdebt/consumer/video-thumbnails/landing-pages/
16 KB
16 KB
Image
General
Full URL
https://mnpdebt.ca/-/media/images/mnpdebt/consumer/video-thumbnails/landing-pages/consumer-proposal-overview_video-thumbnail.jpg?h=480&w=640&hash=6095214309BF4C985036FA12F16368F4
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84d12b55467e8510c7e91b0c10109decd5bdd14881381252dbe13485e78d77cc

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
cf-cache-status
EXPIRED
nel
{"max_age":604800,"report_to":"cf-nel"}
content-disposition
inline; filename="Consumer Proposal Overview_video thumbnail.jpg"
content-length
16109
cf-request-id
0969a9f74400004deee62ad000000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BRGc9MPxto3BmEZIXQntX0e9gQqGoJBX9ezzOTZ7Pyl%2Bx3AcebbUJ%2BLP79dCh0fGQykHHtpDf%2Fet%2BCsNgZpwayXhODOXzlzkWxbfbBNsIgQiFVDZULix"}]}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
63efac386a694dee-FRA
expires
-1
gtm.js
www.googletagmanager.com/
192 KB
59 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KSKXSV
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
13a9819211c3b9d53bbc070799f1e189a2e81f38476d0490b51a53031c902b53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60548
x-xss-protection
0
last-modified
Mon, 12 Apr 2021 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 12 Apr 2021 21:50:52 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v84/
100 KB
100 KB
Font
General
Full URL
https://fonts.gstatic.com/s/materialicons/v84/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
570ff0550f9c0a2c1a05c087ba47d3a9d7ff7de281367b28b811945396f2ed6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://mnpdebt.ca
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 08 Apr 2021 20:26:14 GMT
x-content-type-options
nosniff
last-modified
Thu, 08 Apr 2021 20:10:46 GMT
server
sffe
age
350678
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
102396
x-xss-protection
0
expires
Fri, 08 Apr 2022 20:26:14 GMT
mnp-businessexcellence-2021-540x271.png
mnpdebt.ca/-/media/images/mnpdebt/datasourceimages/consumer/
65 KB
65 KB
Image
General
Full URL
https://mnpdebt.ca/-/media/images/mnpdebt/datasourceimages/consumer/mnp-businessexcellence-2021-540x271.png?h=271&w=540&hash=7B43F91D98BA316382F8BCA6BB7BC6BD
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62038998c1ec09d4cc2e746d08d3e16a417bb5697b90fa918ce56a820514c700

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
cf-cache-status
EXPIRED
nel
{"max_age":604800,"report_to":"cf-nel"}
content-disposition
inline; filename="MNP BusinessExcellence 2021 540x271.png"
content-length
66167
cf-request-id
0969a9f7d200004deed239b000000001
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=laBDI0Hqg729TZiTQW%2FQybn49kFy5Xolw4EK3vRV8Asy97zCvgRzFVGFi28E3MRVNdz2fNQuwMzayGyDxkvUu8CRgrL8hBB0P3t42B4gZhlvYrCxZI9q"}]}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
63efac394bf44dee-FRA
expires
-1
api.js
www.google.com/recaptcha/
850 B
643 B
Script
General
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2717dcc1ddd778f68223461ebd53610370e7617b6c74366bfc16a1e6e979cc58
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
555
x-xss-protection
1; mode=block
expires
Mon, 12 Apr 2021 21:50:52 GMT
jquery-3.4.1.min.js
code.jquery.com/
86 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Origin
https://mnpdebt.ca
Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
last-modified
Wed, 01 May 2019 21:14:27 GMT
server
nginx
etag
W/"5cca0c33-15851"
vary
Accept-Encoding
x-hw
1618264252.dop206.fr8.t,1618264252.cds285.fr8.hc,1618264252.cds236.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30638
bootstrap.min.js
mnpdebt.ca/Assets/Project/
57 KB
15 KB
Script
General
Full URL
https://mnpdebt.ca/Assets/Project/bootstrap.min.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 07 Apr 2021 12:04:27 GMT
server
cloudflare
age
5810
etag
W/"5cf1ae28a62bd71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DRdr6NUWCip12kSQNStL5cCeBBdUQAk2AhSlnMLSwGgIykgOzpST463M1zQOpo1NuXBzimyy46dhdHoE4NBK1leFLVDPBEeOZaqmk0hy9Xzo38a2txTX"}]}
content-type
application/x-javascript
cache-control
max-age=14400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63efac394bf04dee-FRA
cf-request-id
0969a9f7ce00004deeac0c5000000001
website.min.js
mnpdebt.ca/Assets/
23 KB
4 KB
Script
General
Full URL
https://mnpdebt.ca/Assets/website.min.js?v=NULeXPmG2flWLWWEFG0EdZuuYL97vLvH9Y3CEVRL5801
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1874082bd99e6767417fe084a4f62d0069239ef923dfbaed3becdf8ac60fa5e

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 27 Mar 2021 18:35:37 GMT
server
cloudflare
age
1394115
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent,Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wI71OmrKJFED81el93XRJiYr86MSrPI6xltgAecT1JtB5lJ44CBYddjqpQF0F8LciM%2FayGM7oWOhOjm9DVFFCgWjGxH7kwQ4inyVrVS1%2FDO7SZS%2B0lQp"}]}
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=14400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63efac394bf14dee-FRA
cf-request-id
0969a9f7ce00004dee8e28b000000001
expires
Sun, 27 Mar 2022 18:35:37 GMT
slick.min.js
mnpdebt.ca/Assets/Project/
42 KB
10 KB
Script
General
Full URL
https://mnpdebt.ca/Assets/Project/slick.min.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 07 Apr 2021 12:04:28 GMT
server
cloudflare
age
5810
etag
W/"fd81429a62bd71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WK6siriGlYVf%2BUnYAMIB2cKF6pHelo07vQSFF9aboiEPzRqVLQrFyo1WPIepMNxocRXD7wISzNn7mEba542a04C9GJ4FnOBwbNl1dDyVzSr%2BJfwA6PhJ"}]}
content-type
application/x-javascript
cache-control
max-age=14400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63efac394bf24dee-FRA
cf-request-id
0969a9f7ce00004dee9ab01000000001
common.js
mnpdebt.ca/Assets/
27 KB
5 KB
Script
General
Full URL
https://mnpdebt.ca/Assets/common.js?v=o2Lct9Ia7S38qJcKqYprlq5akPuZ-4MHKKzuXYctBrY1
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ac1a4801e272ff65af96fd5d0be301dc4e26efb877a9777950dd42811f5ea45

Request headers

Referer
https://mnpdebt.ca/en
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 10 Apr 2021 22:13:27 GMT
server
cloudflare
age
171445
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
User-Agent,Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cCKlirCR4CmcgbG%2FNrxD8XTLFFXTkBsczhrm56rN5V8LALd2vD11lPccqPhGZAVnIFvhzURN%2BWUebwqHBhZYOfgaPK2M0wzBTAxDKUoVSYVU0wM9a1I%2B"}]}
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=14400
nel
{"max_age":604800,"report_to":"cf-nel"}
cf-ray
63efac394bf34dee-FRA
cf-request-id
0969a9f7cf00004deed239a000000001
expires
Sun, 10 Apr 2022 22:13:27 GMT
analytics.js
www.google-analytics.com/
48 KB
19 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KSKXSV
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 19 Mar 2021 19:22:18 GMT
server
Golfe2
age
7156
date
Mon, 12 Apr 2021 19:51:36 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19463
expires
Mon, 12 Apr 2021 21:51:36 GMT
activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
4653320.fls.doubleclick.net/ Frame 1E5A
Redirect Chain
  • https://4653320.fls.doubleclick.net/activityi;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen?
  • https://4653320.fls.doubleclick.net/activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F...
484 B
989 B
Document
General
Full URL
https://4653320.fls.doubleclick.net/activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KSKXSV
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.74.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f6.1e100.net
Software
cafe /
Resource Hash
a7f9e7a2d341405aee543386774260e2907c72c25c2c6d32da5c248ea88dc3ba
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
4653320.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mnpdebt.ca/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
about:blank

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Mon, 12 Apr 2021 21:50:52 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
387
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Mon, 12-Apr-2021 22:05:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Mon, 12 Apr 2021 21:50:52 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://4653320.fls.doubleclick.net/activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
fbevents.js
connect.facebook.net/en_US/
91 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
86cc35989be655e6cbe68540cf835dec34388862a948fbd05850100797c32319
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23784
x-fb-rlafr
0
pragma
public
x-fb-debug
st00nbgjqqxLZyPxj5z/+u8EobaGUYdd2bWhxL4IQTniBi3hNJ5NvB6LGfJbDLuGuPzQnl/DUT/oeFtz2PXCGg==
x-fb-trip-id
1512268381
x-frame-options
DENY
date
Mon, 12 Apr 2021 21:50:52 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
up_loader.1.1.0.js
js.adsrvr.org/
4 KB
2 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KSKXSV
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.146.155 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-146-155.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 18:22:36 GMT
Content-Encoding
gzip
Last-Modified
Thu, 24 Sep 2020 15:15:34 GMT
Server
AmazonS3
Age
12497
ETag
W/"98d98b3499058b76d58073cf8ede2f10"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 0406d08716a9781a5c19ff86db2debd3.cloudfront.net (CloudFront)
Connection
keep-alive
Transfer-Encoding
chunked
X-Amz-Cf-Pop
DUS51-C1
X-Amz-Cf-Id
o3Yb5DKCGWxaCAawxt1Imv8s3frYhEpYApG6__HuXjxUbCSM7K2t1w==
oct.js
static.ads-twitter.com/
Redirect Chain
  • https://platform.twitter.com/oct.js
  • https://static.ads-twitter.com/oct.js
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/oct.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
via
1.1 varnish
last-modified
Fri, 04 Dec 2020 00:21:46 GMT
age
72605
etag
"cbc512946c8abb461c6215ed5b454e5f+gzip"
vary
Accept-Encoding,Host
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding
gzip
cache-control
no-cache
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
1957
x-timer
S1618264253.555057,VS0,VE0
x-served-by
cache-hhn11523-HHN

Redirect headers

x-tw-cdn
VZ
Date
Mon, 12 Apr 2021 21:50:52 GMT
Server
ECS (frb/67F3)
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Location
https://static.ads-twitter.com/oct.js
Content-Length
0
quant.js
secure.quantserve.com/
23 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
etag
"YoFsxqR3BwPygbSjh02Dug=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 19 Apr 2021 21:50:52 GMT
/
insight.adsrvr.org/track/evnt/
70 B
261 B
Image
General
Full URL
https://insight.adsrvr.org/track/evnt/?adv=i4v66ce&ct=0:8qk2i4k&fmt=3&gtmcb=262704641
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.2.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-2-3.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 21:50:52 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
loader.js
static.olark.com/jsclient/
9 KB
3 KB
Script
General
Full URL
https://static.olark.com/jsclient/loader.js
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.42 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BB6) /
Resource Hash
8c7f96ede157fa378f00cc1c6bf9f2ac8a7bbbd96c3d3a3a285c50b6711f9f9c

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
last-modified
Mon, 22 Mar 2021 19:59:42 GMT
server
ECS (amb/6BB6)
age
5044
etag
W/"6058f72e-2347"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
accept-ranges
bytes
content-length
3178
via
1.1 google
expires
Tue, 13 Apr 2021 00:50:52 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/
332 KB
130 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://mnpdebt.ca
Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 11:15:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38098
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
132755
x-xss-protection
0
last-modified
Mon, 22 Mar 2021 04:06:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Apr 2022 11:15:54 GMT
regionsoffices
mnpdebt.ca/api/feature/forms/
11 KB
2 KB
XHR
General
Full URL
https://mnpdebt.ca/api/feature/forms/regionsoffices
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e65bdc84055873eda29e2b5fd2e564fe07a75d425a95c163fa7da9f736b0b0c

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://mnpdebt.ca/en
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6EoC82m9%2BQPDo9SME0S6d11tulMBKG9h8C7FhFV%2B%2BSt7uejE99M0%2FvRO1Ofs5bwGWKchS8eVzBPwlgTW3ZEIQ195RQ5ceZTLepFHsDa1%2F9%2FFOXQK956w"}]}
content-type
application/json; charset=utf-8
cache-control
private
cf-ray
63efac39fd0d4dee-FRA
cf-request-id
0969a9f83600004deea3bc7000000001
regionsoffices
mnpdebt.ca/api/feature/forms/
11 KB
2 KB
XHR
General
Full URL
https://mnpdebt.ca/api/feature/forms/regionsoffices
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e65bdc84055873eda29e2b5fd2e564fe07a75d425a95c163fa7da9f736b0b0c

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://mnpdebt.ca/en
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X1sC4PYfLQrVkTFy5%2B%2Bmy%2B6gDPo4WDA9I4fevP0sdukuwiNDE0viVhOl%2BFaaCFr73SXWH2rwig5q5WlQki3xRnAZMOj%2FirWrjjIDCyqz74O9oTEZi4xt"}]}
content-type
application/json; charset=utf-8
cache-control
private
cf-ray
63efac39fd114dee-FRA
cf-request-id
0969a9f83700004dee9527e000000001
testimonialratings
mnpdebt.ca/api/feature/forms/
331 B
453 B
XHR
General
Full URL
https://mnpdebt.ca/api/feature/forms/testimonialratings
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddb7aa10eb158d87b05d5c3ad89d6dd5dc12fc61732277e22c9a8929b85bb96d

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://mnpdebt.ca/en
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0a7fJ9cLtEZ%2F%2FNu9WoM0mWjcc9pfQwYnG5tfJTbsXFysOWxp22OQbkZffmAsSXg8gzv9w7RVRzf5bW3WSWazZjtbis3HaAzbRWDlz6nuFC3jRCz109Kl"}]}
content-type
application/json; charset=utf-8
cache-control
private
cf-ray
63efac39fd144dee-FRA
cf-request-id
0969a9f83800004dee0537a000000001
linkid.js
www.google-analytics.com/plugins/ua/
2 KB
1 KB
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:05:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
age
2711
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
859
x-xss-protection
0
expires
Mon, 12 Apr 2021 22:05:41 GMT
rules-p-ZvkjxaQPZCZrY.js
rules.quantcount.com/
737 B
1 KB
Script
General
Full URL
https://rules.quantcount.com/rules-p-ZvkjxaQPZCZrY.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:f000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c12a1af7f1e9da6e33672c5aff3e74f631c174033fc65f5a50a04278fc57e880

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 12 Apr 2021 21:50:52 GMT
via
1.1 77d8cf253666facea1bbe67902fcbbc1.cloudfront.net (CloudFront)
last-modified
Mon, 05 Apr 2021 21:04:36 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
etag
"ef1b91ec499fb398f399f42a66262250"
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
max-age=3600
accept-ranges
bytes
content-length
737
x-amz-cf-id
mWRt0BlcNwTefp2ISrOb681xnlMUx1yM_Dh_CXPkofC7-ZnVGD8Ilw==
collect
stats.g.doubleclick.net/j/
1 B
81 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-2003895-43&cid=2020205144.1618264252&jid=519159278&gjid=523892430&_gid=1159294416.1618264252&_u=aGBAgUAjAAAAAE~&z=1446283695
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 12 Apr 2021 21:50:52 GMT
content-type
text/plain
access-control-allow-origin
https://mnpdebt.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
122 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j89&a=1497084360&t=pageview&_s=1&dl=https%3A%2F%2Fmnpdebt.ca%2Fen&ul=en-us&de=UTF-8&dt=MNP%20Debt%20%7C%20MNP%20LTD%20310-Debt&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAgUAj~&jid=519159278&gjid=523892430&cid=2020205144.1618264252&tid=UA-2003895-43&_gid=1159294416.1618264252&gtm=2wg3v0KSKXSV&cd1=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36&cd3=0&z=1074089020
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 03:23:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
66437
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
pixel;r=349278457;labels=_fp.event.PageView;rf=0;a=p-ZvkjxaQPZCZrY;url=https%3A%2F%2Fmnpdebt.ca%2Fen;uht=2;fpan=1;fpa=P0-1097680599-1618264252539;ns=0;ce=1;qjs=1;qv=e576aef5-20210317211205;cm=;gdpr...
pixel.quantserve.com/
35 B
371 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=349278457;labels=_fp.event.PageView;rf=0;a=p-ZvkjxaQPZCZrY;url=https%3A%2F%2Fmnpdebt.ca%2Fen;uht=2;fpan=1;fpa=P0-1097680599-1618264252539;ns=0;ce=1;qjs=1;qv=e576aef5-20210317211205;cm=;gdpr=0;ref=;d=mnpdebt.ca;je=0;sr=1600x1200x24;dst=1;et=1618264252539;tzo=-120;ogl=title.MNP%20Debt%2Cdescription.Consumer%20Proposals%20and%20Bankruptcy%20for%20Over%2050%20Years%20%7C%20MNP%20LTD%20301-DEBT%2Csite_name.MNPDebt%252Eca%2Curl.https%3A%2F%2Fmnpdebt%252Eca%2Fen%2Ctype.Page%2Clocale.en-CA%2Cauthor.https%3A%2F%2Fwww%252Efacebook%252Ecom%2FMNPDebt%2F%2Cimage.https%3A%2F%2Fmnpdebt%252Eca%2F-%2Fmedia%2Fimages%2Fmnpdebt%2Fbranding%2Fmnp_logoltd343c-png%252Epng%2Cimage%3Awidth.1011%2Cimage%3Aheight.327
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 21:50:52 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
713135758770782
connect.facebook.net/signals/config/
241 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/713135758770782?v=2.9.33&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
758e5d50f0350d3e66f69a704f01357d673f9c6892b7011910f03d60ebcbfaca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
70678
x-fb-rlafr
0
pragma
public
x-fb-debug
LGeIlAEHC0hK3dmOLFb66QnVjWeXYJ59i8oSVgJb4FWzcOn1CuRjHgT56BZlOfFqnxuem7zGy1E+LU4rmOBzIg==
x-fb-trip-id
1512268381
x-frame-options
DENY
date
Mon, 12 Apr 2021 21:50:52 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
x-xss-protection
0
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
adsct
t.co/i/
43 B
448 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nyul5&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fmnpdebt.ca%2Fen
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
112
pragma
no-cache
last-modified
Mon, 12 Apr 2021 21:50:52 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
86b985a886e3ad4c0a3c77aff3aa5438
x-transaction
00bcf4b2000fa21d
expires
Tue, 31 Mar 1981 05:00:00 GMT
app.js
static.olark.com/jsclient/ Frame 64E1
54 KB
18 KB
Script
General
Full URL
https://static.olark.com/jsclient/app.js
Requested by
Host: static.olark.com
URL: https://static.olark.com/jsclient/loader.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.42 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (amb/6BAE) /
Resource Hash
9735a5d3f4128ed051cdec18354519961f2d53d75931d88cd1018ec2ca2f9f1e

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
last-modified
Mon, 22 Mar 2021 19:59:42 GMT
server
ECS (amb/6BAE)
age
4382
etag
W/"6058f72e-d957"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=10800
accept-ranges
bytes
content-length
18468
via
1.1 google
expires
Tue, 13 Apr 2021 00:50:52 GMT
3801-404-10-5377.js
static.olark.com/a/assets/v0/site/ Frame 64E1
15 KB
15 KB
Script
General
Full URL
https://static.olark.com/a/assets/v0/site/3801-404-10-5377.js?cb=1618264252683
Requested by
Host: static.olark.com
URL: https://static.olark.com/jsclient/app.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.42 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
TwistedWeb/12.0.0 /
Resource Hash
fcd9c866bfe575533162c0ef31f4d5477778165dc6489291f29319be5538aa57

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 12 Apr 2021 21:50:52 GMT
via
1.1 google
server
TwistedWeb/12.0.0
content-type
application/javascript
dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
adservice.google.com/ddm/fls/i/ Frame 34CB
483 B
618 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/activityi;dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b641501a113990314b6d9bc19914d1f3d3e4b55922b3de82faf0e5251dab1c30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
adservice.google.com
:scheme
https
:path
/ddm/fls/i/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://4653320.fls.doubleclick.net/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://4653320.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Mon, 12 Apr 2021 21:50:52 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
385
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
4653320.fls.doubleclick.net/ddm/fls/r/ Frame 88EA
Redirect Chain
  • https://adservice.google.de/ddm/fls/i/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpde...
  • https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F...
5 KB
2 KB
Document
General
Full URL
https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
142.250.74.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f6.1e100.net
Software
cafe /
Resource Hash
3a27f7f9b8e439e14b04e3346419308a0c2bb01fbd668e4a0f04027446511a45
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
4653320.fls.doubleclick.net
:scheme
https
:path
/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://adservice.google.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Mon, 12 Apr 2021 21:50:52 GMT
expires
Mon, 12 Apr 2021 21:50:52 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
1819
x-xss-protection
0
set-cookie
IDE=AHWqTUnLSAl-Lr3t7kNCwSN_lAvtqHkNecXbkX51VQU4XcXZDeqI2-IC8jZdn4hR2vI; expires=Sat, 07-May-2022 21:50:52 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Mon, 12 Apr 2021 21:50:52 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
location
https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
/
www.facebook.com/tr/
44 B
258 B
Image
General
Full URL
https://www.facebook.com/tr/?id=713135758770782&ev=PageView&dl=https%3A%2F%2Fmnpdebt.ca%2Fen&rl=&if=false&ts=1618264252851&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&fbp=fb.1.1618264252849.1451852372&it=1618264252547&coo=false&rqm=GET
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 12 Apr 2021 21:50:52 GMT
oct.js
static.ads-twitter.com/ Frame 88EA
Redirect Chain
  • https://platform.twitter.com/oct.js
  • https://static.ads-twitter.com/oct.js
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/oct.js
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
via
1.1 varnish
last-modified
Fri, 04 Dec 2020 00:21:46 GMT
age
72605
etag
"cbc512946c8abb461c6215ed5b454e5f+gzip"
vary
Accept-Encoding,Host
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-encoding
gzip
cache-control
no-cache
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
1957
x-timer
S1618264253.909299,VS0,VE0
x-served-by
cache-hhn11523-HHN

Redirect headers

x-tw-cdn
VZ
Date
Mon, 12 Apr 2021 21:50:52 GMT
Server
ECS (frb/67F3)
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Location
https://static.ads-twitter.com/oct.js
Content-Length
0
ytc.js
s.yimg.com/wi/ Frame 88EA
15 KB
6 KB
Script
General
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

ats-carp-promotion
1
date
Mon, 12 Apr 2021 21:45:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
350
x-amz-server-side-encryption
AES256
vary
Origin, Accept-Encoding
content-length
5581
x-amz-id-2
lD74fwRrW3C8Ta7WZweCv8beMUxXurg6TXqnLqAzpXM+gcHxiKMuQIBUB1NHimQ8dlFeQJ9z160=
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Sat, 30 Oct 2021 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Thu, 24 Sep 2020 23:08:16 GMT
server
ATS
etag
"49db10c8315384e8dad2e92a6841ed81-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=15552000
x-amz-request-id
ZSNNDXYXDE96AQ2N
x-xss-protection
1; mode=block
cache-control
public,max-age=3600
x-amz-version-id
swANRqp_TdPZf97XDKuCKoVnrp7c.h.0
accept-ranges
bytes
content-type
application/javascript
spp.pl
sp.analytics.yahoo.com/ Frame 88EA
43 B
964 B
Image
General
Full URL
https://sp.analytics.yahoo.com/spp.pl?a=10001994968666&.yp=419514&js=no
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
212.82.100.181 , United Kingdom, ASN34010 (YAHOO-IRD, GB),
Reverse DNS
spdc.pbp.vip.ir2.yahoo.com
Software
ATS /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 21:50:53 GMT
X-Content-Type-Options
nosniff
Age
0
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Server
ATS
X-Frame-Options
DENY
Expect-CT
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security
max-age=31536000
Content-Type
image/gif
Cache-Control
no-cache, private, must-revalidate
Accept-Ranges
bytes
Expires
Mon, 12 Apr 2021 21:50:53 GMT
conversion.js
www.googleadservices.com/pagead/ Frame 88EA
43 KB
17 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f2.1e100.net
Software
cafe /
Resource Hash
f8e03ff588e0a7e35bb5fb0f0916145174f696aa35d4d3b86001fca66b77d7a0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16557
x-xss-protection
0
server
cafe
etag
2199525623091866667
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 12 Apr 2021 21:50:53 GMT
quant.js
secure.quantserve.com/ Frame 88EA
23 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/quant.js
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
etag
"YoFsxqR3BwPygbSjh02Dug=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 19 Apr 2021 21:50:52 GMT
fbevents.js
connect.facebook.net/en_US/ Frame 88EA
91 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
86cc35989be655e6cbe68540cf835dec34388862a948fbd05850100797c32319
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23784
x-fb-rlafr
0
pragma
public
x-fb-debug
st00nbgjqqxLZyPxj5z/+u8EobaGUYdd2bWhxL4IQTniBi3hNJ5NvB6LGfJbDLuGuPzQnl/DUT/oeFtz2PXCGg==
x-fb-trip-id
1512268381
x-frame-options
DENY
date
Mon, 12 Apr 2021 21:50:52 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
aquant.js
secure.quantserve.com/ Frame 88EA
23 KB
9 KB
Script
General
Full URL
https://secure.quantserve.com/aquant.js?a=p-fh1NJZWEagV-u
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
etag
"YoFsxqR3BwPygbSjh02Dug=="
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, max-age=604800
accept-ranges
bytes
expires
Mon, 19 Apr 2021 21:50:52 GMT
rules-p-fh1NJZWEagV-u.js
rules.quantcount.com/ Frame 88EA
1 KB
1014 B
Script
General
Full URL
https://rules.quantcount.com/rules-p-fh1NJZWEagV-u.js
Requested by
Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2182:f000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
925c82198edb5ac67c27430505b1610d8ff39c4e2dc660ad811ca2678ec0de99

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:52 GMT
content-encoding
gzip
last-modified
Tue, 11 Apr 2017 00:07:07 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-C1
etag
W/"6150708d98a04c0c0a0553abdd997eb8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
via
1.1 77d8cf253666facea1bbe67902fcbbc1.cloudfront.net (CloudFront)
cache-control
max-age=3600
x-amz-cf-id
A_8Q2G-umQQg7dJC1t5J4fmogMx1iZb1xqVZXliYvO2pYlRV7dE6vw==
pixel;r=1554045782;labels=_fp.event.Default;rf=0;a=p-fh1NJZWEagV-u;url=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285...
pixel.quantserve.com/ Frame 88EA
35 B
210 B
Image
General
Full URL
https://pixel.quantserve.com/pixel;r=1554045782;labels=_fp.event.Default;rf=0;a=p-fh1NJZWEagV-u;url=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen;ref=https%3A%2F%2Fadservice.google.com%2F;uht=2;fpan=1;fpa=P0-1752663586-1618264252917;ns=1;ce=1;qjs=1;qv=e576aef5-20210317211205;cm=;gdpr=0;d=4653320.fls.doubleclick.net;je=0;sr=1600x1200x24;dst=1;et=1618264252917;tzo=-120;ogl=
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 21:50:52 GMT
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
strict-transport-security
max-age=86400
expires
Fri, 04 Aug 1978 12:00:00 GMT
adsct
t.co/i/ Frame 88EA
43 B
170 B
Image
General
Full URL
https://t.co/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ntgdw&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fadservice.google.com%2F&tw_document_href=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
113
pragma
no-cache
last-modified
Mon, 12 Apr 2021 21:50:53 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
86b985a886e3ad4c0a3c77aff3aa5438
x-transaction
00bcd71000d84014
expires
Tue, 31 Mar 1981 05:00:00 GMT
1649024585402369
connect.facebook.net/signals/config/ Frame 88EA
241 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1649024585402369?v=2.9.33&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2c5cf5dfba474b889dea054856b3bd4a57f4b2870eac93a759158760076d6dd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
70640
x-fb-rlafr
0
pragma
public
x-fb-debug
x3jAn52uWud8b3lRxZJeNlBL3KzQRumoWi3hyFdrqrz++fMuRfwTJWxhuJ8ktP2sZiGRc5JxlF0vB080VZkNEg==
x-fb-trip-id
1512268381
x-frame-options
DENY
date
Mon, 12 Apr 2021 21:50:53 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
x-xss-protection
0
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
regionsoffices
mnpdebt.ca/api/feature/forms/
11 KB
2 KB
XHR
General
Full URL
https://mnpdebt.ca/api/feature/forms/regionsoffices
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e65bdc84055873eda29e2b5fd2e564fe07a75d425a95c163fa7da9f736b0b0c

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://mnpdebt.ca/en
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:54 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9iA9c4VB3eNSERPLZG9IgGxW0fLURi0v3A0C3%2FK%2BpSMx5HJQSF7kJcNBGy4iWf5sNqTUzLT2rLVzHzLLXoBfazy2sKRbbT9lx%2BbFK4cFYKrueM7DkkiD"}]}
content-type
application/json; charset=utf-8
cache-control
private
cf-ray
63efac3d4a214dee-FRA
cf-request-id
0969a9fa4a00004deec09cf000000001
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/942746011/ Frame 88EA
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/942746011/?random=1618264253055&cv=9&fst=1618264253055&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
959f9c62df6e4ae8db22a8626300f1bc679f29b3b486e7465859fe0fab1660e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1140
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
iframe
d1eoo1tco6rr5e.cloudfront.net/v0a83xf/br3816j9/ Frame 1135
Redirect Chain
  • https://insight.adsrvr.org/tags/v0a83xf/br3816j9/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/v0a83xf/br3816j9/iframe
134 B
584 B
Document
General
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/v0a83xf/br3816j9/iframe
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.154.171 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-154-171.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
224487affd00bb07834524a7a37bd38f57d6353025e8df36428ff7a5a1a9f22c

Request headers

Host
d1eoo1tco6rr5e.cloudfront.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://4653320.fls.doubleclick.net/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://4653320.fls.doubleclick.net/

Response headers

Content-Type
text/html
Content-Length
134
Connection
keep-alive
Last-Modified
Wed, 03 Sep 2014 14:23:57 GMT
Accept-Ranges
bytes
Server
AmazonS3
Date
Mon, 12 Apr 2021 21:50:53 GMT
ETag
"216976cfd71f47a78ac978ffa8fa33e9"
X-Cache
Hit from cloudfront
Via
1.1 0ee6aea018b9489b266252370f1e002e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-C1
X-Amz-Cf-Id
zNLtlneqrxS16kvmdxDA40eR3FjbfrbePvP-Ow1evMEFwzy65PkQdQ==

Redirect headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-type
text/html; charset=UTF-8
content-length
184
location
https://d1eoo1tco6rr5e.cloudfront.net/v0a83xf/br3816j9/iframe
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
adsct
analytics.twitter.com/i/ Frame 88EA
31 B
652 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=ntgdw&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=1&tw_document_referrer=https%3A%2F%2Fadservice.google.com%2F&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
124
pragma
no-cache
last-modified
Mon, 12 Apr 2021 21:50:53 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
ff239d93a000cc2003f615f7e9f6f394
x-transaction
00f875820029b28b
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
www.google.com/pagead/1p-user-list/942746011/ Frame 88EA
42 B
119 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/942746011/?random=1618264253055&cv=9&fst=1618261200000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3776481423&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 21:50:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/942746011/ Frame 88EA
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/942746011/?random=1618264253055&cv=9&fst=1618261200000&num=1&guid=ON&eid=2505059651&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&frm=2&url=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen&ref=https%3A%2F%2Fadservice.google.com%2F&fmt=3&is_vtc=1&random=3776481423&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 21:50:53 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
713135758770782
connect.facebook.net/signals/config/ Frame 88EA
241 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/713135758770782?v=2.9.33&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
758e5d50f0350d3e66f69a704f01357d673f9c6892b7011910f03d60ebcbfaca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
70678
x-fb-rlafr
0
pragma
public
x-fb-debug
LGeIlAEHC0hK3dmOLFb66QnVjWeXYJ59i8oSVgJb4FWzcOn1CuRjHgT56BZlOfFqnxuem7zGy1E+LU4rmOBzIg==
x-fb-trip-id
1512268381
x-frame-options
DENY
date
Mon, 12 Apr 2021 21:50:53 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
x-xss-protection
0
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ Frame 88EA
44 B
147 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1649024585402369&ev=PageView&dl=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1618264253123&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&it=1618264252988&coo=false&rqm=GET
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 12 Apr 2021 21:50:53 GMT
/
www.facebook.com/tr/ Frame 88EA
44 B
101 B
Image
General
Full URL
https://www.facebook.com/tr/?id=713135758770782&ev=PageView&dl=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1618264253250&sw=1600&sh=1200&v=2.9.33&r=stable&ec=0&o=30&it=1618264252988&coo=false&rqm=GET
Requested by
Host: 4653320.fls.doubleclick.net
URL: https://4653320.fls.doubleclick.net/ddm/fls/r/dc_pre=CM3Fs4_Y-e8CFfGAgwcd4RYIIg;src=4653320;type=41285553;cat=mnp-r0;ord=1;num=4592797237517;gtm=2wg3v0;auiddc=972808823.1618264252;~oref=https%3A%2F%2Fmnpdebt.ca%2Fen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 12 Apr 2021 21:50:53 GMT
/
insight.adsrvr.org/track/evnt/ Frame 1135
70 B
260 B
Image
General
Full URL
https://insight.adsrvr.org/track/evnt/?adv=v0a83xf&ct=0:br3816j9&fmt=3
Requested by
Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/v0a83xf/br3816j9/iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.2.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-2-3.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 12 Apr 2021 21:50:53 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
/
www.facebook.com/tr/
44 B
101 B
Image
General
Full URL
https://www.facebook.com/tr/?id=713135758770782&ev=Microdata&dl=https%3A%2F%2Fmnpdebt.ca%2Fen&rl=&if=false&ts=1618264253354&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22MNP%20Debt%20%7C%20MNP%20LTD%20310-Debt%22%2C%22meta%3Adescription%22%3A%22Consumer%20Proposals%20and%20Bankruptcy%20for%20Over%2050%20Years%20%7C%20MNP%20LTD%20301-DEBT%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22MNP%20Debt%22%2C%22og%3Adescription%22%3A%22Consumer%20Proposals%20and%20Bankruptcy%20for%20Over%2050%20Years%20%7C%20MNP%20LTD%20301-DEBT%22%2C%22og%3Asite_name%22%3A%22MNPDebt.ca%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fmnpdebt.ca%2Fen%22%2C%22og%3Atype%22%3A%22Page%22%2C%22og%3Alocale%22%3A%22en-CA%22%2C%22og%3Aauthor%22%3A%22https%3A%2F%2Fwww.facebook.com%2FMNPDebt%2F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fmnpdebt.ca%2F-%2Fmedia%2Fimages%2Fmnpdebt%2Fbranding%2Fmnp_logoltd343c-png.png%22%2C%22og%3Aimage%3Awidth%22%3A%221011%22%2C%22og%3Aimage%3Aheight%22%3A%22327%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&fbp=fb.1.1618264252849.1451852372&it=1618264252547&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: mnpdebt.ca
URL: https://mnpdebt.ca/en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 12 Apr 2021 21:50:53 GMT
anchor
www.google.com/recaptcha/api2/ Frame 988A
0
0

anchor
www.google.com/recaptcha/api2/ Frame 9531
19 KB
10 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b5993bb8048ad7d2a9a51c09d35c583787aabacc798e5b88d72c9540e2330003
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-vkzq17qQv/x3dX0vIozpBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mnpdebt.ca/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://mnpdebt.ca/

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 12 Apr 2021 21:50:53 GMT
content-security-policy
script-src 'report-sample' 'nonce-vkzq17qQv/x3dX0vIozpBQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10383
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
up
insight.adsrvr.org/track/ Frame 1A8F
0
181 B
Document
General
Full URL
https://insight.adsrvr.org/track/up?adv=i4v66ce&ref=https%3A%2F%2Fmnpdebt.ca%2Fen&upid=nfk090t&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.2.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-2-3.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
insight.adsrvr.org
:scheme
https
:path
/track/up?adv=i4v66ce&ref=https%3A%2F%2Fmnpdebt.ca%2Fen&upid=nfk090t&upv=1.1.0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://mnpdebt.ca/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://mnpdebt.ca/

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-type
text/html
cache-control
private,no-cache, must-revalidate
pragma
no-cache
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
adsct
analytics.twitter.com/i/
31 B
237 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=1.1.1&p_id=Twitter&p_user_id=0&txn_id=nyul5&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fmnpdebt.ca%2Fen
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/oct.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://mnpdebt.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
121
pragma
no-cache
last-modified
Mon, 12 Apr 2021 21:50:53 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
ff239d93a000cc2003f615f7e9f6f394
x-transaction
001cc04500924969
expires
Tue, 31 Mar 1981 05:00:00 GMT
regionsoffices
mnpdebt.ca/api/feature/forms/
11 KB
3 KB
XHR
General
Full URL
https://mnpdebt.ca/api/feature/forms/regionsoffices
Requested by
Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:6049 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e65bdc84055873eda29e2b5fd2e564fe07a75d425a95c163fa7da9f736b0b0c

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://mnpdebt.ca/en
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=qCMqbDnhVx26Rx51qrDRebQJMEv8axoEB5vQxsMHwFaSLathtk3vFezlz3Fxy6aYcvWgLRkiceA6DsI%2FbfLjvVHmRb%2BlGTT7pNufi4YcA2OTRevbXk7U"}]}
content-type
application/json; charset=utf-8
cache-control
private
cf-ray
63efac407f034dee-FRA
cf-request-id
0969a9fc4a00004deeb18de000000001
styles__ltr.css
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame 9531
50 KB
25 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 15:43:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 22 Mar 2021 04:06:11 GMT
server
sffe
age
22016
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25479
x-xss-protection
0
expires
Tue, 12 Apr 2022 15:43:57 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/ Frame 9531
332 KB
130 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 11:15:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38099
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
132755
x-xss-protection
0
last-modified
Mon, 22 Mar 2021 04:06:11 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 12 Apr 2022 11:15:54 GMT
LwzEJkrqzuIpy5ZXdMyVZqsv4pxUDwC8wk7uiqYZWNw.js
www.google.com/js/bg/ Frame 9531
14 KB
6 KB
Script
General
Full URL
https://www.google.com/js/bg/LwzEJkrqzuIpy5ZXdMyVZqsv4pxUDwC8wk7uiqYZWNw.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/5mNs27FP3uLBP3KBPib88r1g/recaptcha__en.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f0cc4264aeacee229cb965774cc9566ab2fe29c540f00bcc24eee8aa61958dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 15:13:43 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 15 Mar 2021 13:00:00 GMT
server
sffe
age
23830
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5706
x-xss-protection
0
expires
Tue, 12 Apr 2022 15:13:43 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 9531
102 B
234 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=5mNs27FP3uLBP3KBPib88r1g
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
755fc16c048c7375eb92052140a46cdb3aeb33046799cb298a0c1e3292b23071
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3hlfje9bln6s
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Mon, 12 Apr 2021 21:50:53 GMT
/
www.facebook.com/tr/ Frame 88EA
44 B
259 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1649024585402369&ev=Microdata&dl=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1618264254643&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&it=1618264252988&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:54 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 12 Apr 2021 21:50:54 GMT
/
www.facebook.com/tr/ Frame 88EA
44 B
101 B
Image
General
Full URL
https://www.facebook.com/tr/?id=713135758770782&ev=Microdata&dl=https%3A%2F%2F4653320.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCM3Fs4_Y-e8CFfGAgwcd4RYIIg%3Bsrc%3D4653320%3Btype%3D41285553%3Bcat%3Dmnp-r0%3Bord%3D1%3Bnum%3D4592797237517%3Bgtm%3D2wg3v0%3Bauiddc%3D972808823.1618264252%3B~oref%3Dhttps%253A%252F%252Fmnpdebt.ca%252Fen&rl=https%3A%2F%2Fadservice.google.com%2F&if=true&ts=1618264254757&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.33&r=stable&ec=1&o=30&it=1618264252988&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de , United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://4653320.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 12 Apr 2021 21:50:54 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 12 Apr 2021 21:50:54 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com
URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LchOswZAAAAAExqv__mYOvUeAutmKH1O2lM_u57&co=aHR0cHM6Ly9tbnBkZWJ0LmNhOjQ0Mw..&hl=en&v=5mNs27FP3uLBP3KBPib88r1g&size=invisible&badge=inline&cb=3ijo97gwxgi0

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dataLayer function| subscribeEvent function| unsubscribeEvent function| startActivityHandler function| placeCheckerRequest function| placeCssAspxRequest function| timeoutSleep function| getMetatagContent object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| _qevents function| $ function| jQuery object| bootstrap object| Search function| SendDataConsultationForm function| ResetConsultationForm function| GetOffices function| SendDataOfficeContactForm function| SendDataPersonnelContactForm function| SendDataBlogContactForm function| SendDataTestimonialForm function| GetTestimonialOffices object| mnp function| olark object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| onYouTubeIframeAPIReady object| $tabs object| gaplugins object| gaGlobal object| gaData function| quantserve function| __qc object| ezt object| _qoptions function| qtrack object| recaptcha function| ttd_dom_ready function| TTDUniversalPixelApi object| twttr object| closure_lm_118452 number| consultationFormWidget

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4653320.fls.doubleclick.net
adservice.google.com
adservice.google.de
analytics.twitter.com
bankruptcysaskatchewan.ca
code.jquery.com
connect.facebook.net
d1eoo1tco6rr5e.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
insight.adsrvr.org
js.adsrvr.org
mnpdebt.ca
pixel.quantserve.com
platform.twitter.com
rules.quantcount.com
s.yimg.com
secure.quantserve.com
sp.analytics.yahoo.com
static.ads-twitter.com
static.olark.com
stats.g.doubleclick.net
t.co
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.google.com
104.244.42.131
104.244.42.69
13.226.146.155
13.226.154.171
142.250.74.198
172.217.16.130
199.232.136.157
2001:4de0:ac18::1:a:3b
212.82.100.181
2600:9000:2182:f000:6:44e3:f8c0:93a1
2606:2800:234:59:254c:406:2366:268c
2606:4700:20::ac43:6049
2606:4700:3033::6815:2997
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:80:800::7000
2a00:1450:4001:801::200a
2a00:1450:4001:808::2003
2a00:1450:4001:809::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:80f::200e
2a00:1450:4001:813::2003
2a00:1450:4001:813::2004
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a00:1450:400c:c1b::9a
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
52.30.2.3
93.184.220.42
067cc995531f1cb16875cc806d500fe69d91e059b67ce468aa8a5c3280bcafa1
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13a9819211c3b9d53bbc070799f1e189a2e81f38476d0490b51a53031c902b53
16d7d7227f6d8251224d32cd45c81633a3a9d63bf35cd84b1d99d389becb5030
1cf458acc26fd5be1cc1ad94b164e5a05f97af3ea6b2686c154fadd61a1219cf
224487affd00bb07834524a7a37bd38f57d6353025e8df36428ff7a5a1a9f22c
2717dcc1ddd778f68223461ebd53610370e7617b6c74366bfc16a1e6e979cc58
27e9001a7511027e8f8fd223f360f1a694367cf4eb6c213cc171c0a88497944e
2ac1a4801e272ff65af96fd5d0be301dc4e26efb877a9777950dd42811f5ea45
2c5cf5dfba474b889dea054856b3bd4a57f4b2870eac93a759158760076d6dd7
2f0cc4264aeacee229cb965774cc9566ab2fe29c540f00bcc24eee8aa61958dc
3a27f7f9b8e439e14b04e3346419308a0c2bb01fbd668e4a0f04027446511a45
3bcd802e9f77849e7c1e93c87279fbbb04d45949d2be79b03566ceacde29b158
4cf52cc73734aa71f26f6a10be9aeec89602af45bf0f9abd5c8445a076c1ae1a
570ff0550f9c0a2c1a05c087ba47d3a9d7ff7de281367b28b811945396f2ed6c
5e65bdc84055873eda29e2b5fd2e564fe07a75d425a95c163fa7da9f736b0b0c
62038998c1ec09d4cc2e746d08d3e16a417bb5697b90fa918ce56a820514c700
63896532a7015ab5b7288359c02124980a5075e9267f0ba3fbfc7c3f5038b478
6b08ea3a348838bc942ad470a757575975bd09459b63c1872c6e1129a6ca1939
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
755fc16c048c7375eb92052140a46cdb3aeb33046799cb298a0c1e3292b23071
758e5d50f0350d3e66f69a704f01357d673f9c6892b7011910f03d60ebcbfaca
75a25aa822f4dbf0021bd3ca3b6f5a0f4f78f6d9ceffe56c73313d908a6434c2
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84d12b55467e8510c7e91b0c10109decd5bdd14881381252dbe13485e78d77cc
86cc35989be655e6cbe68540cf835dec34388862a948fbd05850100797c32319
8c7f96ede157fa378f00cc1c6bf9f2ac8a7bbbd96c3d3a3a285c50b6711f9f9c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
925c82198edb5ac67c27430505b1610d8ff39c4e2dc660ad811ca2678ec0de99
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
959f9c62df6e4ae8db22a8626300f1bc679f29b3b486e7465859fe0fab1660e0
9735a5d3f4128ed051cdec18354519961f2d53d75931d88cd1018ec2ca2f9f1e
976f29c8a8ee58439d74e1f1bb53120ad3092de25cc8cc1c5283f012dc906464
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a7f9e7a2d341405aee543386774260e2907c72c25c2c6d32da5c248ea88dc3ba
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b2993c26dee73b35f7a11de5aa4c3252752ab0e002084cf85c351994fec4c9d4
b5993bb8048ad7d2a9a51c09d35c583787aabacc798e5b88d72c9540e2330003
b641501a113990314b6d9bc19914d1f3d3e4b55922b3de82faf0e5251dab1c30
bb9185b7c83f7eaa5e493441f9acb59dea62954cee04030563f4c8bb7dff4518
c12a1af7f1e9da6e33672c5aff3e74f631c174033fc65f5a50a04278fc57e880
ddb7aa10eb158d87b05d5c3ad89d6dd5dc12fc61732277e22c9a8929b85bb96d
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e1874082bd99e6767417fe084a4f62d0069239ef923dfbaed3becdf8ac60fa5e
e1a52c0a06fa9f65e015b02e7ec463fd621211a9d2ae44b6660597900e927fbb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec361bce3349b6cbb5e414df65c58151bf4ad12078c6fc15ffd9dffcfbfa92d6
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
f8e03ff588e0a7e35bb5fb0f0916145174f696aa35d4d3b86001fca66b77d7a0
fcd9c866bfe575533162c0ef31f4d5477778165dc6489291f29319be5538aa57