pab-dgab-aafc-aac.microsoftcrmportals.com Open in urlscan Pro
52.233.38.143 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
Submission: On November 18 via api (November 18th 2020, 1:52:03 am UTC) from US

Summary HTTP 30 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 8 domains to perform 30 HTTP transactions. The main IP is 52.233.38.143, located in Toronto, Canada and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pab-dgab-aafc-aac.microsoftcrmportals.com.
TLS certificate: Issued by Microsoft Azure TLS Issuing CA 06 on October 12th 2020. Valid for: a year.

This is the only time pab-dgab-aafc-aac.microsoftcrmportals.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canadian Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	52.233.38.143 52.233.38.143	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	23.111.9.35 23.111.9.35	33438 (HIGHWINDS2) (HIGHWINDS2)
1 13	2a02:26f0:6c0... 2a02:26f0:6c00:2a0::fe9	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
1	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:814::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81e::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
2	52.237.33.21 52.237.33.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	20.190.137.1 20.190.137.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
30	10

1 52.233.38.143 (Toronto, Canada)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pab-dgab-aafc-aac.microsoftcrmportals.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a02:26f0:6c00:2a0::fe9 (Ascension Island) 1 redirects

ASN20940 (AKAMAI-ASN1, EU)

www.canada.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

mktdplp102cdn.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

mktdplp102ccda.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.237.33.21 (Toronto, Canada)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

539a2768f2c54e019d905f729a0b8467.svc.dynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.190.137.1 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

client.hip.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wus.client.hip.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	canada.ca 1 redirects www.canada.ca	180 KB
5	gstatic.com fonts.gstatic.com	58 KB
4	live.com client.hip.live.com wus.client.hip.live.com	28 KB
3	googleapis.com ajax.googleapis.com fonts.googleapis.com	76 KB
2	dynamics.com 539a2768f2c54e019d905f729a0b8467.svc.dynamics.com	235 B
2	azureedge.net mktdplp102cdn.azureedge.net mktdplp102ccda.azureedge.net	83 KB
1	fontawesome.com use.fontawesome.com	14 KB
1	microsoftcrmportals.com pab-dgab-aafc-aac.microsoftcrmportals.com	10 KB
30	8

	Domain	Requested by
13	www.canada.ca	1 redirects pab-dgab-aafc-aac.microsoftcrmportals.com www.canada.ca
5	fonts.gstatic.com	fonts.googleapis.com
3	wus.client.hip.live.com
2	539a2768f2c54e019d905f729a0b8467.svc.dynamics.com	mktdplp102cdn.azureedge.net
2	fonts.googleapis.com	www.canada.ca
1	client.hip.live.com	mktdplp102cdn.azureedge.net
1	ajax.googleapis.com	pab-dgab-aafc-aac.microsoftcrmportals.com
1	mktdplp102ccda.azureedge.net	pab-dgab-aafc-aac.microsoftcrmportals.com
1	mktdplp102cdn.azureedge.net	pab-dgab-aafc-aac.microsoftcrmportals.com
1	use.fontawesome.com	pab-dgab-aafc-aac.microsoftcrmportals.com
1	pab-dgab-aafc-aac.microsoftcrmportals.com
30	11

This site contains links to these domains. Also see Links.

Domain
www.canada.ca
travel.gc.ca
international.gc.ca
www.agr.gc.ca
laws-lois.justice.gc.ca
laws.justice.gc.ca
azure.microsoft.com
www.microsoft.com
pm.gc.ca
open.canada.ca
www1.canada.ca

Subject Issuer	Validity	Valid
*.microsoftcrmportals.com Microsoft Azure TLS Issuing CA 06	`2020-10-12` - `2021-10-07`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-13` - `2021-12-14`	a year	crt.sh
*.canada.ca GeoTrust RSA CA 2018	`2020-03-30` - `2021-04-29`	a year	crt.sh
*.vo.msecnd.net Microsoft IT TLS CA 2	`2020-03-18` - `2022-03-18`	2 years	crt.sh
sni21725gl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-09-01` - `2021-09-09`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.svc.dynamics.com Microsoft RSA TLS CA 01	`2020-10-02` - `2021-10-02`	a year	crt.sh
client.hip.live.com DigiCert SHA2 Secure Server CA	`2020-10-06` - `2021-10-06`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
Frame ID: 1D1FD1E1985419CA69567CC0ACA04A3E
Requests: 29 HTTP requests in this frame

Frame: https://539a2768f2c54e019d905f729a0b8467.svc.dynamics.com/t/c/2SvG7z4eVySIsrt5Q3UgpiKXI8Tc0PL2PkUDFVJZYWk?trackwebsitevisited=true&ad=https%3A%2F%2Fpab-dgab-aafc-aac.microsoftcrmportals.com%2Fsubscription%2F&rf=&id=2058594116&formPageIds=66671c4d-5ae1-ea11-a813-000d3a0c94a6
Frame ID: 80618082C5B026180504974F4A670474
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

30
Requests

100 %
HTTPS

60 %
IPv6

8
Domains

11
Subdomains

10
IPs

5
Countries

448 kB
Transfer

1306 kB
Size

6
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://www.canada.ca/en.html
Title: Government of Canada / Gouvernement du Canada

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/jobs.html
Title: Jobs and the workplace

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/immigration-citizenship.html
Title: Immigration and citizenship

Search URL Search Domain Scan URL

URL: https://travel.gc.ca/
Title: Travel and tourism

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/business.html
Title: Business and industry

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/benefits.html
Title: Benefits

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/health.html
Title: Health

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/taxes.html
Title: Taxes

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/environment.html
Title: Environment and natural resources

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/defence.html
Title: National security and defence

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/culture.html
Title: Culture, history and sport

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/policing.html
Title: Policing, justice and emergencies

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/transport.html
Title: Transport and infrastructure

Search URL Search Domain Scan URL

URL: http://international.gc.ca/world-monde/index.aspx?lang=eng
Title: Canada and the world

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/finance.html
Title: Money and finances

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/services/science.html
Title: Science and innovation

Search URL Search Domain Scan URL

URL: http://www.agr.gc.ca/eng/home/?id=1395690825741
Title: Agriculture and Agri-Food Canada

Search URL Search Domain Scan URL

URL: https://www.agr.gc.ca/eng/?id=1360882573376
Title: Contact Agriculture and Agri-Food Canada

Search URL Search Domain Scan URL

URL: https://www.agr.gc.ca/eng/?id=1416932161986
Title: Email Subscription Service

Search URL Search Domain Scan URL

URL: https://www.agr.gc.ca/eng/news-from-agriculture-and-agri-food-canada/agri-info-newsletter/?id=1419351635969
Title: Agri-info

Search URL Search Domain Scan URL

URL: https://www.agr.gc.ca/eng/about-our-department/terms-and-conditions/?id=1367245286657
Title: terms and conditions

Search URL Search Domain Scan URL

URL: https://laws-lois.justice.gc.ca/eng/acts/P-21/FullText.html
Title: Privacy Act

Search URL Search Domain Scan URL

URL: https://laws.justice.gc.ca/eng/acts/A-9/FullText.html
Title: Department of Agriculture and Agri-Food Act

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/access-information/information-about-programs-information-holdings/standard-personal-information-banks.html#psu914
Title: AAFC PSU 914 (Public Communications)

Search URL Search Domain Scan URL

URL: https://azure.microsoft.com/en-ca/global-infrastructure/locations/
Title: Microsoft Azure data centres

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-ca/trust-center/privacy
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/licensing/product-licensing/products
Title: licensing terms

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/report-problem.html
Title: Report a problem on this page

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/contact.html
Title: Contact us

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/government/dept.html
Title: Departments and agencies

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/government/publicservice.html
Title: Public service and military

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/news.html
Title: News

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/government/system/laws.html
Title: Treaties, laws and regulations

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/transparency/reporting.html
Title: Government-wide reporting

Search URL Search Domain Scan URL

URL: https://pm.gc.ca/eng
Title: Prime Minister

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/government/system.html
Title: How government works

Search URL Search Domain Scan URL

URL: https://open.canada.ca/en/
Title: Open government

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/social.html
Title: Social media

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/mobile.html
Title: Mobile applications

Search URL Search Domain Scan URL

URL: https://www1.canada.ca/en/newsite.html
Title: About Canada.ca

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/transparency/terms.html
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: https://www.canada.ca/en/transparency/privacy.html
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/noscript.min.css HTTP 302
https://www.canada.ca/errors/403.html

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/ 25 KB
10 KB 821ms
426ms Document
text/html 52.233.38.143
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.233.38.143 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

7072aa8ec993dfe20d379d588d6edcc492ef9e4df294f751f3f2904aa9118ef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: pab-dgab-aafc-aac.microsoftcrmportals.com
:scheme: https
:path: /subscription/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: no-cache
pragma: no-cache
content-length: 9341
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
set-cookie: Dynamics365PortalAnalytics=JnOSsQH5Jc2BpTq3n4eY27wl_V5M35QYWbx-gkZDsW5p-7PExJZoQNzMtBv3qUGQiCJEpJHVbitsk-eaRWdI2ZEzG4ELDBOceCnXK3xz3ayFlKuqu6WUHe_-LaaWLF2PkWfXaxjRHkBl411m0UCITA2; expires=Tue, 16-Feb-2021 01:51:45 GMT; path=/; secure; HttpOnly; SameSite=None ASP.NET_SessionId=dqhyvaxaesua5al4vxqg0kh2; path=/; secure; HttpOnly; SameSite=None ARRAffinity=e9ce56a3118e29ad383ac05f9ac32d43894b4d3b6dcc2cb857e3b2d0bbfbf0a5;Path=/;HttpOnly;Secure;Domain=pab-dgab-aafc-aac.microsoftcrmportals.com ARRAffinitySameSite=e9ce56a3118e29ad383ac05f9ac32d43894b4d3b6dcc2cb857e3b2d0bbfbf0a5;Path=/;HttpOnly;SameSite=None;Secure;Domain=pab-dgab-aafc-aac.microsoftcrmportals.com
x-ms-request-id: 531297fb-fcae-493e-bb17-a756895b3429
x-ms-portal-app: site-8d701412-57c0-4adb-bac2-55092534b821-CAc
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 18 Nov 2020 01:51:44 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.8.1/css/ 54 KB
14 KB 78ms
28ms Stylesheet
text/css 23.111.9.35
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Requested by: Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
last-modified: Thu, 21 Mar 2019 21:31:35 GMT
server: NetDNA-cache/2.2
status: 200
etag: W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
vary: Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=31556926
x-cache: HIT

GET
H2 200 theme.min.css
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/ 324 KB
68 KB 376ms
353ms Stylesheet
text/css 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css

Requested by

Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

bc0d5d2c5f72bc534d368cc25a71b1c5fbaf4c59baa5464f193d2793d40872a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
content-disposition: attachment
server-timing: cdn-cache; desc=HIT, edge; dur=343
content-length: 68965
last-modified: Thu, 12 Dec 2019 17:20:16 GMT
server: Apache
etag: "50ffd-59984f56f5400-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css
access-control-allow-origin: *
accept-ranges: bytes

GET
H2

200

403.html
www.canada.ca/errors/
Redirect Chain

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/noscript.min.css
https://www.canada.ca/errors/403.html

0
0

122ms
121ms

Stylesheet
text/html

2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.canada.ca/errors/403.html
Requested by: Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *

Redirect headers

x-dispatcher: dispatcher2useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
status: 302
server: Apache
location: https://www.canada.ca/errors/403.html
x-vhost: publish
strict-transport-security: max-age=31536000
content-type: text/html; charset=iso-8859-1
access-control-allow-origin: *
cache-control: no-cache
server-timing: cdn-cache; desc=REVALIDATE, edge; dur=106, origin; dur=23
content-length: 221

GET
H2 200 cdtsnoscript.css
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/cdts/ 401 B
632 B 335ms
312ms Stylesheet
text/css 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/cdts/cdtsnoscript.css

Requested by

Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

0e964df531a12c9b5c6369024d6d42ed41aa99207ff2ed06cc66e082d7e7ec0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher2useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=295
vary: Accept-Encoding
content-length: 294
last-modified: Thu, 12 Dec 2019 17:20:16 GMT
server: Apache
etag: "191-59984f56f5400-gzip"
strict-transport-security: max-age=31536000
content-type: text/css
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 form-loader.js Show response
mktdplp102cdn.azureedge.net/public/latest/js/ 264 KB
58 KB 28ms
7ms Script
application/x-javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.63.1039.0
Requested by: Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8E8D) /
Resource Hash: 2344929748100b755e57ec27333d3f6ae41a823e7c8699380e81d97e9aa6aa50

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 18 Nov 2020 01:51:45 GMT
content-encoding: gzip
content-md5: Fe1H4MIQ2edwHKTudQLXmA==
age: 383950
x-cache: HIT
status: 200
content-length: 58444
x-ms-lease-status: unlocked
last-modified: Fri, 13 Nov 2020 15:07:54 GMT
server: ECAcc (frc/8E8D)
etag: 0x8D887E5E57DBE87
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: ce7ffe06-001e-004d-7ccf-b99c4f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Content-Language,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19

GET
H2 200 sig-blk-en.svg
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/assets/ 10 KB
3 KB 114ms
113ms Image
image/svg+xml 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/assets/sig-blk-en.svg

Requested by

Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

b2e36d892559ddef5691afa5bfba0996945fade837eb649bf6761f583ed95007

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
content-disposition: attachment
server-timing: cdn-cache; desc=HIT, edge; dur=104
content-length: 2847
last-modified: Thu, 12 Dec 2019 17:20:16 GMT
server: Apache
etag: "2749-59984f56f5400-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 iR5CCc8wimkKh6IN4K1TlR6mpatXXiMOJwDwpYSgfUE!
mktdplp102ccda.azureedge.net/org-539a2768f2c54e019d905f729a0b8467/7d59260c-9eca-ea11-a812-000d3a0c94a6/ 25 KB
25 KB 690ms
615ms Image
image/jpeg 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mktdplp102ccda.azureedge.net/org-539a2768f2c54e019d905f729a0b8467/7d59260c-9eca-ea11-a812-000d3a0c94a6/iR5CCc8wimkKh6IN4K1TlR6mpatXXiMOJwDwpYSgfUE!
Requested by: Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 717911bd8136959851c9d82dcdcb021966d75e43aa067a1bd564fd84632b73f2

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Wed, 18 Nov 2020 01:51:46 GMT
last-modified: Mon, 20 Jul 2020 15:31:18 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: zB9f4FhORcuSluqhhz6xkw==
etag: 0x8D82CC1F2AC4BC5
status: 200
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 3afdb707-101e-0065-354d-bd2c05000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version: 2009-09-19
content-length: 25132

GET
H2 200 wmms-blk.svg
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/assets/ 5 KB
2 KB 309ms
309ms Image
image/svg+xml 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/assets/wmms-blk.svg

Requested by

Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

dc827f391db1b0a6917a1773e98731ab7901dd9897f0ad46c0f797f27f279487

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
content-disposition: attachment
server-timing: cdn-cache; desc=HIT, edge; dur=297
content-length: 1765
last-modified: Thu, 12 Dec 2019 17:20:16 GMT
server: Apache
etag: "129d-59984f56f5400-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: image/svg+xml
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 jquery.js Show response
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 252 KB
75 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:814::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.js

Requested by

Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 16 Nov 2020 12:29:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134536
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 76645
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Nov 2021 12:29:30 GMT

GET
H2 200 wet-boew.min.js Show response
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/ 138 KB
49 KB 114ms
110ms Script
application/javascript 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/wet-boew.min.js

Requested by

Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

0aeb1b76b758fea35516e817ee396cba88c74a993086b567d1a1a732b1b80f4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=101
vary: Accept-Encoding
content-length: 49581
last-modified: Mon, 02 Mar 2020 17:19:34 GMT
server: Apache
etag: "229a3-59fe26413d580-gzip"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 theme.min.js Show response
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/ 41 KB
15 KB 317ms
316ms Script
application/javascript 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/theme.min.js

Requested by

Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

84e00a75ed1e12a553a1620c3d92f55623a326484123ec68af09e5beac4589d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
content-disposition: attachment
server-timing: cdn-cache; desc=HIT, edge; dur=306
content-length: 14643
last-modified: Mon, 02 Mar 2020 17:19:34 GMT
server: Apache
etag: "a202-59fe26413d580-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes

GET
H2 200 css
fonts.googleapis.com/ 10 KB
983 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Requested by

Host: www.canada.ca
URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

947c4d0260450501c151beff57f51795758dfd8f2b9f57cc7e1069c5ca9acb3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 01:16:03 GMT
server: ESF
date: Wed, 18 Nov 2020 01:51:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Nov 2020 01:51:46 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
553 B 26ms
25ms Stylesheet
text/css 2a00:1450:4001:81e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext

Requested by

Host: www.canada.ca
URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a44bbd41a152df40ae99043e510a51da8ad97dadd3f28d1c21be248a4bd98942

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 18 Nov 2020 01:51:46 GMT
server: ESF
date: Wed, 18 Nov 2020 01:51:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 18 Nov 2020 01:51:46 GMT

GET
H2 200 landscape.png
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/assets/ 4 KB
4 KB 303ms
303ms Image
image/png 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/assets/landscape.png

Requested by

Host: www.canada.ca
URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

66621afacc07ef4f3ce58fc15572f1d871c14a3f4315334f5a1f3ba282e366ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher2useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2019 17:20:16 GMT
server: Apache
status: 200
etag: "101f-59984f56f5400"
x-vhost: publish
strict-transport-security: max-age=31536000
content-type: image/png
access-control-allow-origin: *
server-timing: cdn-cache; desc=HIT, edge; dur=295
accept-ranges: bytes
content-length: 4127

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2
fonts.gstatic.com/s/notosans/v11/ 10 KB
10 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v11/o-0NIpQlx3QUlC5A4PNjXhFVZNyBx2pqPA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 15 Nov 2020 15:38:32 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 23:58:43 GMT
server: sffe
age: 209594
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10116
x-xss-protection: 0
expires: Mon, 15 Nov 2021 15:38:32 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v17/ 14 KB
14 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 13 Nov 2020 08:17:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:25 GMT
server: sffe
age: 408864
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14176
x-xss-protection: 0
expires: Sat, 13 Nov 2021 08:17:22 GMT

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2
fonts.gstatic.com/s/notosans/v11/ 10 KB
10 KB 10ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v11/o-0IIpQlx3QUlC5A4PNr5TRASf6M7Q.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 15 Nov 2020 16:55:12 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 23:50:56 GMT
server: sffe
age: 204994
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10292
x-xss-protection: 0
expires: Mon, 15 Nov 2021 16:55:12 GMT

GET
H2 200 glyphicons-halflings-regular.woff2
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/fonts/ 32 KB
15 KB 122ms
110ms Font
application/font-woff2 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: www.canada.ca
URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

62a9322e1497d969db9904bece61e6fc4f7924c98577b9ce638d41e7336b4bbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher1useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=101
content-length: 15208
last-modified: Thu, 12 Dec 2019 17:20:16 GMT
server: Apache
etag: "7e7c-59984f56f5400-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v17/ 14 KB
14 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 17 Nov 2020 11:20:39 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:59 GMT
server: sffe
age: 52267
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14044
x-xss-protection: 0
expires: Wed, 17 Nov 2021 11:20:39 GMT

GET
H2 200 o-0OIpQlx3QUlC5A4PNr4ARCQ_mu72Bi.woff2
fonts.gstatic.com/s/notosans/v11/ 10 KB
10 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v11/o-0OIpQlx3QUlC5A4PNr4ARCQ_mu72Bi.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c2ddc7ecb5eeea8aab81e769502a91a1295e7d7fe409c6a4676616344ba30cca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://fonts.googleapis.com/css?family=Noto+Sans:400,700,400italic,700italic&subset=latin,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 15 Nov 2020 18:35:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 24 Sep 2020 23:50:48 GMT
server: sffe
age: 198999
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9976
x-xss-protection: 0
expires: Mon, 15 Nov 2021 18:35:07 GMT

GET
H2 404 .min.js
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/i18n/ 0
0 176ms
176ms Image
text/html 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/i18n/.min.js
Requested by: Host: pab-dgab-aafc-aac.microsoftcrmportals.com
URL: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *

GET
H2 200 glyphicons-halflings-regular.woff
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/fonts/ 23 KB
23 KB 132ms
132ms Font
application/x-font-woff 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/fonts/glyphicons-halflings-regular.woff

Requested by

Host: www.canada.ca
URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),

Reverse DNS

Software

Apache /

Resource Hash

a26394f7ede100ca118eff2eda08596275a9839b959c226e15439557a5a80742

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Origin: https://pab-dgab-aafc-aac.microsoftcrmportals.com
Referer: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/css/theme.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-dispatcher: dispatcher2useast1
date: Wed, 18 Nov 2020 01:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-vhost: publish
status: 200
content-disposition: attachment
server-timing: cdn-cache; desc=HIT, edge; dur=123
content-length: 23138
last-modified: Thu, 12 Dec 2019 17:20:16 GMT
server: Apache
etag: "5b80-59984f56f5400-gzip"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: application/x-font-woff
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 2SvG7z4eVySIsrt5Q3UgpiKXI8Tc0PL2PkUDFVJZYWk
539a2768f2c54e019d905f729a0b8467.svc.dynamics.com/t/c/ Frame 8061 0
0 1252ms
921ms Document
text/html 52.237.33.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://539a2768f2c54e019d905f729a0b8467.svc.dynamics.com/t/c/2SvG7z4eVySIsrt5Q3UgpiKXI8Tc0PL2PkUDFVJZYWk?trackwebsitevisited=true&ad=https%3A%2F%2Fpab-dgab-aafc-aac.microsoftcrmportals.com%2Fsubscription%2F&rf=&id=2058594116&formPageIds=66671c4d-5ae1-ea11-a813-000d3a0c94a6

Requested by

Host: mktdplp102cdn.azureedge.net
URL: https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.63.1039.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.237.33.21 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: 539a2768f2c54e019d905f729a0b8467.svc.dynamics.com
:scheme: https
:path: /t/c/2SvG7z4eVySIsrt5Q3UgpiKXI8Tc0PL2PkUDFVJZYWk?trackwebsitevisited=true&ad=https%3A%2F%2Fpab-dgab-aafc-aac.microsoftcrmportals.com%2Fsubscription%2F&rf=&id=2058594116&formPageIds=66671c4d-5ae1-ea11-a813-000d3a0c94a6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/

Response headers

status: 200
content-type: text/html; charset=utf-8
content-encoding: gzip
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
set-cookie: 79f08280-5c63-4331-b04d-fb6f39afda51=9diEb1brDg3yBOxkgVyCyoReCggWLfFkehP87_D-uQA; expires=Fri, 18 Nov 2022 01:51:47 GMT; path=/; secure; httponly; SameSite=None 319af4c0-e197-4de9-8a9b-fe98c8a2ca04=9diEb1brDg3yBOxkgVyCyoReCggWLfFkehP87_D-uQA; path=/; secure; httponly; SameSite=None
x-activity-id: 40b32126-cc1b-4a87-b2eb-0252a0e9a53b
x-ms-activity-id: 40b32126-cc1b-4a87-b2eb-0252a0e9a53b
api-deprecated: False
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 18 Nov 2020 01:51:47 GMT

GET
H2 404 .min.js
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/i18n/ 0
0 10ms
10ms Script
text/html 2a02:26f0:6c00:2a0::fe9
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/i18n/.min.js
Requested by: Host: www.canada.ca
URL: https://www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32/js/wet-boew.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a0::fe9 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *

GET
H/1.1 200
OK WLSPHIP0 Show response
client.hip.live.com/GetHIP/Getwlsphip0/ 23 KB
8 KB 1158ms
1080ms Script
application/x-javascript 20.190.137.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://client.hip.live.com/GetHIP/Getwlsphip0/WLSPHIP0?fid=0767448ac03259236daf75b5058495c3&id=mktdplp102&type=visual&mkt=en&rnd=d78801d1c59e7d74f412ab749e16592d

Requested by

Host: mktdplp102cdn.azureedge.net
URL: https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.63.1039.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.190.137.1 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

9fcb537c5461fe726488226eafb8311e79e081d797f65520a8956494d28c4e34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Wed, 18 Nov 2020 01:51:48 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
x-ms-request-id: 9cdf6e25-95c4-4c22-bcab-c62cface1993
x-ms-version: 1.0.1016.0
Content-Length: 8182
x-ms-server: HIPPRDWUS000001

POST
H2 200 dedfa152-ba32-4329-bc91-ea8072a2ec8f Show response
539a2768f2c54e019d905f729a0b8467.svc.dynamics.com/f/m/66671c4d-5ae1-ea11-a813-000d3a0c94a6/id/ 0
235 B 461ms
231ms XHR
text/plain 52.237.33.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://539a2768f2c54e019d905f729a0b8467.svc.dynamics.com/f/m/66671c4d-5ae1-ea11-a813-000d3a0c94a6/id/dedfa152-ba32-4329-bc91-ea8072a2ec8f

Requested by

Host: mktdplp102cdn.azureedge.net
URL: https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js?v=1.63.1039.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.237.33.21 Toronto, Canada, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
date: Wed, 18 Nov 2020 01:51:48 GMT
status: 200
access-control-allow-origin: *
x-ms-activity-id: 5e3a103b-8859-42a7-95b1-5c2be5ecb6ac
x-activity-id: 5e3a103b-8859-42a7-95b1-5c2be5ecb6ac
content-length: 0
api-deprecated: False

GET
H/1.1 200
OK icon_err.gif
wus.client.hip.live.com/Images/ 1 KB
1 KB 256ms
163ms Image
image/gif 20.190.137.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wus.client.hip.live.com/Images/icon_err.gif?vv=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.190.137.1 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

97aaded71c0575ace10fabd282fba4cfa72352c70349d86fb5f2f297a84834b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 13 Nov 2020 01:56:12 GMT
ETag: "1d6b960299a820d"
Content-Type: image/gif
x-ms-request-id: 8c8e945b-ef8d-4a06-9d19-dc2a9d2695ab
Date: Wed, 18 Nov 2020 01:51:49 GMT
x-ms-version: 1.0.1016.0
Accept-Ranges: bytes
Content-Length: 1037
x-ms-server: HIPPRDWUS00000F

GET
H/1.1 200
OK GetHIPData
wus.client.hip.live.com/ 10 KB
10 KB 263ms
170ms Image
image/jpeg 20.190.137.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wus.client.hip.live.com/GetHIPData?hid=WUS.3630fc3316254ef78c0b3814ca824796&fid=0767448ac03259236daf75b5058495c3&id=mktdplp102&type=visual&cs=WLSPHIP0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.190.137.1 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

10be3e99540ba96687eec4a269deadf8d387f2705c97ac19f20662e724094b8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Date: Wed, 18 Nov 2020 01:51:49 GMT
Content-Type: image/jpeg
x-ms-request-id: 8f8b243f-e695-4c84-8807-f011dd88f796
Cache-Control: no-cache
x-ms-version: 1.0.1016.0
Content-Length: 10321
x-ms-server: HIPPRDWUS000008

GET
H/1.1 200
OK hig_progcircle_animated.gif
wus.client.hip.live.com/Images/ 7 KB
8 KB 1016ms
921ms Image
image/gif 20.190.137.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wus.client.hip.live.com/Images/hig_progcircle_animated.gif?vv=100

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.190.137.1 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

20765c1aa45654aba95d64a80b64434ed8f8ffbd77371e660291a7fb6aaefb7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://pab-dgab-aafc-aac.microsoftcrmportals.com/subscription/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Last-Modified: Fri, 13 Nov 2020 01:59:11 GMT
ETag: "1d6b960944bdc3f"
Content-Type: image/gif
x-ms-request-id: 40a61e4c-6998-4434-9bdb-b89cd770ba45
Date: Wed, 18 Nov 2020 01:51:49 GMT
x-ms-version: 1.0.1016.0
Accept-Ranges: bytes
Content-Length: 7615
x-ms-server: HIPPRDWUS000008

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canadian Government (Government)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
539a2768f2c54e019d905f729a0b8467.svc.dynamics.com/	1969-12-31 23:59:59	Name: 319af4c0-e197-4de9-8a9b-fe98c8a2ca04 Value: 9diEb1brDg3yBOxkgVyCyoReCggWLfFkehP87_D-uQA
pab-dgab-aafc-aac.microsoftcrmportals.com/	1970-01-19 16:10:40	Name: Dynamics365PortalAnalytics Value: JnOSsQH5Jc2BpTq3n4eY27wl_V5M35QYWbx-gkZDsW5p-7PExJZoQNzMtBv3qUGQiCJEpJHVbitsk-eaRWdI2ZEzG4ELDBOceCnXK3xz3ayFlKuqu6WUHe_-LaaWLF2PkWfXaxjRHkBl411m0UCITA2
pab-dgab-aafc-aac.microsoftcrmportals.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: dqhyvaxaesua5al4vxqg0kh2
.pab-dgab-aafc-aac.microsoftcrmportals.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: e9ce56a3118e29ad383ac05f9ac32d43894b4d3b6dcc2cb857e3b2d0bbfbf0a5
.pab-dgab-aafc-aac.microsoftcrmportals.com/	1969-12-31 23:59:59	Name: ARRAffinity Value: e9ce56a3118e29ad383ac05f9ac32d43894b4d3b6dcc2cb857e3b2d0bbfbf0a5
539a2768f2c54e019d905f729a0b8467.svc.dynamics.com/	1970-01-20 07:32:16	Name: 79f08280-5c63-4331-b04d-fb6f39afda51 Value: 9diEb1brDg3yBOxkgVyCyoReCggWLfFkehP87_D-uQA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

539a2768f2c54e019d905f729a0b8467.svc.dynamics.com
ajax.googleapis.com
client.hip.live.com
fonts.googleapis.com
fonts.gstatic.com
mktdplp102ccda.azureedge.net
mktdplp102cdn.azureedge.net
pab-dgab-aafc-aac.microsoftcrmportals.com
use.fontawesome.com
wus.client.hip.live.com
www.canada.ca
20.190.137.1
23.111.9.35
2606:2800:133:206e:1315:22a5:2006:24fd
2606:2800:233:1cb7:261b:1f9c:2074:3c
2a00:1450:4001:80b::2003
2a00:1450:4001:814::200a
2a00:1450:4001:81e::200a
2a02:26f0:6c00:2a0::fe9
52.233.38.143
52.237.33.21
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
0aeb1b76b758fea35516e817ee396cba88c74a993086b567d1a1a732b1b80f4c
0e964df531a12c9b5c6369024d6d42ed41aa99207ff2ed06cc66e082d7e7ec0d
10be3e99540ba96687eec4a269deadf8d387f2705c97ac19f20662e724094b8d
20765c1aa45654aba95d64a80b64434ed8f8ffbd77371e660291a7fb6aaefb7a
2344929748100b755e57ec27333d3f6ae41a823e7c8699380e81d97e9aa6aa50
6195b1bce0085db8c9b1b936150dfd7b070aa9be52d44580b1b6f16752dece34
62a9322e1497d969db9904bece61e6fc4f7924c98577b9ce638d41e7336b4bbc
66621afacc07ef4f3ce58fc15572f1d871c14a3f4315334f5a1f3ba282e366ee
7072aa8ec993dfe20d379d588d6edcc492ef9e4df294f751f3f2904aa9118ef4
717911bd8136959851c9d82dcdcb021966d75e43aa067a1bd564fd84632b73f2
84e00a75ed1e12a553a1620c3d92f55623a326484123ec68af09e5beac4589d2
893e90f6230962e42231635df650f20544ad22affc3ee396df768eaa6bc5a6a2
947c4d0260450501c151beff57f51795758dfd8f2b9f57cc7e1069c5ca9acb3c
97aaded71c0575ace10fabd282fba4cfa72352c70349d86fb5f2f297a84834b1
9baad10e85c5be8d5697086479983b6b477197103bf8f0f11817b1bdfb9a7451
9fcb537c5461fe726488226eafb8311e79e081d797f65520a8956494d28c4e34
a26394f7ede100ca118eff2eda08596275a9839b959c226e15439557a5a80742
a44bbd41a152df40ae99043e510a51da8ad97dadd3f28d1c21be248a4bd98942
b2e36d892559ddef5691afa5bfba0996945fade837eb649bf6761f583ed95007
bc0d5d2c5f72bc534d368cc25a71b1c5fbaf4c59baa5464f193d2793d40872a9
c2ddc7ecb5eeea8aab81e769502a91a1295e7d7fe409c6a4676616344ba30cca
dc827f391db1b0a6917a1773e98731ab7901dd9897f0ad46c0f797f27f279487
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e56f53b3b976e9c05d86645a1e85cfc69e961601d201e957768455580fa30478
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

pab-dgab-aafc-aac.microsoftcrmportals.com Open in urlscan Pro 52.233.38.143 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

30 Requests

100 %HTTPS

60 %IPv6

8 Domains

11 Subdomains

10 IPs

5 Countries

448 kBTransfer

1306 kBSize

6 Cookies

42 Outgoing links

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pab-dgab-aafc-aac.microsoftcrmportals.com Open in urlscan Pro
52.233.38.143 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

100 %
HTTPS

60 %
IPv6

8
Domains

11
Subdomains

10
IPs

5
Countries

448 kB
Transfer

1306 kB
Size

6
Cookies

30 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!