urlscan.io logo urlscan.io
SecurityTrails logo

www.thespec.com Open in urlscan Pro
13.33.60.87  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzA...
Effective URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack...
Submission: On June 02 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 111 IPs in 5 countries across 88 domains to perform 496 HTTP transactions. The main IP is 13.33.60.87, located in United States and belongs to AMAZON-02, US. The main domain is www.thespec.com. The Cisco Umbrella rank of the primary domain is 278613.
TLS certificate: Issued by Amazon RSA 2048 M01 on May 15th 2023. Valid for: a year.
This is the only time www.thespec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 2607:f8b0:402... 15169 (GOOGLE)
2 2607:f8b0:402... 15169 (GOOGLE)
7 2607:f8b0:402... 15169 (GOOGLE)
1 2607:f8b0:402... 15169 (GOOGLE)
5 2607:f8b0:402... 15169 (GOOGLE)
4 2607:f8b0:402... 15169 (GOOGLE)
4 2607:f8b0:402... 15169 (GOOGLE)
38 13.33.60.87 16509 (AMAZON-02)
3 2600:9000:23c... 16509 (AMAZON-02)
21 18.164.116.60 16509 (AMAZON-02)
9 2606:4700:e0:... 13335 (CLOUDFLAR...)
1 2600:9000:21d... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
13 2607:f8b0:402... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 150.136.157.133 31898 (ORACLE-BM...)
12 18.164.124.117 16509 (AMAZON-02)
2 34.96.102.137 396982 (GOOGLE-CL...)
7 20.49.104.19 8075 (MICROSOFT...)
19 23.41.169.149 16625 (AKAMAI-AS)
1 23.215.130.106 20940 (AKAMAI-ASN1)
1 3 13.35.93.41 16509 (AMAZON-02)
1 13.226.36.115 16509 (AMAZON-02)
1 18.164.131.14 16509 (AMAZON-02)
1 151.139.128.10 20446 (STACKPATH...)
3 108.138.107.138 16509 (AMAZON-02)
2 34.234.189.105 14618 (AMAZON-AES)
2 2600:1f18:44f... 14618 (AMAZON-AES)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 172.217.13.102 15169 (GOOGLE)
2 35.171.1.225 14618 (AMAZON-AES)
1 35.241.9.51 15169 (GOOGLE)
6 13 68.67.160.184 29990 (ASN-APPNEX)
8 34.107.254.252 396982 (GOOGLE-CL...)
1 14 2607:f8b0:402... 15169 (GOOGLE)
2 3.222.242.235 14618 (AMAZON-AES)
1 34.231.84.56 14618 (AMAZON-AES)
2 63.140.38.113 14618 (AMAZON-AES)
1 1 52.21.159.118 14618 (AMAZON-AES)
1 18.164.101.60 16509 (AMAZON-02)
5 35.190.14.224 15169 (GOOGLE)
2 3.217.168.175 14618 (AMAZON-AES)
1 2607:f8b0:400... 15169 (GOOGLE)
1 3.227.114.111 14618 (AMAZON-AES)
42 104.18.43.178 13335 (CLOUDFLAR...)
3 2a03:2880:f01... 32934 (FACEBOOK)
4 52.205.167.202 14618 (AMAZON-AES)
2 18.164.116.103 16509 (AMAZON-02)
1 34.120.23.223 396982 (GOOGLE-CL...)
2 2600:1f18:143... 14618 (AMAZON-AES)
6 2a03:2880:f11... 32934 (FACEBOOK)
1 13 2607:f8b0:402... 15169 (GOOGLE)
1 142.251.40.98 15169 (GOOGLE)
1 2 142.251.40.134 15169 (GOOGLE)
1 3 2607:f8b0:402... 15169 (GOOGLE)
2 2607:f8b0:402... 15169 (GOOGLE)
11 12 52.223.40.198 16509 (AMAZON-02)
7 10 172.217.13.130 15169 (GOOGLE)
5 5 34.200.65.202 14618 (AMAZON-AES)
9 12 8.43.72.98 26667 (RUBICONPR...)
4 5 192.40.39.223 27381 (CASALE-MEDIA)
1 2a02:6ea0:c40... 60068 (CDN77 ^_^)
5 2607:f8b0:402... 15169 (GOOGLE)
1 18.164.98.157 16509 (AMAZON-02)
2 11 52.46.143.56 16509 (AMAZON-02)
1 2607:f8b0:402... 15169 (GOOGLE)
4 2607:f8b0:402... 15169 (GOOGLE)
6 11 34.196.231.85 14618 (AMAZON-AES)
1 4 34.98.64.218 396982 (GOOGLE-CL...)
6 23.3.115.102 16625 (AKAMAI-AS)
1 3 2600:1f18:4e9... 14618 (AMAZON-AES)
1 1 68.67.160.24 29990 (ASN-APPNEX)
1 1 192.132.33.46 18568 (BIDTELLECT)
2 2 8.43.72.97 26667 (RUBICONPR...)
1 2620:1ec:21::14 8068 (MICROSOFT...)
1 67.220.224.144 16509 (AMAZON-02)
4 52.85.61.103 16509 (AMAZON-02)
3 2a04:4e42:200... 54113 (FASTLY)
13 68.67.178.10 29990 (ASN-APPNEX)
21 52.72.136.170 14618 (AMAZON-AES)
15 2606:4700:20:... 13335 (CLOUDFLAR...)
8 151.101.1.108 54113 (FASTLY)
1 151.101.65.108 54113 (FASTLY)
22 23.41.168.189 16625 (AKAMAI-AS)
2 34.95.69.49 396982 (GOOGLE-CL...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 199.187.193.200 47043 (SMARTADSE...)
2 2 23.192.31.127 16625 (AKAMAI-AS)
2 2 199.187.193.179 47043 (SMARTADSE...)
2 2 2600:1f18:612... 14618 (AMAZON-AES)
1 1 80.77.87.161 46636 (NATCOWEB)
2 2 34.229.3.43 14618 (AMAZON-AES)
4 2607:f8b0:402... 15169 (GOOGLE)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
2 37.157.5.133 198622 (ADFORM)
1 1 8.39.36.142 26667 (RUBICONPR...)
1 3.18.203.134 16509 (AMAZON-02)
5 52.219.107.9 16509 (AMAZON-02)
2 13.226.34.68 16509 (AMAZON-02)
2 142.250.31.155 15169 (GOOGLE)
1 2600:1f18:612... 14618 (AMAZON-AES)
1 50.17.44.206 14618 (AMAZON-AES)
1 199.187.193.177 47043 (SMARTADSE...)
3 3 34.206.184.66 14618 (AMAZON-AES)
1 34.233.251.255 14618 (AMAZON-AES)
3 4 35.71.139.29 16509 (AMAZON-02)
4 4 63.251.86.50 10913 (INTERNAP-BLK)
1 206.189.177.190 14061 (DIGITALOC...)
1 2607:f8b0:402... 15169 (GOOGLE)
4 4 3.225.186.40 14618 (AMAZON-AES)
2 2 35.227.252.103 15169 (GOOGLE)
1 3 54.84.233.243 14618 (AMAZON-AES)
1 2607:f8b0:402... 15169 (GOOGLE)
3 3 35.211.178.172 15169 (GOOGLE)
3 3 52.44.28.1 14618 (AMAZON-AES)
2 2 199.187.193.197 47043 (SMARTADSE...)
3 23.41.168.202 16625 (AKAMAI-AS)
2 8.28.7.81 62713 (AS-PUBMATIC)
1 151.101.66.49 54113 (FASTLY)
1 1 199.38.167.131 54312 (ROCKETFUEL)
4 8.28.7.83 62713 (AS-PUBMATIC)
2 3 34.111.113.62 396982 (GOOGLE-CL...)
1 2 54.221.183.221 14618 (AMAZON-AES)
1 1 34.150.170.96 396982 (GOOGLE-CL...)
1 1 2620:112:f002... 6336 (TURN-US-ASN)
4 162.248.18.37 62713 (AS-PUBMATIC)
1 162.248.18.34 62713 (AS-PUBMATIC)
1 8.28.7.84 62713 (AS-PUBMATIC)
1 1 216.200.232.249 ()
1 38.91.45.7 ()
1 74.119.119.150 ()
1 54.165.35.122 ()
496 111
5    2607:f8b0:4020:807::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)
news.google.com
2    2607:f8b0:4020:805::200a (Montreal, Canada)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
7    2607:f8b0:4020:806::2008 (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2607:f8b0:4020:806::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
5    2607:f8b0:4020:807::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.gstatic.com
4    2607:f8b0:4020:805::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    2607:f8b0:4020:806::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)
play.google.com
38    13.33.60.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-60-87.ewr52.r.cloudfront.net
www.thespec.com
3    2600:9000:23ca:d800:16:970:b940:93a1 (United States)

ASN16509 (AMAZON-02, US)
prebid.the-ozone-project.com
21    18.164.116.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-60.jfk50.r.cloudfront.net
bc.thespec.com
9    2606:4700:e0::ac40:6b1b (United States)

ASN13335 (CLOUDFLARENET, US)
images.thestarimages.com
1    2600:9000:21dd:de00:8:2ae1:d740:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.viafoura.net
1    2606:4700:4400::ac40:9256 (United States)

ASN13335 (CLOUDFLARENET, US)
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
13    2607:f8b0:4020:805::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
adservice.google.ca
1    2606:4700:20::ac43:4686 (United States)

ASN13335 (CLOUDFLARENET, US)
btloader.com
1    150.136.157.133 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)
torstar.gscontxt.net
12    18.164.124.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-117.jfk50.r.cloudfront.net
resources.thestar.com
2    34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com
dev.visualwebsiteoptimizer.com
7    20.49.104.19 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
adserver.pressboard.ca
sr.studiostack.com
19    23.41.169.149 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-169-149.deploy.static.akamaitechnologies.com
z.moatads.com
px.moatads.com
1    23.215.130.106 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-215-130-106.deploy.static.akamaitechnologies.com
w4o7aea80ss3-a.akamaihd.net
3    13.35.93.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-41.jfk50.r.cloudfront.net
sb.scorecardresearch.com
1    13.226.36.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-36-115.ewr53.r.cloudfront.net
d1nxn87txdj54y.cloudfront.net
1    18.164.131.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-131-14.jfk50.r.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
1    151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net
cdn.petametrics.com
3    108.138.107.138 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-107-138.jfk50.r.cloudfront.net
c.amazon-adsystem.com
2    34.234.189.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-234-189-105.compute-1.amazonaws.com
torstar.blueconic.net
2    2600:1f18:44f0:4847:757a:9f73:587:7107 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
api.viafoura.co
2    2606:4700:20::ac43:4513 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-delivery.net
1    172.217.13.102 (United States)

ASN15169 (GOOGLE, US)
PTR: yul02s04-in-f6.1e100.net
ad.doubleclick.net
2    35.171.1.225 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-1-225.compute-1.amazonaws.com
dpm.demdex.net
1    35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co
13    68.67.160.184 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
8    34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com
api.permutive.com
14    2607:f8b0:4020:804::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.googletagservices.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
2    3.222.242.235 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-222-242-235.compute-1.amazonaws.com
api.parsely.com
1    34.231.84.56 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-84-56.compute-1.amazonaws.com
torontostarnewspaperslimited.demdex.net
2    63.140.38.113 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-38-113.data.adobedc.net
s.thespec.com
1    52.21.159.118 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-159-118.compute-1.amazonaws.com
cm.everesttech.net
1    18.164.101.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-101-60.jfk50.r.cloudfront.net
cdn.parsely.com
5    35.190.14.224 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 224.14.190.35.bc.googleusercontent.com
query.petametrics.com
2    3.217.168.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-168-175.compute-1.amazonaws.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
1    2607:f8b0:4004:c1b::9a (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    3.227.114.111 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-227-114-111.compute-1.amazonaws.com
i.viafoura.co
42    104.18.43.178 (None, )

ASN13335 (CLOUDFLARENET, US)
elb.the-ozone-project.com
3    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    52.205.167.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-167-202.compute-1.amazonaws.com
p1.parsely.com
2    18.164.116.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-103.jfk50.r.cloudfront.net
api.thestar.com
1    34.120.23.223 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 223.23.120.34.bc.googleusercontent.com
engagefront.theweathernetwork.com
2    2600:1f18:1430:9000:eeee:2de2:4483:dc16 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pixel.thestar.com
6    2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
13    2607:f8b0:4020:804::200e (Montreal, Canada)

ASN15169 (GOOGLE, US)
fundingchoicesmessages.google.com
gcdn.2mdn.net
1    142.251.40.98 (East White Plains, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net
www.googleadservices.com
2    142.251.40.134 (East White Plains, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f6.1e100.net
12987815.fls.doubleclick.net
3    2607:f8b0:4020:807::2004 (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4020:805::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)
www.google.ca
12    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
10    172.217.13.130 (United States)

ASN15169 (GOOGLE, US)
PTR: yul02s05-in-f2.1e100.net
cm.g.doubleclick.net
5    34.200.65.202 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-65-202.compute-1.amazonaws.com
ups.analytics.yahoo.com
12    8.43.72.98 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
token.rubiconproject.com
5    192.40.39.223 (Canada)

ASN27381 (CASALE-MEDIA, CA)
dsum-sec.casalemedia.com
ssum.casalemedia.com
1    2a02:6ea0:c400::11 (New York, United States)

ASN60068 (CDN77 ^_^, GB)
cdn.cluepixel.com
5    2607:f8b0:4020:806::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)
adservice.google.com
pubads.g.doubleclick.net
1    18.164.98.157 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-98-157.jfk50.r.cloudfront.net
aax.amazon-adsystem.com
11    52.46.143.56 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    2607:f8b0:4020:806::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)
8fd3bc06c5801f35dd31c36f0bd0a294.safeframe.googlesyndication.com
4    2607:f8b0:4020:807::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
11    34.196.231.85 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-231-85.compute-1.amazonaws.com
match.sharethrough.com
4    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
us-u.openx.net
6    23.3.115.102 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-3-115-102.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
3    2600:1f18:4e9:5a07:1d29:9fda:71f8:ef93 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pr-bh.ybp.yahoo.com
1    68.67.160.24 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
1    192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com
bttrack.com
2    8.43.72.97 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    67.220.224.144 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
4    52.85.61.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-103.ewr53.r.cloudfront.net
static.freeskreen.com
3    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
13    68.67.178.10 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
nym1-ib.adnxs.com
21    52.72.136.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-136-170.compute-1.amazonaws.com
sb.freeskreen.com
15    2606:4700:20::681a:d8 (United States)

ASN13335 (CLOUDFLARENET, US)
creative.sofiapulse.com
api.sofiapulse.com
8    151.101.1.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs.com
cdn.adnxs.com
1    151.101.65.108 (United States)

ASN54113 (FASTLY, US)
acdn.adnxs-simple.com
22    23.41.168.189 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-189.deploy.static.akamaitechnologies.com
crcdn01.adnxs-simple.com
2    34.95.69.49 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 49.69.95.34.bc.googleusercontent.com
i.clean.gg
2    2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    199.187.193.200 (Canada)

ASN47043 (SMARTADSERVER, CA)
ww1772.smartadserver.com
2    23.192.31.127 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-31-127.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
2    199.187.193.179 (Canada)

ASN47043 (SMARTADSERVER, CA)
sync.smartadserver.com
2    2600:1f18:612b:4200:e88d:9deb:419:5e00 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
scm.publishers.tremorhub.com
1    80.77.87.161 (Clifton, United States)

ASN46636 (NATCOWEB, US)
cs.admanmedia.com
2    34.229.3.43 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-229-3-43.compute-1.amazonaws.com
loadeu.exelator.com
4    2607:f8b0:4020:806::200a (Montreal, Canada)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
imasdk.googleapis.com
1    2606:4700:20::ac43:4775 (United States)

ASN13335 (CLOUDFLARENET, US)
experience-api.sofiapulse.com
2    37.157.5.133 (Denmark)

ASN198622 (ADFORM, DK)
cm.adform.net
1    8.39.36.142 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-west.rubiconproject.com
1    3.18.203.134 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-18-203-134.us-east-2.compute.amazonaws.com
track.sofiapulse.com
5    52.219.107.9 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: s3.us-east-2.amazonaws.com
s3.us-east-2.amazonaws.com
2    13.226.34.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-34-68.ewr53.r.cloudfront.net
video.freeskreen.com
2    142.250.31.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f155.1e100.net
bid.g.doubleclick.net
1    2600:1f18:612b:4264:fdb4:174:60b1:9ea2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pc022-cybt2.ads.tremorhub.com
1    50.17.44.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-17-44-206.compute-1.amazonaws.com
ads.freeskreen.com
1    199.187.193.177 (Canada)

ASN47043 (SMARTADSERVER, CA)
rtb-csync.smartadserver.com
3    34.206.184.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-184-66.compute-1.amazonaws.com
ads.avct.cloud
1    34.233.251.255 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-233-251-255.compute-1.amazonaws.com
optimized-by.rubiconproject.com
4    35.71.139.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
4    63.251.86.50 (United States)

ASN10913 (INTERNAP-BLK, US)
ap.lijit.com
1    206.189.177.190 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
vast.doubleverify.com
1    2607:f8b0:4020:807::2006 (Montreal, Canada)

ASN15169 (GOOGLE, US)
s0.2mdn.net
4    3.225.186.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-186-40.compute-1.amazonaws.com
match.prod.bidr.io
2    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
3    54.84.233.243 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-233-243.compute-1.amazonaws.com
crb.kargo.com
1    2607:f8b0:4020:1::9 (Montreal, Canada)

ASN15169 (GOOGLE, US)
r4---sn-t0a7ln7d.c.2mdn.net
3    35.211.178.172 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
3    52.44.28.1 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-44-28-1.compute-1.amazonaws.com
ad2.360yield.com
2    199.187.193.197 (Canada)

ASN47043 (SMARTADSERVER, CA)
ssbsync-global.smartadserver.com
3    23.41.168.202 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-202.deploy.static.akamaitechnologies.com
ads.pubmatic.com
2    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
1    151.101.66.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    199.38.167.131 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
4    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
3    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
2    54.221.183.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-183-221.compute-1.amazonaws.com
thrtle.com
1    34.150.170.96 (Washington, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 96.170.150.34.bc.googleusercontent.com
um.simpli.fi
1    2620:112:f002:bbbb::21 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
4    162.248.18.37 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    162.248.18.34 (United States)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
1    8.28.7.84 (United States)

ASN62713 (AS-PUBMATIC, US)
simage4.pubmatic.com
1    216.200.232.249 (None, )

ASN- ()
sync.mathtag.com
1    38.91.45.7 (None, )

ASN- ()
match.deepintent.com
1    74.119.119.150 (None, )

ASN- ()
dis.criteo.com
1    54.165.35.122 (None, )

ASN- ()
rtb.adentifi.com
Apex Domain
Subdomains		 Transfer
61 thespec.com
www.thespec.com — Cisco Umbrella Rank: 278613
bc.thespec.com
s.thespec.com
2 MB
45 the-ozone-project.com
prebid.the-ozone-project.com — Cisco Umbrella Rank: 18339
elb.the-ozone-project.com — Cisco Umbrella Rank: 6358
139 KB
35 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 239
secure.adnxs.com — Cisco Umbrella Rank: 446
nym1-ib.adnxs.com — Cisco Umbrella Rank: 1051
acdn.adnxs.com — Cisco Umbrella Rank: 617
cdn.adnxs.com — Cisco Umbrella Rank: 1539
184 KB
32 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 221
ad.doubleclick.net — Cisco Umbrella Rank: 181
stats.g.doubleclick.net — Cisco Umbrella Rank: 111
googleads.g.doubleclick.net — Cisco Umbrella Rank: 51
12987815.fls.doubleclick.net — Cisco Umbrella Rank: 925052
cm.g.doubleclick.net — Cisco Umbrella Rank: 231
bid.g.doubleclick.net — Cisco Umbrella Rank: 798
pubads.g.doubleclick.net — Cisco Umbrella Rank: 435
202 KB
28 freeskreen.com
static.freeskreen.com — Cisco Umbrella Rank: 52607
sb.freeskreen.com — Cisco Umbrella Rank: 41519
video.freeskreen.com — Cisco Umbrella Rank: 66451
ads.freeskreen.com — Cisco Umbrella Rank: 54736
173 KB
27 google.com
news.google.com — Cisco Umbrella Rank: 5484
play.google.com — Cisco Umbrella Rank: 45
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1888
www.google.com — Cisco Umbrella Rank: 3
adservice.google.com — Cisco Umbrella Rank: 103
154 KB
24 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 362
eus.rubiconproject.com — Cisco Umbrella Rank: 614
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1143
token.rubiconproject.com — Cisco Umbrella Rank: 605
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1117
pixel-us-west.rubiconproject.com — Cisco Umbrella Rank: 5958
optimized-by.rubiconproject.com — Cisco Umbrella Rank: 4459
45 KB
23 adnxs-simple.com
acdn.adnxs-simple.com — Cisco Umbrella Rank: 2408
crcdn01.adnxs-simple.com — Cisco Umbrella Rank: 4438
371 KB
19 moatads.com
z.moatads.com — Cisco Umbrella Rank: 543
px.moatads.com — Cisco Umbrella Rank: 544
617 KB
17 sofiapulse.com
creative.sofiapulse.com — Cisco Umbrella Rank: 430620
api.sofiapulse.com — Cisco Umbrella Rank: 487052
experience-api.sofiapulse.com — Cisco Umbrella Rank: 489140
track.sofiapulse.com — Cisco Umbrella Rank: 444055
197 KB
16 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 348
aax.amazon-adsystem.com — Cisco Umbrella Rank: 440
s.amazon-adsystem.com — Cisco Umbrella Rank: 318
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1001
69 KB
16 thestar.com
resources.thestar.com — Cisco Umbrella Rank: 202778
api.thestar.com — Cisco Umbrella Rank: 313257
pixel.thestar.com — Cisco Umbrella Rank: 365832
107 KB
15 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 540
image6.pubmatic.com — Cisco Umbrella Rank: 762
image2.pubmatic.com — Cisco Umbrella Rank: 899
simage2.pubmatic.com — Cisco Umbrella Rank: 690
image4.pubmatic.com — Cisco Umbrella Rank: 1135
simage4.pubmatic.com — Cisco Umbrella Rank: 1258
36 KB
12 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123
8fd3bc06c5801f35dd31c36f0bd0a294.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
57 KB
12 adsrvr.org
insight.adsrvr.org — Cisco Umbrella Rank: 582
match.adsrvr.org — Cisco Umbrella Rank: 365
8 KB
11 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 548
7 KB
9 thestarimages.com
images.thestarimages.com — Cisco Umbrella Rank: 171098
637 KB
8 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 315
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 452
3 KB
8 permutive.com
api.permutive.com — Cisco Umbrella Rank: 2038
1 KB
7 parsely.com
api.parsely.com — Cisco Umbrella Rank: 11395
cdn.parsely.com — Cisco Umbrella Rank: 3068
p1.parsely.com — Cisco Umbrella Rank: 2292
35 KB
7 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 70
409 KB
6 smartadserver.com
ww1772.smartadserver.com — Cisco Umbrella Rank: 59627
sync.smartadserver.com — Cisco Umbrella Rank: 1456
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 595
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1717
4 KB
6 openx.net
u.openx.net — Cisco Umbrella Rank: 695
us-u.openx.net — Cisco Umbrella Rank: 474
rtb.openx.net — Cisco Umbrella Rank: 1176
2 KB
6 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
334 B
6 studiostack.com
sr.studiostack.com — Cisco Umbrella Rank: 50743
28 KB
6 petametrics.com
cdn.petametrics.com — Cisco Umbrella Rank: 13243
query.petametrics.com — Cisco Umbrella Rank: 14298
50 KB
6 gstatic.com
fonts.gstatic.com
www.gstatic.com
csi.gstatic.com Failed
154 KB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 66
ajax.googleapis.com — Cisco Umbrella Rank: 398
imasdk.googleapis.com — Cisco Umbrella Rank: 486
396 KB
5 amazonaws.com
s3.us-east-2.amazonaws.com
1 MB
5 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568
ssum.casalemedia.com — Cisco Umbrella Rank: 1329
4 KB
5 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 205
237 KB
4 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 579
2 KB
4 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 718
2 KB
4 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 402
1 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49
21 KB
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 485
1 KB
3 360yield.com
ad2.360yield.com — Cisco Umbrella Rank: 12860
936 B
3 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 340
2 KB
3 kargo.com
crb.kargo.com — Cisco Umbrella Rank: 1590
2 KB
3 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 324
gcdn.2mdn.net — Cisco Umbrella Rank: 1139
r4---sn-t0a7ln7d.c.2mdn.net — Cisco Umbrella Rank: 287260
1 MB
3 avct.cloud
ads.avct.cloud — Cisco Umbrella Rank: 4272
2 KB
3 tremorhub.com
scm.publishers.tremorhub.com — Cisco Umbrella Rank: 59807
pc022-cybt2.ads.tremorhub.com
1 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 367
28 KB
3 google.ca
www.google.ca — Cisco Umbrella Rank: 7071
adservice.google.ca — Cisco Umbrella Rank: 12004
1 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 165
263 KB
3 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 216
torontostarnewspaperslimited.demdex.net — Cisco Umbrella Rank: 259693
5 KB
3 viafoura.co
api.viafoura.co — Cisco Umbrella Rank: 11033
i.viafoura.co — Cisco Umbrella Rank: 10982
6 KB
3 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 160
3 KB
2 thrtle.com
thrtle.com — Cisco Umbrella Rank: 1396
685 B
2 adform.net
cm.adform.net — Cisco Umbrella Rank: 1224
211 B
2 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 7971
2 KB
2 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1079
14 KB
2 clean.gg
i.clean.gg — Cisco Umbrella Rank: 1370
104 B
2 amazon.dev
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 813
452 B
2 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1094
sync-tm.everesttech.net — Cisco Umbrella Rank: 702
936 B
2 ad-delivery.net
ad-delivery.net — Cisco Umbrella Rank: 1137
1 KB
2 blueconic.net
torstar.blueconic.net — Cisco Umbrella Rank: 283291
2 KB
2 cloudfront.net
d1nxn87txdj54y.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
2 KB
2 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4628
2 KB
1 adentifi.com
rtb.adentifi.com
35 B
1 criteo.com
dis.criteo.com
363 B
1 deepintent.com
match.deepintent.com
223 B
1 mathtag.com
sync.mathtag.com
737 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 952
518 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 870
660 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 859
790 B
1 doubleverify.com
vast.doubleverify.com — Cisco Umbrella Rank: 1772
7 KB
1 admanmedia.com
cs.admanmedia.com — Cisco Umbrella Rank: 1102
647 B
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 382
515 B
1 bttrack.com
bttrack.com — Cisco Umbrella Rank: 874
411 B
1 cluepixel.com
cdn.cluepixel.com — Cisco Umbrella Rank: 102474
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 172
2 KB
1 theweathernetwork.com
engagefront.theweathernetwork.com — Cisco Umbrella Rank: 3139
315 B
1 prmutv.co
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co — Cisco Umbrella Rank: 308693
394 B
1 akamaihd.net
w4o7aea80ss3-a.akamaihd.net — Cisco Umbrella Rank: 916789
251 B
1 pressboard.ca
adserver.pressboard.ca — Cisco Umbrella Rank: 86778
789 B
1 gscontxt.net
torstar.gscontxt.net — Cisco Umbrella Rank: 238907
404 B
1 btloader.com
btloader.com — Cisco Umbrella Rank: 1054
7 KB
1 permutive.app
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app — Cisco Umbrella Rank: 246670
144 KB
1 viafoura.net
cdn.viafoura.net — Cisco Umbrella Rank: 10619
12 KB
0 nrich.ai Failed
dsp.nrich.ai Failed
0 ipredictive.com Failed
sync.ipredictive.com Failed
0 dotomi.com Failed
pubmatic-match.dotomi.com Failed
0 adswizz.com Failed
synchroscript.deliveryengine.adswizz.com Failed
0 bfmio.com Failed
sync.bfmio.com Failed
0 adgrx.com Failed
cm.adgrx.com Failed
0 technoratimedia.com Failed
sync.technoratimedia.com Failed
0 districtm.io Failed
dmx.districtm.io Failed
496 88
Domain Requested by
42 elb.the-ozone-project.com prebid.the-ozone-project.com
elb.the-ozone-project.com
static.cloudflareinsights.com
ads.pubmatic.com
38 www.thespec.com www.gstatic.com
www.thespec.com
22 crcdn01.adnxs-simple.com acdn.adnxs.com
acdn.adnxs-simple.com
crcdn01.adnxs-simple.com
21 sb.freeskreen.com static.freeskreen.com
www.thespec.com
eus.rubiconproject.com
21 bc.thespec.com www.thespec.com
bc.thespec.com
14 creative.sofiapulse.com news.google.com
creative.sofiapulse.com
13 nym1-ib.adnxs.com prebid.the-ozone-project.com
nym1-ib.adnxs.com
cdn.adnxs.com
13 ib.adnxs.com 6 redirects be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
acdn.adnxs.com
12 fundingchoicesmessages.google.com news.google.com
12 resources.thestar.com www.thespec.com
resources.thestar.com
12 securepubads.g.doubleclick.net www.thespec.com
securepubads.g.doubleclick.net
news.google.com
www.googletagservices.com
acdn.adnxs-simple.com
11 match.sharethrough.com 6 redirects s.amazon-adsystem.com
match.sharethrough.com
11 s.amazon-adsystem.com 2 redirects c.amazon-adsystem.com
s.amazon-adsystem.com
u.openx.net
match.sharethrough.com
eus.rubiconproject.com
ads.pubmatic.com
11 match.adsrvr.org 10 redirects u.openx.net
10 cm.g.doubleclick.net 7 redirects u.openx.net
eus.rubiconproject.com
10 z.moatads.com www.thespec.com
securepubads.g.doubleclick.net
z.moatads.com
acdn.adnxs-simple.com
static.freeskreen.com
9 px.moatads.com www.thespec.com
9 images.thestarimages.com www.thespec.com
8 pixel.rubiconproject.com 5 redirects eus.rubiconproject.com
8 api.permutive.com be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
7 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
imasdk.googleapis.com
www.googletagservices.com
7 www.googletagmanager.com news.google.com
www.thespec.com
www.googletagmanager.com
6 eus.rubiconproject.com s.amazon-adsystem.com
eus.rubiconproject.com
sb.freeskreen.com
ww1772.smartadserver.com
6 www.facebook.com
6 sr.studiostack.com adserver.pressboard.ca
sr.studiostack.com
5 s3.us-east-2.amazonaws.com
5 acdn.adnxs.com nym1-ib.adnxs.com
www.thespec.com
5 ups.analytics.yahoo.com 5 redirects
5 query.petametrics.com www.thespec.com
5 www.googletagservices.com www.thespec.com
securepubads.g.doubleclick.net
5 www.gstatic.com
5 news.google.com 1 redirects news.google.com
4 simage2.pubmatic.com ads.pubmatic.com
4 image2.pubmatic.com ads.pubmatic.com
4 match.prod.bidr.io 4 redirects
4 ap.lijit.com 4 redirects
4 eb2.3lift.com 3 redirects ads.pubmatic.com
4 static.freeskreen.com securepubads.g.doubleclick.net
news.google.com
4 token.rubiconproject.com 4 redirects
4 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
ajax.googleapis.com
4 p1.parsely.com cdn.parsely.com
www.thespec.com
4 play.google.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 pixel.tapad.com 2 redirects ads.pubmatic.com
3 ads.pubmatic.com elb.the-ozone-project.com
ads.pubmatic.com
3 ad2.360yield.com 3 redirects
3 x.bidswitch.net 3 redirects
3 crb.kargo.com 1 redirects elb.the-ozone-project.com
3 imasdk.googleapis.com static.freeskreen.com
imasdk.googleapis.com
3 ads.avct.cloud 3 redirects
3 cdn.adnxs.com nym1-ib.adnxs.com
3 cdn.jsdelivr.net securepubads.g.doubleclick.net
3 ssum.casalemedia.com 3 redirects
3 pr-bh.ybp.yahoo.com 1 redirects u.openx.net
ads.pubmatic.com
3 adservice.google.com 12987815.fls.doubleclick.net
securepubads.g.doubleclick.net
imasdk.googleapis.com
3 www.google.com 1 redirects tpc.googlesyndication.com
3 connect.facebook.net bc.thespec.com
connect.facebook.net
3 c.amazon-adsystem.com www.thespec.com
c.amazon-adsystem.com
3 sb.scorecardresearch.com 1 redirects www.thespec.com
3 prebid.the-ozone-project.com www.thespec.com
prebid.the-ozone-project.com
2 thrtle.com 1 redirects ads.pubmatic.com
2 image6.pubmatic.com ads.pubmatic.com
2 ssbsync-global.smartadserver.com 2 redirects
2 rtb.openx.net 2 redirects
2 pubads.g.doubleclick.net ajax.googleapis.com
imasdk.googleapis.com
2 bid.g.doubleclick.net ajax.googleapis.com
2 video.freeskreen.com ajax.googleapis.com
2 cm.adform.net elb.the-ozone-project.com
2 loadeu.exelator.com 2 redirects
2 scm.publishers.tremorhub.com 2 redirects
2 sync.smartadserver.com 2 redirects
2 secure-assets.rubiconproject.com 2 redirects
2 static.cloudflareinsights.com elb.the-ozone-project.com
2 i.clean.gg acdn.adnxs-simple.com
2 pixel-us-east.rubiconproject.com 2 redirects
2 us-u.openx.net u.openx.net
2 u.openx.net 1 redirects s.amazon-adsystem.com
2 dsum-sec.casalemedia.com 1 redirects
2 www.google.ca
2 12987815.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 googleads.g.doubleclick.net 1 redirects www.googletagmanager.com
2 pixel.thestar.com connect.facebook.net
2 api.thestar.com www.thespec.com
2 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev c.amazon-adsystem.com
2 s.thespec.com resources.thestar.com
2 api.parsely.com www.thespec.com
2 dpm.demdex.net resources.thestar.com
www.thespec.com
2 ad-delivery.net www.thespec.com
2 api.viafoura.co cdn.viafoura.net
2 torstar.blueconic.net bc.thespec.com
2 dev.visualwebsiteoptimizer.com www.thespec.com
2 fonts.googleapis.com news.google.com
creative.sofiapulse.com
1 rtb.adentifi.com
1 dis.criteo.com ads.pubmatic.com
1 match.deepintent.com ads.pubmatic.com
1 sync.mathtag.com 1 redirects
1 simage4.pubmatic.com ads.pubmatic.com
1 image4.pubmatic.com ads.pubmatic.com
1 ad.turn.com 1 redirects
1 um.simpli.fi 1 redirects
1 p.rfihub.com 1 redirects
1 sync-tm.everesttech.net ads.pubmatic.com
1 r4---sn-t0a7ln7d.c.2mdn.net
1 gcdn.2mdn.net 1 redirects
1 s0.2mdn.net imasdk.googleapis.com
1 vast.doubleverify.com ajax.googleapis.com
1 optimized-by.rubiconproject.com ajax.googleapis.com
1 rtb-csync.smartadserver.com eus.rubiconproject.com
1 ads.freeskreen.com ajax.googleapis.com
1 pc022-cybt2.ads.tremorhub.com ajax.googleapis.com
1 track.sofiapulse.com creative.sofiapulse.com
1 pixel-us-west.rubiconproject.com 1 redirects
1 experience-api.sofiapulse.com creative.sofiapulse.com
1 ajax.googleapis.com news.google.com
1 cs.admanmedia.com 1 redirects
1 ww1772.smartadserver.com sb.freeskreen.com
1 acdn.adnxs-simple.com nym1-ib.adnxs.com
1 api.sofiapulse.com www.thespec.com
1 aax-eu.amazon-adsystem.com eus.rubiconproject.com
1 px.ads.linkedin.com eus.rubiconproject.com
1 bttrack.com 1 redirects
1 secure.adnxs.com 1 redirects
1 8fd3bc06c5801f35dd31c36f0bd0a294.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 adservice.google.ca securepubads.g.doubleclick.net
1 aax.amazon-adsystem.com c.amazon-adsystem.com
1 cdn.cluepixel.com
1 insight.adsrvr.org 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 engagefront.theweathernetwork.com www.thespec.com
1 i.viafoura.co www.thespec.com
1 stats.g.doubleclick.net www.google-analytics.com
1 cdn.parsely.com d1z2jf7jlzjs58.cloudfront.net
1 cm.everesttech.net 1 redirects
1 torontostarnewspaperslimited.demdex.net resources.thestar.com
1 be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
1 ad.doubleclick.net www.thespec.com
1 cdn.petametrics.com www.thespec.com
1 d1z2jf7jlzjs58.cloudfront.net www.thespec.com
1 d1nxn87txdj54y.cloudfront.net www.thespec.com
1 w4o7aea80ss3-a.akamaihd.net www.thespec.com
1 adserver.pressboard.ca www.thespec.com
1 torstar.gscontxt.net www.thespec.com
1 btloader.com www.thespec.com
1 be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app www.thespec.com
1 cdn.viafoura.net www.thespec.com
1 fonts.gstatic.com fonts.googleapis.com
0 dsp.nrich.ai Failed
0 sync.ipredictive.com Failed
0 pubmatic-match.dotomi.com Failed
0 synchroscript.deliveryengine.adswizz.com Failed
0 sync.bfmio.com Failed
0 cm.adgrx.com Failed ads.pubmatic.com
0 sync.technoratimedia.com Failed ads.pubmatic.com
0 dmx.districtm.io Failed elb.the-ozone-project.com
0 csi.gstatic.com Failed imasdk.googleapis.com
496 155
Subject Issuer Validity Valid
*.news.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.thestar.com
Amazon RSA 2048 M01		 2023-05-15 -
2024-06-12		 a year crt.sh
*.the-ozone-project.com
Amazon RSA 2048 M02		 2023-02-24 -
2023-12-20		 10 months crt.sh
z737.thestar.com
Amazon RSA 2048 M01		 2023-02-06 -
2024-03-06		 a year crt.sh
thestarimages.com
GTS CA 1P5		 2023-05-23 -
2023-08-21		 3 months crt.sh
viafoura.com
Amazon RSA 2048 M01		 2023-02-28 -
2023-10-06		 7 months crt.sh
permutive.app
Cloudflare Inc ECC CA-3		 2023-05-10 -
2023-08-08		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-05 -
2023-08-05		 a year crt.sh
*.gscontxt.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-08 -
2023-12-08		 a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2		 2022-07-04 -
2023-08-05		 a year crt.sh
*.pressboard.ca
Go Daddy Secure Certificate Authority - G2		 2023-02-13 -
2024-03-16		 a year crt.sh
moatads.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-16 -
2023-11-18		 a year crt.sh
a248.e.akamai.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-05-16 -
2024-05-15		 a year crt.sh
*.scorecardresearch.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-15 -
2023-12-28		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
cdn.liftigniter.com
R3		 2023-04-27 -
2023-07-26		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.blueconic.net
Amazon RSA 2048 M02		 2023-02-28 -
2023-08-06		 5 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-26 -
2023-10-27		 a year crt.sh
*.prmutv.co
R3		 2023-03-14 -
2023-06-12		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
api.permutive.com
R3		 2023-04-17 -
2023-07-16		 3 months crt.sh
*.studiostack.com
Go Daddy Secure Certificate Authority - G2		 2022-11-16 -
2023-12-18		 a year crt.sh
*.parsely.com
Amazon RSA 2048 M02		 2023-05-06 -
2024-06-03		 a year crt.sh
s.thespec.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-11 -
2023-09-11		 a year crt.sh
*.liftigniter.com
R3		 2023-04-08 -
2023-07-07		 3 months crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
Amazon RSA 2048 M02		 2022-12-27 -
2024-01-25		 a year crt.sh
the-ozone-project.com
E1		 2023-05-02 -
2023-07-31		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-03-11 -
2023-06-09		 3 months crt.sh
engagefront.theweathernetwork.com
GTS CA 1D4		 2023-04-27 -
2023-07-26		 3 months crt.sh
pixel.thestar.com
Amazon RSA 2048 M02		 2023-05-09 -
2024-06-07		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
1860674124.rsc.cdn77.org
R3		 2023-04-11 -
2023-07-10		 3 months crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-16 -
2024-03-08		 a year crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-03 -
2024-02-19		 a year crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-05-19 -
2023-08-11		 3 months crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-03-01 -
2023-08-12		 5 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.rubiconproject.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-03-07 -
2024-04-03		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-04-04 -
2023-09-27		 6 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-01-27 -
2024-01-27		 a year crt.sh
*.freeskreen.com
Amazon RSA 2048 M02		 2023-02-22 -
2023-12-16		 10 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-12-23 -
2024-01-24		 a year crt.sh
sofiapulse.com
GTS CA 1P5		 2023-05-23 -
2023-08-21		 3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1		 2023-03-27 -
2024-04-26		 a year crt.sh
i.clean.gg
GTS CA 1D4		 2023-05-24 -
2023-08-22		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
*.adform.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-05-25 -
2024-06-18		 a year crt.sh
*.sofiapulse.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-22 -
2023-12-22		 a year crt.sh
*.s3.us-east-2.amazonaws.com
Amazon RSA 2048 M01		 2023-04-11 -
2024-02-28		 a year crt.sh
*.tremorhub.com
Amazon RSA 2048 M01		 2023-02-22 -
2024-03-23		 a year crt.sh
vast.doubleverify.com
Go Daddy Secure Certificate Authority - G2		 2022-06-13 -
2023-07-15		 a year crt.sh
*.app.kargo.com
Amazon RSA 2048 M02		 2023-02-21 -
2024-01-18		 a year crt.sh
*.pubmatic.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-25 -
2024-01-24		 a year crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2022 Q4		 2022-11-07 -
2023-12-09		 a year crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
*.deepintent.com
Go Daddy Secure Certificate Authority - G2		 2022-11-30 -
2024-01-01		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-05-12 -
2023-08-10		 3 months crt.sh
adentifi.com
Amazon RSA 2048 M02		 2023-02-22 -
2023-09-03		 6 months crt.sh

This page contains 45 frames:

Primary Page: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Frame ID: C849B3AA8532A6EA9B71FD483CEC1A2A
Requests: 229 HTTP requests in this frame

Frame: https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0
Frame ID: E4FFD68120B984E834391366D68BA789
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 29DEC344FB03655258E3C4C08E908F59
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A2A5505BE6C8AB9E8FE65C025B1366F7
Requests: 1 HTTP requests in this frame

Frame: https://12987815.fls.doubleclick.net/activityi;dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Frame ID: 1140B03FDAFB900B841A2A6993DE6ACD
Requests: 2 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5&dcc=t
Frame ID: 99A9C5E754318D4C8AC972BFAC220FB7
Requests: 1 HTTP requests in this frame

Frame: https://8fd3bc06c5801f35dd31c36f0bd0a294.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A97D25753643061A005C64A959D59D0B
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_ox-db5_rbd_an-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3
Frame ID: AAF29FE9FB5D7C0618E20A2B56034A7E
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Frame ID: 38270497263E6F30DD6BEC2660EE403B
Requests: 6 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Frame ID: D4CF57C95A3656B97A675C58D3B03100
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Frame ID: 91AAC2FA2EECBF50B9FD18822187AA51
Requests: 11 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=561783506929456550&ex=appnexus.com
Frame ID: 0D3F9A82D67877C5E425513D39E6C92B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2D17C5C1B76F726FB815FD4B6E20F87C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2B3B7A3EF69E3772911D22A0E70ABEEA
Requests: 2 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv4nMAwjtcpupqD1vNvNsITZi6Z05nWpMu-uREtt_i1ia74JjRSbwcMjyf_-2MnpnNO-glZp3KKdmN9pXzM5jzF6_SPW65wsb0dij5HfC4QfLkO4GdYg-C1vBRA9RWgfPvR2i2h4SI_k0zCaTB7PzkXQzyQE9Dh4a-Nz3oOOcOWdVH-cLwnv1q2rVic7MvO8YPKnAqL_Oi8qCIbCsGNSY_qquRxv8hO-swn1zCqKKn14OJJia-CJNMn1h9_AKQaSNFQ2KW36-KbnsZ0DySMz49ZgOX_a6WwLA4dxEdlswBb1gJ54tRbp6oqPyyQqDA7cqfes09aq8-83jZ1WEXJFw&sai=AMfl-YTwUN5DwiU2YaWfAlqTrhdiJoZ7syg6ov0fQhLE5sPDRlc5Dt27g9DsEIrGKJsJLTXpQJQY1LFtqUbeULcfefkYqXSLj-uCDBGnRXYukwyJssFibSuo1ro_XV5Y60MsxFUoNn411vjx2ZzQoy44&sig=Cg0ArKJSzMFLUcMxH-LnEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: D823988423640B8E531B01C702807641
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuSuw1PeLVZFsnrU44rlk95S0kqqI8SQEC9WvzXpdzs1wdZQg68pDKO2Nuv2Wq0GKqNfrMi9SnDqe2OdSiHGgc8hEZTBbsZIO6ASF15IUrxzib9sGxhgFzRpJiotQJs2X5x2KQpfEv8UhBoxPic9tihPUNTHdw6m3CJjUc0EO9EXFEn0shbAJ2sdXpgFdh4QoGh04M7wnzmWVGowJVTuDUPKfj2xIjgv_Y5FUz1cYpYqDGKfBXGbR_n5pgVA4e7Jb-6suD2sPQIAM5tBzb-duduU0b3HCz38uChKPyrgnQrlokfF9nvLn2TP_CQZEnyxMnWouHZ8t9joV9WQdNvu74FWg&sai=AMfl-YSoIK-LdA_piNkPlqVds0lq5R7a0dXgfUvJToGe4E2HOjbJUf3uc6dlpArGeI4Fcmj91Is8EKh3JJamxfz_K_lStqlWCkfpe9jAANdvB5_PRLBc3ZeUrmda7cJBtPEN2KlCcJo6yAjb6ohNbIXT&sig=Cg0ArKJSzJ21WedupWw9EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 825886AD0DE5945C78F31F307893EA81
Requests: 14 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvBVnqa8v0MS3bZTIHoe0Zn6JkJzC2blbiQ16Hi0AA5x7UDv77PJAvl5VKPomrsQWFlw77HO24CLhIOSDshiR02tL9uUqEYojo7aPLpNoIYVzPRK0VAWd4_BUGcYmMSMsM3wFX1WT0teawGHjKX-wwoY6NgzSpy2TkLz2mPg8P0cno5WwfbV9R78uXzNJ_vzPOIqGDDAPuMjMS-rhF85a0jauNzsp43m34IMdd_iKtInMVEo3n-la8oVVqkX5_npm_ZQousipg8kNnmi13bJoWR-sNB-mMa-GOJOOOVAwdsRGjDv0kvxyHISHznRVqlllR7HhzAA8AJGxOEhR4DDJP-7A&sai=AMfl-YRFPkEgPAdUiCa97Y-YhE59zI9WtjCPQYz-BenY3005lFiwX0Qg3wuj7YEmi94Yfs-7lTJ8i_ezTtGgaNgyGqLrGuAUvbT9Bb8G0cfRlzAFuLEJQjC0KXWiskUQFi6-VbZ_ZQk6O6ULje0XL-iL&sig=Cg0ArKJSzDrmzPAIjfzjEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 9C0DAB0719AD8544B9FA75B67090A7AE
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsskWpt1DEm5CFDD-5saPdsd3_YXsXvQC-wxKdRSJREvLE2KtdaolxusrdB_-IvkMlaafLQVbSJqSIZMoi3Sr7t8Q739pVzlW7OwftLN6075NgTErQ0FiO-GTveOZiUiPDDGnQGBBEj8N2kkhmfF3b2iwJeFT0GgdrtCOjvqYbOXaM8ny8KzINL0dRVXU-waW0SglfuvTpBbOoe93w9255y8CSTlNRGmnz4jv23490IivSlRQKcaM66ipBwOoGDMyJFrZ2Qn_huKw9GX0ZCS8LbOV6rYyT8E5gAgGj0xXjjdi-Wvr0E1BK-zqi2K1bMcdtOk3tbgmjrUFgnOVB_uoLwnGQ&sai=AMfl-YTrPrMi-zJZ-U8H4l5FoMrXz9AUayR6dkkvTBWX9Trk_jjKdAemTPDvKzuq9cCAZHMdjX35RqgFIz4KnzNmk6FfkXZ387P6gXzoCJe3PKTcoWHH03YBjprM3uV1drO3Jy0WS49M5d6ZRY_Z-IeE&sig=Cg0ArKJSzPGbJuv9EljCEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 0FD658882F572121B0A9E5442F352273
Requests: 16 HTTP requests in this frame

Frame: https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
Frame ID: A244B751C44BD0DA81E153F3DCF71010
Requests: 22 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Frame ID: 1CA2C4179C3DC0C6CA2DAC37265CFBB0
Requests: 3 HTTP requests in this frame

Frame: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Frame ID: B19B43D6DE3BE81AF668DF2DAC279522
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Frame ID: 3466C4AAFA0993D67685D6CBDAAA5FE2
Requests: 3 HTTP requests in this frame

Frame: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Frame ID: 05BD8B645CBA65BE9310683421A2B1D0
Requests: 11 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Frame ID: D789DA15EB681FEDF86482EC0607BBD3
Requests: 3 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Frame ID: 6770C9B6F32091130749BED963666EEA
Requests: 21 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
Frame ID: FD5758E0F082D9281606E0D5C9F807ED
Requests: 21 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Frame ID: ABF99BF2C480DAD2640E40B14BDA8374
Requests: 3 HTTP requests in this frame

Frame: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Frame ID: 6CCA36A798C11DC167D9CA18EAA5F3C5
Requests: 29 HTTP requests in this frame

Frame: https://sb.freeskreen.com/t.gif?tm=1685716885&p=51&c=5175&ttm=1685716885045&s=&d=&v=&t=88bda384-1478-42f1-ad5f-928f7345d741&co=CA&pr=CA-QC&ci=Montreal&dm=GM&flc=other&slc=&e=AdOpened&m=2&x=null
Frame ID: 52A948150D85819195976471921994AA
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
Frame ID: A16AEEC305AF42965C40FC42BB5D183F
Requests: 3 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/58580620/the_spec%26description_url%3Dhttps%253A%252F%252Fwww.thespec.com%252Ftr%252Fnews%252Fwaterloo-region%252F2023%252F06%252F01%252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%26tfcd%3D0%26npa%3D0%26sz%3D640x480%26cust_params%3Damznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9%26max_ad_duration%3D30000%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D%26channel%3Dvastadp&correlator=1685716886
Frame ID: 0183F316AC55FE76838567D7D0DD3698
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.576.0_en.html
Frame ID: 14B9EEA6659FC32DD7812342D1866A43
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Frame ID: E56BA984683094FAC7B0698D9EEEDEA8
Requests: 14 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Frame ID: F8E7BC4690073EE08FEF6F904BD6F5D4
Requests: 10 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=
Frame ID: 66E2C5D4D5CF6EA76420F6EC6C222338
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336240446516715
Frame ID: DC135EDE005A09E31AD78A1978AFDDCE
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=E61AF9CD-E437-4EEB-867B-7A205C8A055E&redir=true&gdpr=0&gdpr_consent=
Frame ID: 78D525353342EA41118DC45AA5A53846
Requests: 1 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=E61AF9CD-E437-4EEB-867B-7A205C8A055E
Frame ID: 22395603E68F0B08DEE9B1D6400409AB
Requests: 1 HTTP requests in this frame

Frame: https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AADqCE7I8_8AACCSN2aINQ&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0
Frame ID: 9BF832092F32CD97021BEFA4AC4C5E20
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:377f6479-ff9b-4700-ad6e-a539fafb1d23&gdpr=0&gdpr_consent=
Frame ID: D4FFB35104B29949811857513C87424D
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: 7129195224597ED1D9D86A427C778C68
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=561783506929456550&gdpr=0&gdpr_consent=
Frame ID: 5F69DBA95E744D417ADCFBF4C555B59A
Requests: 1 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Frame ID: 779986E0078DDBAE815D07631600DADD
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 14B84223FAF3428A495DF4D11B4DAF43
Requests: 1 HTTP requests in this frame

Frame: https://elb.the-ozone-project.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=E61AF9CD-E437-4EEB-867B-7A205C8A055E
Frame ID: A5C1D96386F14B88BB59502133A7577F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

‘Our on-premises email server was compromised’ — University of Waterloo interrupts suspected ransomware attack | TheSpec.com

Page URL History Show full URLs

  1. https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJ... HTTP 302
    https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJ... Page URL
  2. https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspect... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

496
Requests

85 %
HTTPS

30 %
IPv6

88
Domains

155
Subdomains

111
IPs

5
Countries

9199 kB
Transfer

21027 kB
Size

128
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5 HTTP 302
    https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en Page URL
  2. https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5 HTTP 302
  • https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Request Chain 82
  • https://sb.scorecardresearch.com/b?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1685716880912&ns_c=UTF-8&c7=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&c8=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&c9=https%3A%2F%2Fnews.google.com%2F HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1685716880912&ns_c=UTF-8&c7=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&c8=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&c9=https%3A%2F%2Fnews.google.com%2F
Request Chain 96
  • https://cm.everesttech.net/cm/dd?d_uuid=14712650147332947160312601295629075821 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZHn-kQAAAB7tkANw
Request Chain 194
  • https://12987815.fls.doubleclick.net/activityi;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html HTTP 302
  • https://12987815.fls.doubleclick.net/activityi;dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Request Chain 198
  • https://insight.adsrvr.org/track/pxl/?adv=33bbu1k&ct=0:l2muwt0&fmt=3 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=M2QwMGJiZDEtYTM1MS00YjMyLTk4NDYtNDAxMWFjZjNjMDIy&gdpr=0&gdpr_consent=&ttd_tdid=3d00bbd1-a351-4b32-9846-4011acf3c022 HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=3d00bbd1-a351-4b32-9846-4011acf3c022&google_gid=CAESELWy5VJF7s7LQ4YY3ehZz5M&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=3d00bbd1-a351-4b32-9846-4011acf3c022&_origin=1&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=3d00bbd1-a351-4b32-9846-4011acf3c022&_origin=1&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-xlNq3oFE2uLZtPwUy3ORkmfHshuxtKc-~A&gdpr=0 HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=3d00bbd1-a351-4b32-9846-4011acf3c022 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D3d00bbd1-a351-4b32-9846-4011acf3c022 HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=561783506929456550&ttd_tdid=3d00bbd1-a351-4b32-9846-4011acf3c022 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&expiration=1688308884&gdpr=0&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&expiration=1688308884&gdpr=0&gdpr_consent=&C=1
Request Chain 201
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&label=oXUeCNn52Y0YEPr8ua0p&hn=www.googleadservices.com&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&gtm_ee=1&ec_m=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)*A%3Atrue%3A25%3Afalse*1&ec_sel=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)&ec_meta=A%3Atrue%3A25%3Afalse&ec_lat=0&ec_s=1&auid=1430835873.1685716883&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=k_95ZNPlH_SYoPMPqZin6A8&sscte=1&crd=&pscrd=Ek5DaEFJOEtibW93WVE1N3l2bU92TnFaZEtFaVlBSGw4eFFTX1kyN2ZNOWpNR0otQ0VKX0lDU19qZG9KSkFRMkZUeWFjX1g3ejJtbHc3encaWENoQUk4S2Jtb3dZUXctRHc5Nnp1cG9WcEVpNEFSVTdmb3pPdW5IMWJiQVpNT2xFUnhmWmZySkhkUGd4TUNnMm5MbWQ3T2NpRGVHWTFTc3FtMC1COVN6bWEiEwiT-6Lg6KT_AhV0DGgIHSnMCf0 HTTP 302
  • https://www.google.com/pagead/1p-conversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&label=oXUeCNn52Y0YEPr8ua0p&hn=www.googleadservices.com&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&gtm_ee=1&ec_m=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)*A%3Atrue%3A25%3Afalse*1&ec_sel=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)&ec_meta=A%3Atrue%3A25%3Afalse&ec_lat=0&ec_s=1&auid=1430835873.1685716883&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOEtibW93WVE1N3l2bU92TnFaZEtFaVlBSGw4eFFTX1kyN2ZNOWpNR0otQ0VKX0lDU19qZG9KSkFRMkZUeWFjX1g3ejJtbHc3encaWENoQUk4S2Jtb3dZUXctRHc5Nnp1cG9WcEVpNEFSVTdmb3pPdW5IMWJiQVpNT2xFUnhmWmZySkhkUGd4TUNnMm5MbWQ3T2NpRGVHWTFTc3FtMC1COVN6bWEiEwiT-6Lg6KT_AhV0DGgIHSnMCf0&is_vtc=1&ocp_id=k_95ZNPlH_SYoPMPqZin6A8&cid=CAQSKQBygQiDQQJqCA2OVQcVlYtcA8loIFtUWBu828gZe8fPNSeX-7uUTWu-&random=3476104424 HTTP 302
  • https://www.google.ca/pagead/1p-conversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&label=oXUeCNn52Y0YEPr8ua0p&hn=www.googleadservices.com&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&gtm_ee=1&ec_m=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)*A%3Atrue%3A25%3Afalse*1&ec_sel=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)&ec_meta=A%3Atrue%3A25%3Afalse&ec_lat=0&ec_s=1&auid=1430835873.1685716883&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOEtibW93WVE1N3l2bU92TnFaZEtFaVlBSGw4eFFTX1kyN2ZNOWpNR0otQ0VKX0lDU19qZG9KSkFRMkZUeWFjX1g3ejJtbHc3encaWENoQUk4S2Jtb3dZUXctRHc5Nnp1cG9WcEVpNEFSVTdmb3pPdW5IMWJiQVpNT2xFUnhmWmZySkhkUGd4TUNnMm5MbWQ3T2NpRGVHWTFTc3FtMC1COVN6bWEiEwiT-6Lg6KT_AhV0DGgIHSnMCf0&is_vtc=1&ocp_id=k_95ZNPlH_SYoPMPqZin6A8&cid=CAQSKQBygQiDQQJqCA2OVQcVlYtcA8loIFtUWBu828gZe8fPNSeX-7uUTWu-&random=3476104424&ipr=y&ezwbk=AZuM4hAAX5fHv_ugl6wUiw8a8rey-PNwFrbelkBaaopUjmFdcRRouYjg4tKfl4XD46el-uLjz4yFEmydnV7GiZ-CHpnn
Request Chain 206
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5 HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5&dcc=t
Request Chain 214
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Request Chain 216
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=561783506929456550&ex=appnexus.com
Request Chain 225
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC3GYKbUzQutMuwgvNJspLg&google_cver=1
Request Chain 229
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
  • https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=561783506929456550
Request Chain 230
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
  • https://bttrack.com/pixel/cookiesync?source=d0afdff5-c51e-4a8d-b07b-b52a29015170&secure=1 HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=ee2e694b-9bf4-467c-b7b6-9a70b7b6a777&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
Request Chain 231
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
Request Chain 232
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
  • https://ssum.casalemedia.com/usermatchredir?s=186046&cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__ HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Request Chain 235
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LIEOB497-C-4XP5 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=LIEOB497-C-4XP5&ex=d-rubiconproject.com&status=ok
Request Chain 238
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElFT0I0OTctQy00WFA1 HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEB7-iaysKFtDqsMvfLXzZCY&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElFT0I0OTctQy00WFA1&google_push=
Request Chain 239
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA169PBEoPBZKdIF_YWOe_I&google_cver=1
Request Chain 240
  • https://match.adsrvr.org/track/cmf/rubicon HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=&expires=30
Request Chain 241
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIEOB497-C-4XP5
Request Chain 243
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/uckgxDIs-96fkBQB1a-BgA?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-CTr8cT9E2oJVf2_vSz4q1orU._1KE9EqrRvF.A--~A
Request Chain 244
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3zDJKnvkRaiSiFM3g1uLzg&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3zDJKnvkRaiSiFM3g1uLzg
Request Chain 245
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ0NTE1OGExNWEzMDE1ZjU4Nzk4MzNkNTk4M2NiYzI5ZGJhYWViYg
Request Chain 323
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Request Chain 324
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D HTTP 302
  • https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1 HTTP 302
  • https://sb.freeskreen.com/um?sa=4899499267815600390
Request Chain 325
  • https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D HTTP 302
  • https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D HTTP 302
  • https://sb.freeskreen.com/um?tlr=b15466c1a4df42ea8ae7307ecce0928e
Request Chain 326
  • https://cs.admanmedia.com/sync/smaato?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fac%3D{$UID} HTTP 302
  • https://sb.freeskreen.com/um?ac=a509cb99-84c4-4273-928a-80cb4d2c48da
Request Chain 327
  • https://loadeu.exelator.com/load/?p=204&g=1300&j=0 HTTP 302
  • https://loadeu.exelator.com/load/?p=204&g=1300&j=0&xl8blockcheck=1 HTTP 302
  • https://sb.freeskreen.com/um?ni=fdaeb7bd12b38e35d3c03177ddb57261
Request Chain 340
  • https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
Request Chain 358
  • https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=123456&khaos=LIEOB497-C-4XP5 HTTP 302
  • https://sb.freeskreen.com/um?mg=LIEOB497-C-4XP5
Request Chain 366
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=smartadserver&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
Request Chain 367
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=u40cpuw&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
Request Chain 386
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=smartadserver&khaos=LIEOB497-C-4XP5 HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LIEOB497-C-4XP5
Request Chain 391
  • https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D HTTP 307
  • https://ads.avct.cloud/getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
Request Chain 399
  • https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
Request Chain 407
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true HTTP 307
  • https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
Request Chain 410
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true HTTP 307
  • https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
Request Chain 425
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-ozone&gdpr=0&gdpr_consent= HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
Request Chain 426
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&_bee_ppp=1 HTTP 303
  • https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AABgsU7I8_8AACGjSTRTIA
Request Chain 428
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&_bee_ppp=1 HTTP 303
  • https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADqCE7I8_8AACCSN2aINQ
Request Chain 429
  • https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
Request Chain 430
  • https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
Request Chain 431
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
Request Chain 436
  • https://ib.adnxs.com/getuid?https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
Request Chain 437
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=u40cpuw&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
Request Chain 438
  • https://crb.kargo.com/api/v1/dsync/PrebidServer?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dkargo%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=kargo&uid=630f2ccb-b9e5-bc32-2d2f-4231b7d30960&us_privacy=pbs-ozone
Request Chain 440
  • https://gcdn.2mdn.net/videoplayback/id/d433423ad34790ab/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3824552805/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/BB3B326B3B5C8F0A4A772BBE50F22D775F655741.404CF25CF3720266C77E3E1A4287A30C6B4E68D5/key/ck2/file/file.mp4 HTTP 302
  • https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/d433423ad34790ab/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3824552805/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/232CE399BEE6D967D03E9D03D9FF5F8F01647C4B.0209BD9C6BC66D7A6F62E15FECB4FFBDEBC017A3/key/cms1/cms_redirect/yes/mh/Jo/mip/2607:5300:60:7867::10/mm/42/mn/sn-t0a7ln7d/ms/onc/mt/1685716620/mv/m/mvi/4/pl/32/file/file.mp4
Request Chain 441
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
Request Chain 442
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone HTTP 302
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
Request Chain 443
  • https://ad2.360yield.com/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad2.360yield.com/ul_cb/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
Request Chain 444
  • https://ib.adnxs.com/getuid?https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
Request Chain 446
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-ozone&gdpr=0&gdpr_consent= HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
Request Chain 447
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
Request Chain 448
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D%5Bssb_sync_pid%5D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
Request Chain 450
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
Request Chain 451
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
Request Chain 453
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
Request Chain 458
  • https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
Request Chain 460
  • https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336240446516715
Request Chain 463
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=5hr5zeQ3TuuGe3ogXIoFXg%3D%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Request Chain 464
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=E61AF9CD-E437-4EEB-867B-7A205C8A055E HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=E61AF9CD-E437-4EEB-867B-7A205C8A055E HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=bc0dceb8-94ef-4f0d-8172-4b9b9f1e22a9%252C%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d00bbd1-a351-4b32-9846-4011acf3c022&ttd_puid=bc0dceb8-94ef-4f0d-8172-4b9b9f1e22a9%2C%2C
Request Chain 466
  • https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&gdpr=0&gdpr_consent= HTTP 302
  • https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=f2811310-021c-4423-8a37-29a74147091d
Request Chain 467
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTYxQUY5Q0QtRTQzNy00RUVCLTg2N0ItN0EyMDVDOEEwNTVF&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Request Chain 468
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFfL1eUNLOciwdv1tMl2_3M&google_cver=1
Request Chain 469
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3EF4FE32E0B4BEF816C87B9CEE22D68
Request Chain 470
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7316393258246457499&gdpr=0&gdpr_consent=&us_privacy=
Request Chain 471
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
Request Chain 472
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-nNLJg11E2uXmdYwIqa3wKqXdeTvetp0-~A&gdpr=0
Request Chain 474
  • https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Request Chain 476
  • https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Request Chain 477
  • https://ad2.360yield.com/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
Request Chain 485
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEcUNFN0k4XzhBQUNDU04yYUlOUQ&gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AADqCE7I8_8AACCSN2aINQ&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0
Request Chain 486
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:377f6479-ff9b-4700-ad6e-a539fafb1d23&gdpr=0&gdpr_consent=
Request Chain 488
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=561783506929456550&gdpr=0&gdpr_consent=
Request Chain 498
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
  • https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=6762202c-14af-476a-9137-b24ec0393eda&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=

496 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zL...
news.google.com/rss/articles/
Redirect Chain
  • https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1h...
  • https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1h...
290 KB
94 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9bbe8a076fa1089051684bcad9b09038fcae4544c009c390d33f56d364ade046
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7ucKrz-QR1AcZgJjjEWUZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DotsSplashUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://youtube.com https://www.youtube.com https://youtube.googleapis.com https://*.ytimg.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DotsSplashUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-7ucKrz-QR1AcZgJjjEWUZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DotsSplashUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://youtube.com https://www.youtube.com https://youtube.googleapis.com https://*.ytimg.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DotsSplashUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-site
date
Fri, 02 Jun 2023 14:41:19 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-ua-compatible
IE=edge
x-xss-protection
0

Redirect headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
content-security-policy
require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport script-src 'report-sample' 'nonce-MLhHT9t7Ykz3CLK7puFBMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DotsSplashUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://youtube.com https://www.youtube.com https://youtube.googleapis.com https://*.ytimg.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DotsSplashUi/cspreport/allowlist
content-type
application/binary
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
same-site
date
Fri, 02 Jun 2023 14:41:19 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
location
https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
0
css
fonts.googleapis.com/ 		10 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
cf933a19179b4733c5ec68640d966cae7d022c97cd4fcd3929f9e1d9556f66d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 02 Jun 2023 14:41:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 02 Jun 2023 12:54:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 02 Jun 2023 14:41:19 GMT
cspreport
news.google.com/_/DotsSplashUi/ 		0
25 B 		Other
General
Check archive.org
Download Go to
Full URL
https://news.google.com/_/DotsSplashUi/cspreport
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-CexehlfhcMEw5C8qfnILBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DotsSplashUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://youtube.com https://www.youtube.com https://youtube.googleapis.com https://*.ytimg.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DotsSplashUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 02 Jun 2023 14:41:19 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
script-src 'report-sample' 'nonce-CexehlfhcMEw5C8qfnILBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DotsSplashUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://youtube.com https://www.youtube.com https://youtube.googleapis.com https://*.ytimg.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DotsSplashUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin-allow-popups
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		205 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-SYGF1G18MM
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dab345a77f18737ea548406a22e1c9ce091aeed1267da2b3868c58579536902d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:19 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75208
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 02 Jun 2023 14:41:19 GMT
5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
fonts.gstatic.com/s/googlesanstext/v21/ 		14 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/googlesanstext/v21/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700,400i,500i,700i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8300ba70904617a47a80e9098fe00b3f7aefd328519318c420289b0bbdfb5e2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://news.google.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 23:49:33 GMT
x-content-type-options
nosniff
age
139906
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14796
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:47:06 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 May 2024 23:49:33 GMT
m=Whpzpe,n73qwf,mI3LFb,gkizLe,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,IZT63,lazG7b,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,UXJhUd,zthM6,eYnyH,...
www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=_b,_r,_tp/excm=_b,_r... 		214 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,syndicationarticleview/ed=1/wt=2/ujg=1/rs=ALs0n2PmGvJCrl906VG94rjw2L5f0R93bg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;G3BKud:E8sThf;JsbNhc:Xd8iUd;KFjtub:zthM6;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:eYnyH;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ZwIgGc:lwOjSb;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kDu84d:hECoeb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;up4Zyb:qY1Xef;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:duFQFc/m=Whpzpe,n73qwf,mI3LFb,gkizLe,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,IZT63,lazG7b,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,UXJhUd,zthM6,eYnyH,mdR7q,he6YWd
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
70902476282da52bc3ab186de644721543e2b40ed921e9f5aba72f40693d73a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 20:41:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
64816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/dots-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68436
x-xss-protection
0
last-modified
Wed, 31 May 2023 01:48:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/dots-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/dots-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/dots-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 31 May 2024 20:41:03 GMT
collect
www.google-analytics.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-SYGF1G18MM&gtm=45je35v0&_p=301421983&cid=351361838.1685716880&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1685716879&sct=1&seg=0&dl=https%3A%2F%2Fnews.google.com%2Frss%2Farticles%2FCBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA%3Foc%3D5%26hl%3Den-CA%26gl%3DCA%26ceid%3DCA%3Aen&dt=Google%20News&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SYGF1G18MM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:19 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://news.google.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://news.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://news.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Fri, 02 Jun 2023 14:41:19 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://news.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://news.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Fri, 02 Jun 2023 14:41:19 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
m=bm51tf
www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,IZT63,... 		1 KB
786 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,IZT63,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,UXJhUd,Whpzpe,ZfAoz,_b,_r,_tp,aurFic,byfTOb,eYnyH,fKUV3e,gkizLe,gychg,he6YWd,kWgXee,lazG7b,lsjVmc,mI3LFb,mdR7q,n73qwf,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zthM6/excm=_b,_r,_tp,syndicationarticleview/ed=1/wt=2/ujg=1/rs=ALs0n2PmGvJCrl906VG94rjw2L5f0R93bg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;G3BKud:E8sThf;JsbNhc:Xd8iUd;KFjtub:zthM6;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:eYnyH;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ZwIgGc:lwOjSb;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kDu84d:hECoeb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;up4Zyb:qY1Xef;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:duFQFc/m=bm51tf
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e4b3631f2c10ad3828062ea5e29fc582c28e603c56837544ede24ac014abe87
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 20:41:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
64816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/dots-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
722
x-xss-protection
0
last-modified
Wed, 31 May 2023 01:48:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/dots-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/dots-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/dots-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 31 May 2024 20:41:03 GMT
log
play.google.com/ 		2 KB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
X-Goog-AuthUser
0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 02 Jun 2023 14:41:19 GMT
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://news.google.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
1555
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
log
play.google.com/ 		131 B
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
X-Goog-AuthUser
0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 02 Jun 2023 14:41:19 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://news.google.com
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
batchexecute
news.google.com/_/DotsSplashUi/data/ 		152 B
185 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://news.google.com/_/DotsSplashUi/data/batchexecute?rpcids=xZTw2c&source-path=%2Frss%2Farticles%2FCBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA&f.sid=6974687226697390720&bl=boq_dotssplashserver_20230530.12_p0&hl=en-CA&gl=CA&soc-app=1&soc-platform=1&soc-device=1&_reqid=52880&rt=c
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
99abe493f12834f8189183af5f2fb955cd1974fbacb04b1fc1d522cc408c6bcb
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-Same-Domain
1
Referer
https://news.google.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 02 Jun 2023 14:41:19 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
content-encoding
gzip
cross-origin-resource-policy
same-site
content-disposition
attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin-allow-popups
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,IZT63,... 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,IZT63,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,UXJhUd,Whpzpe,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,eYnyH,fKUV3e,gkizLe,gychg,he6YWd,kWgXee,lazG7b,lsjVmc,mI3LFb,mdR7q,n73qwf,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zthM6/excm=_b,_r,_tp,syndicationarticleview/ed=1/wt=2/ujg=1/rs=ALs0n2PmGvJCrl906VG94rjw2L5f0R93bg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;G3BKud:E8sThf;JsbNhc:Xd8iUd;KFjtub:zthM6;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:eYnyH;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ZwIgGc:lwOjSb;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kDu84d:hECoeb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;up4Zyb:qY1Xef;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:duFQFc/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2c8042abb4977eab5b0b17a24c3ae8bc14010539171fff9bcf2ea480a7473ffb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 20:41:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
64816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/dots-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7232
x-xss-protection
0
last-modified
Wed, 31 May 2023 01:48:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/dots-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/dots-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/dots-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 31 May 2024 20:41:03 GMT
m=RqjULd
www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,FCpbqb... 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,FCpbqb,IZT63,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,UXJhUd,WhJNk,Whpzpe,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,eYnyH,fKUV3e,gkizLe,gychg,he6YWd,hhhU8,kWgXee,lazG7b,lsjVmc,mI3LFb,mdR7q,n73qwf,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zthM6/excm=_b,_r,_tp,syndicationarticleview/ed=1/wt=2/ujg=1/rs=ALs0n2PmGvJCrl906VG94rjw2L5f0R93bg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;G3BKud:E8sThf;JsbNhc:Xd8iUd;KFjtub:zthM6;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:eYnyH;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ZwIgGc:lwOjSb;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kDu84d:hECoeb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;up4Zyb:qY1Xef;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:duFQFc/m=RqjULd
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
502cb2e7447df5ec67988f64fa05a9dd4e924c4799f62b751b530ea3010272da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 20:41:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
64816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/dots-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5127
x-xss-protection
0
last-modified
Wed, 31 May 2023 01:48:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/dots-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/dots-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/dots-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 31 May 2024 20:41:03 GMT
m=UUJqVe,e5qFLc,O1Gjze,O6y8ed,MpJwZc,PrPYRd,XVMNvd,L1AAkb,KUM7Z,s39S4,duFQFc,SdcwHb,aW3pY,pw70Gc,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,BBI74,MdUzUe,zbML3c
www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,FCpbqb... 		215 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=COQbmf,EEDORb,FCpbqb,IZT63,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,RqjULd,U0aPgd,UXJhUd,WhJNk,Whpzpe,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,eYnyH,fKUV3e,gkizLe,gychg,he6YWd,hhhU8,kWgXee,lazG7b,lsjVmc,mI3LFb,mdR7q,n73qwf,ovKuLd,ws9Tlc,xUdipf,yDVVkb,zthM6/excm=_b,_r,_tp,syndicationarticleview/ed=1/wt=2/ujg=1/rs=ALs0n2PmGvJCrl906VG94rjw2L5f0R93bg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;G3BKud:E8sThf;JsbNhc:Xd8iUd;KFjtub:zthM6;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:eYnyH;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ZwIgGc:lwOjSb;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kDu84d:hECoeb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;up4Zyb:qY1Xef;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:duFQFc/m=UUJqVe,e5qFLc,O1Gjze,O6y8ed,MpJwZc,PrPYRd,XVMNvd,L1AAkb,KUM7Z,s39S4,duFQFc,SdcwHb,aW3pY,pw70Gc,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,BBI74,MdUzUe,zbML3c
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d50498a5133157c8013de7c60872e145e43e1047ee67925973f6c3c73b7a3252
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 20:41:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
64816
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/dots-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
59656
x-xss-protection
0
last-modified
Wed, 31 May 2023 01:48:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/dots-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/dots-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/dots-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 31 May 2024 20:41:03 GMT
batchexecute
news.google.com/_/DotsSplashUi/data/ 		152 B
186 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://news.google.com/_/DotsSplashUi/data/batchexecute?rpcids=t11Gyd&source-path=%2Frss%2Farticles%2FCBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA&f.sid=6974687226697390720&bl=boq_dotssplashserver_20230530.12_p0&hl=en-CA&gl=CA&soc-app=1&soc-platform=1&soc-device=1&_reqid=152880&rt=c
Requested by
Host:
URL: /_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/am=AACEDdQ5C2gABCA/d=1/excm=_b,_r,_tp,syndicationarticleview/ed=1/dg=0/wt=2/ujg=1/rs=ALs0n2MrSLB9srxjMoZqGMRtjk8LOh61ow/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-Same-Domain
1
Referer
https://news.google.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
content-encoding
gzip
cross-origin-resource-policy
same-site
content-disposition
attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin-allow-popups
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
Primary Request university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
www.thespec.com/tr/news/waterloo-region/2023/06/01/ 		160 KB
160 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-dots/_/js/k=boq-dots.DotsSplashUi_desktop_ms.en_CA.drFt2kVE_LI.es5.O/ck=boq-dots.DotsSplashUi_desktop_ms.tS8dSf7pn0g.L.B1.O/am=AACEDdQ5C2gABCA/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,syndicationarticleview/ed=1/wt=2/ujg=1/rs=ALs0n2PmGvJCrl906VG94rjw2L5f0R93bg/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;G3BKud:E8sThf;JsbNhc:Xd8iUd;KFjtub:zthM6;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:eYnyH;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ZwIgGc:lwOjSb;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kDu84d:hECoeb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;up4Zyb:qY1Xef;wR5FRb:O1Gjze;xqZiqf:BBI74;yxTchf:KUM7Z;zxnPse:duFQFc/m=Whpzpe,n73qwf,mI3LFb,gkizLe,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,IZT63,lazG7b,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,UXJhUd,zthM6,eYnyH,mdR7q,he6YWd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
2e5656278877a92809adf252cc0183e5fbd0192e93c0fd0fcc6a709dabd4a517
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://news.google.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=180
content-length
163542
content-type
text/html; charset=utf-8
date
Fri, 02 Jun 2023 14:41:20 GMT
etag
W/"27ed6-hRNvJJ2NwRWYGzz8mAZcMEZ7J+s"
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-id
YHG4NyTJhaYUJCRDnvuDb3nZckA5Y03nKRUUUm9utr4AQz1teQYoxQ==
x-amz-cf-pop
EWR52-C1
x-cache
Miss from cloudfront
x-frame-options
SAMEORIGIN
x-powered-by
Express
TorstarTextO3-Roman.ttf
www.thespec.com/assets/fonts/ 		24 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/TorstarTextO3-Roman.ttf
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
502a19bd8010b390245ee5ce7cab84a4250da24d548828b555a53a68cfbd8db9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
24616
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"6028-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/ttf
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
vdGzHQNdqjCIA26mE4a_j_Augs4HHdrVW9BXLO41acMYb40s6Q6PZQ==
TorstarTextO3-Italic.woff2
www.thespec.com/assets/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/TorstarTextO3-Italic.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
448edd4a71b4ca28931010c1c2166872801702a420ff549a7c757edf863d7530
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
18316
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"478c-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
Kp4wVnK9NSHMESvZgaaU1zFbCrMlONQtqDLMp9esAZY-PwQ9UVMDaA==
TorstarTextO3-Bold.woff2
www.thespec.com/assets/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/TorstarTextO3-Bold.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
38254c821b6bec9ee36bb8116cf81a16b0a9c2a51f97cacdb483b4fdeb6e3821
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
18276
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"4764-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
19GySgZAraC0k7rHNqbWp2iC_ganSlXVLffjWke186rvH46DCYzUQQ==
TorstarDeckCondensed-Roman.woff2
www.thespec.com/assets/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/TorstarDeckCondensed-Roman.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
5f8f2739eab8542e8316b8d27f96040f31ae37bba3f5247dc55a7a32d1eac773
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
19052
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"4a6c-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
uPZN8OxUqysq2tv1FdbZgy72YoADPumU4gikUKPomW2-sK0MLqpjlQ==
TorstarDeckCondensed-Semibold.woff2
www.thespec.com/assets/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/TorstarDeckCondensed-Semibold.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
bc2dee2d7bba673bee2abc6490f270aedec3e93055882daa0cd0a474388265b9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
18736
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"4930-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
bsb3qsMfoLgTPnjfLDH81UYqGfABtaTPLQCpsQgUjeSW05ygAvZxBw==
MerriweatherSans-Regular.woff2
www.thespec.com/assets/fonts/merriweather/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/merriweather/MerriweatherSans-Regular.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
4b123f8e3a4b0db9c32f6add4b53ac3b66afecd0ac6c0b17a90e1451642f7418
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
55032
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"d6f8-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
pMUdzm-YCTidUU634W-JR7ULVuazU0fX5_0fkSqMc4D9sEUj9VhURQ==
MerriweatherSans-Italic.woff2
www.thespec.com/assets/fonts/merriweather/ 		52 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/merriweather/MerriweatherSans-Italic.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
6a5d134ce0702f55663b83e6d4a9d300e38f9328f96f1651419111712f9f02cb
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 13:52:13 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
2947
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
53664
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"d1a0-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
WZya_sgbE3CWsTNmqnLD8zA563HV-It8EI9w9Nd1y2DyWpNPTgL59Q==
MerriweatherSans-Bold.woff2
www.thespec.com/assets/fonts/merriweather/ 		55 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/merriweather/MerriweatherSans-Bold.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
6c6bd4f1d599be4d43843b7dbf5ec5e134cd7aec0c900ac1c030ead10bbe4ea1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
56380
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"dc3c-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
DHb97cjdkOVDpFX8p3A_DuWvdDERqlONmLVbBn5iV8ZwIKF_WgT3_w==
MerriweatherSans-BoldItalic.woff2
www.thespec.com/assets/fonts/merriweather/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/merriweather/MerriweatherSans-BoldItalic.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
b8dd12b4cc0283b0d20c31c231b8ae14fa61c1b64d594cd8f8c0ed1948acb3b5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
54800
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"d610-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
euvkP4pFdwd9ryET8C9B3P0MJPgdZtq_x7MtwgUuHcJjh7R5ILaHhA==
MerriweatherSans-Black.woff2
www.thespec.com/assets/fonts/merriweather/ 		53 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/fonts/merriweather/MerriweatherSans-Black.woff2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
098ac1fe26b8dcbf76d32aa5db27e6112d093743f9a3e4df1dc529c131df4363
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:12 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8228
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
54304
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"d420-188540ac520"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
VYui7V29iNeurONQatr6AtjiGKSiRmBLsDCbG6vSIehAMS0s3BWRHA==
thespec-adunits.js
prebid.the-ozone-project.com/hw/torstar/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prebid.the-ozone-project.com/hw/torstar/thespec-adunits.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:d800:16:970:b940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
968d063c7d7133e208f69a6522c1c526a909dbc80a7419b92f863dcef55b9178

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:39:16 GMT
content-encoding
gzip
via
1.1 4a1ea8b67dc2325b2469ed51d3e186ac.cloudfront.net (CloudFront)
last-modified
Tue, 08 Mar 2022 15:36:32 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P2
age
79330
etag
W/"5faf6b843dfd87c411cbd400bd785a3d"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
vA5XiujuZnlBiwRU_Ia3fkI285EnN6cRx-_YgNxtIHfBESIPsgL1bQ==
script.js
bc.thespec.com/ 		138 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/script.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
265ae92bbb9a65903bae2aed4a92b9af4c03537907d03f8bf80fb214f4550ce7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:36:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
280
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
41831
x-xss-protection
1; mode=block
last-modified
Fri, 02 Jun 2023 14:36:15 GMT
server
-
etag
432a38447805156732e9ecd9dfc7783b
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=600
x-robots-tag
noindex, nofollow
x-amz-cf-id
-LncGqwZZGBNqK5JDsiCBLHwhuEskeT15mrXjz4TjLlTwPDLdJv2mA==
expires
Fri, 02 Jun 2023 14:46:40 GMT
university_of_waterloo_1.jpg
images.thestarimages.com/dnvhseQxMdMBD6kysiyOmt_SO50=/1086x651/smart/filters:cb(1685646410893):format(webp)/https://www.thespec.com/content/dam/therecord/news/waterloo-region/2023/06/01/university-... 		105 KB
106 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/dnvhseQxMdMBD6kysiyOmt_SO50=/1086x651/smart/filters:cb(1685646410893):format(webp)/https://www.thespec.com/content/dam/therecord/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems/university_of_waterloo_1.jpg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56a05564ec0c75eaf13a049fb53e42aa414b3cc06b44cbb3c9434f02c43f3faa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"f7ee58cf0664bf3c23fc99fc51aa42c55cb43fc3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2KuepO4wEBC1ZLfbu8wiOeKx1aIaYqUq50hvqJ6tcRa%2FdblqZY1Wk3VNLs%2Fqp171EwKQGQWdktM8qlrYnuxK3vkt18AjYUVQqB6RgjqqdDRKXqjV4rRYy515%2BgAOi8VZ4gUVIWTS9D8goXxSBTooUg307mW9AwA%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074e68bdd424d-EWR
alt-svc
h3=":443"; ma=86400
content-length
107796
expires
Thu, 31 Dec 2037 23:55:55 GMT
index.js
cdn.viafoura.net/entry/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.viafoura.net/entry/index.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:de00:8:2ae1:d740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
51ff5c0605afbe98af6bc168165d70587aeff4eb1e4ef328d7409f09b61f9032

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-amz-version-id
pohXdCpZ53SlXQvYCfaoDVAPPXHp3hjd
content-encoding
gzip
via
1.1 17a3c2535aa705a7b5a80b78b876c79a.cloudfront.net (CloudFront)
date
Fri, 02 Jun 2023 14:32:59 GMT
x-amz-cf-pop
EWR53-C2
age
502
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 23 May 2023 13:37:14 GMT
server
AmazonS3
etag
W/"8f063fa4c12192c6bd1b938aea9393fb"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=600,s-max-age=60
x-amz-cf-id
7VCewS2zWp9NvguihKqwAikhgRmCMjc-lvR47DVWHRDzosYKiXjDSA==
74.css
www.thespec.com/static/ 		6 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/74.css?v=7db92b637058f6d7a9ef
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
3e54047a5de69628d87570753a0bfbcae01a1375bc54d1b3819751e211b602b9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:23:49 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80251
x-powered-by
Express
x-cache
Hit from cloudfront
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"19a0-188541085c8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
x-amz-cf-id
uonX3z1ZxWccNx6oXFa1ZWaKGX58FIKlo8QPBVlve3k35Pihtvd_ew==
bundle.css
www.thespec.com/static/ 		406 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/bundle.css?v=92a346c14980da850d62
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
f78011b02b12a324e8be95e18ec1bd321e7ac458af447e458212b709f827ab53
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:24:03 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80237
x-powered-by
Express
x-cache
Hit from cloudfront
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"6565c-188541085c8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
x-amz-cf-id
_65V1_BYApXPepPBmRcj0ly1mpPuZaDr3sFjieZ_d_g3-0Zu_HWEmw==
be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/ 		480 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9256 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe477e3dc74c39f58277bb9cbcf3480b0e3a0fb5933e9fe365a5de81115baa9e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
br
cf-cache-status
HIT
x-goog-meta-oid
be54a597-6b6d-4e2d-9d31-642310a8db25
age
0
x-guploader-uploadid
ADPycdtK9O3G_ahn_x2FXYr392eCtcIdEF2Sfs90Ntz-sRzntiamPJQvRbDCQ_w8MLKH0J2MhWFUV3oTvPuGyvdGalaEcg
x-goog-storage-class
REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
last-modified
Tue, 28 Mar 2023 11:06:16 GMT
server
cloudflare
etag
W/"28736cd9600df6d6da8c4f7bbc5a963d"
vary
Accept-Encoding
x-goog-generation
1680001576370736
content-type
application/javascript
x-goog-hash
crc32c=RDP1fw==, md5=KHNs2WAN9tbajE97vFqWPQ==
cache-control
public, max-age=900
x-goog-stored-content-length
151480
timing-allow-origin
*
cf-ray
7d1074e6f90533f5-YUL
expires
Fri, 02 Jun 2023 14:56:20 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		76 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
91c073d74de05fc7224a46160878f9afddf9f7e9b92d17493aef7bbd5ec65776
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25286
x-xss-protection
0
server
cafe
etag
219 / 19510 / m202305300101 / config-hash: 14983065937393175231
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 02 Jun 2023 14:41:20 GMT
ads.js
www.thespec.com/assets/js/ 		22 B
487 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/assets/js/ads.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
be2277c99594557635d0993ac606fdc4994494e43408bc1be5c6ac9bfabc5dac
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:24:03 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80237
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
22
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"16-188540ac520"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
CoCzTj4363dLuytqF0KHbIQj_9KbLLQS7M7UP5a4M1396OZfzYTB_g==
tag
btloader.com/ 		14 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://btloader.com/tag?o=5071905434894336&upapi=true
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4686 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a4886135ca215d220902bc72d99fffc1a29818df257e5b784251772715e4cfa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 02 Jun 2023 14:22:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1130
etag
W/"9b1a0237bfe0f82a42d85690e754c0c8"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mjfnbLFi7S6mAtHGMnvj5y2KgrMH5tToLvQeQ5C5oaZtJh%2BAzp%2FpbHFI4cjSuY4rdVASMcmzDdZ14f%2FStpffH6ImAIdmSJnSl7AUsy4NR7jPGZUVYnqSyNI%2BM9yzBmSVn60UeEZf00EsiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300
cf-ray
7d1074e73e5d59c8-IAD
logo-thespec.svg
www.thespec.com/assets/svg/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/svg/logo-thespec.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
8c048a7f19663f0abaccc2d7807d2bafa9bed2109da98174d372756f8bcfb0be
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:51 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8189
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
7240
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"1c48-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
l1f-bKbLkL3HR_fFBE55xO9UYH4UfEBksez2b2_PvgTo_pXs32ijwA==
loading-spinner.svg
www.thespec.com/assets/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/img/loading-spinner.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
9474557b14923e78c9b0b7b44bccd0d7018187fb0150095946932a071f155933
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:51 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8189
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
3412
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"d54-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
qKCVDD-Ud-CsgGzRFJv_2p9AymRYu3xK68LTtDdNiqWAIdOZqesB9A==
logo-round-thespec.svg
www.thespec.com/assets/svg/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/svg/logo-round-thespec.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
4acc75b78ebb012c99e000bbf5b6e7df2932baba7bcedafa8b136f70ddd095eb
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:51 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8189
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
5659
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"161b-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
Kl-VtM10kMP0mjN1akvz-t07PV5vQ2XD264ZLR-gKdwo6yWMwL2TmA==
todays-paper.png
www.thespec.com/assets/svg/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/svg/todays-paper.png
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
583a8735e8714c413ee3ef9baa78afe76f3df8b9c0f8c787f29e78f8f388eb06
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:25:28 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80237
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
4805
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"12c5-188540ac520"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
CkapNlv6M2tJU7PFFhcj8dfih5ej3Hct23aKighnrDvpUCdv4lL-SA==
vendors~bundle.chunk.js
www.thespec.com/static/ 		2 MB
482 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
5f9a3651285a059ee2300807104a16372013411a5f73f69ae526615cfb0d18e5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:24:03 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80237
x-powered-by
Express
x-cache
Hit from cloudfront
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"1b07b1-188541085c8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
x-amz-cf-id
KsOYTGASRiNjdE8QrR7bQZSE3pG3IgqTTKHi0Y1sioNvRMqgCk22dQ==
bundle.js
www.thespec.com/static/ 		1 MB
247 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/bundle.js?v=7f4fce14
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
de88195f1e8845e339482fddb64284d32b559f6bb6a3a3ac6b4159e8b2b7947b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:24:03 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80237
x-powered-by
Express
x-cache
Hit from cloudfront
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"13e457-188541085c8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
x-amz-cf-id
437PLuTTZHO-qUHvIvYGjvMoGhjM7E30yzCJtjt1kLPgvrN0flgSrg==
ozpb.js
prebid.the-ozone-project.com/hw/torstar/ 		203 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/thespec-adunits.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:d800:16:970:b940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
25e5c10cb58300c92e6d6065fa0ea49a206499c58a2f1152af1deea8f34a5066

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:26:01 GMT
content-encoding
gzip
via
1.1 4a1ea8b67dc2325b2469ed51d3e186ac.cloudfront.net (CloudFront)
last-modified
Mon, 21 Mar 2022 18:26:56 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P2
age
8120
etag
W/"e08e5a6e68f37184e1c046d32d471d44"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
DQlgBdqF6X9NBNC1iwGtIhQaL1aewzCR1bFxOw9j2dBtGBRIHid6mA==
ozp_global_int.min.js
prebid.the-ozone-project.com/hw/torstar/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prebid.the-ozone-project.com/hw/torstar/ozp_global_int.min.js
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/thespec-adunits.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:d800:16:970:b940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9255f9f186056d9c722c47bb75bf71f79690a0a85fdccf83481c6eca62552623

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:12:12 GMT
content-encoding
gzip
via
1.1 4a1ea8b67dc2325b2469ed51d3e186ac.cloudfront.net (CloudFront)
last-modified
Thu, 28 Apr 2022 14:10:53 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P2
age
1781
etag
W/"c6e67d08c7c4a89b3155020045b68eb1"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
UCUNWUaudaPHt8Ibj-rdPLmvP4HWDkmYAfg6-LcPyLXSIawMBFjcyg==
channels.cgi
torstar.gscontxt.net/main/ 		326 B
404 B 		Script
General
Check archive.org
Download Go to
Full URL
https://torstar.gscontxt.net/main/channels.cgi?url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
150.136.157.133 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
/
Resource Hash
85ad6e614713d376bdb131c6da1ad4c22bfab9ad9e69cb846e8964cd33d90454

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Length
326
Content-Type
application/javascript
launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
resources.thestar.com/ 		362 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7378bb30948ea6502b92a7dcf64fa47052f3e1157f0b5ab48a5c8a047fc03de4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:03 GMT
x-amz-version-id
CS4j.16EdbmLIogbQW85BfRA3EJ_XB2r
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:46 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"05feb774875ca0ef29f288702ae3d0b0"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
498
x-amz-cf-id
MtG7WCFzugdDxKM_Dvjqk3NEHE7dyNEN5R08U74OCQVlWTfO4sGzDA==
gtm.js
www.googletagmanager.com/ 		159 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M6PLRD&gtm_auth=2ozXXKEccdpJMKRFB8D5oA&gtm_preview=env-1&gtm_cookies_win=x
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
355c65937df1fa01bf1ecd8806b4fc9dbd7d8cfe7c570ff7750415e94e7fe6ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60900
x-xss-protection
0
pragma
no-cache
server
Google Tag Manager
vary
*
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 01 Jan 1990 00:00:00 GMT
js_visitor_settings.php
dev.visualwebsiteoptimizer.com/deploy/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=354908&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&random=0.259818566821584
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1 /
Resource Hash
7961acf7bc6288ddce88beea063f39235d2c556af91d6205244b847025e3e088

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
via
1.1 google
server
gnv1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
application/javascript; charset=UTF-8
v.gif
dev.visualwebsiteoptimizer.com/ 		35 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=354908&d=thespec.com&u=D9C94040452069421B27815296C3054D2&h=fdc6fbf59112a275dccd52c6f961e273&r=0.7797115698098358
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv1c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:20 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv1c
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
embedder
adserver.pressboard.ca/v3/ 		351 B
789 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adserver.pressboard.ca/v3/embedder?media=130507
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.104.19 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4da8f4d2d20833c254b092ab30d0ebaee5e3d93716e320773ff55c27c353796b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
0
Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:20 GMT
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
351
request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
moatcontent.js
z.moatads.com/torontocontentstarcontent37863992/ 		165 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontocontentstarcontent37863992/moatcontent.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
d85850c885fe92574f866d77f638250a2747c691aa7f537b4922e28b368cd51a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
last-modified
Mon, 24 Aug 2020 17:22:35 GMT
server
AmazonS3
x-amz-request-id
DB6930A7D4C7ED9E
etag
"491121b0fb1268b17bdb2c53880291f2"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=35767
accept-ranges
bytes
content-length
54912
x-amz-id-2
nZph3UHwPcajm9C8FqN0XdUMh5siUw0Qy+b/JNip4Kp6vtU22sPdXD9z5Xl61fYDClBOdsFUmic=
q70i6rkk.gif
w4o7aea80ss3-a.akamaihd.net/ 		43 B
251 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://w4o7aea80ss3-a.akamaihd.net/q70i6rkk.gif?vc=2&mp=1&t=1685716880420&de=95314933683&ac=1&j=https%3A%2F%2Fnews.google.com&cm=7&i=TORONTOSTARCONTENT1&e=17&pl=1&bq=10&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&cs=0
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
23.215.130.106 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-215-130-106.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:20 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:20 GMT
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&de=95314933683&t=1685716880420&i=TORONTOSTARCONTENT1&cm=7&j=https%3A%2F%2Fnews.google.com&mp=0&ac=1&pl=1&bq=10&ad_type=img&vc=2&cs=0
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:20 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:20 GMT
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ad5fc1a1f2e9f61750da7c5f657b4555458014b20726b06d78d3d2c1e60ee392

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/svg+xml
material-icons-outlined-all-400-normal.woff2
www.thespec.com/static/assets/ 		126 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/assets/material-icons-outlined-all-400-normal.woff2?v=e4106b07
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/74.css?v=7db92b637058f6d7a9ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
afa2d43bc5235e019048bf8eeb242859a5beff1fa165621f8deaa6385b799951
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/static/74.css?v=7db92b637058f6d7a9ef
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:24:50 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80190
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
128844
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"1f74c-188541085c8"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
Yn7pry9AW1fBagpSDwFW_9XwjRMfEJJ70sHPzOKdZnH2CSuB0M7qwg==
material-icons-base-400-normal.woff2
www.thespec.com/static/assets/ 		101 KB
102 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/assets/material-icons-base-400-normal.woff2?v=fe7e45c2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/74.css?v=7db92b637058f6d7a9ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
53e47f0803e3983ae0b26db5f39e87c0bfd327981749c02c9e2f955341e34d7b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.thespec.com/static/74.css?v=7db92b637058f6d7a9ef
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:24:19 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80221
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
103852
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"195ac-188541085c8"
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
sUMuqAbkM0VQOt-E_cksmYHKFOtxs9e83HpDc1XvWiHuKNqEekGEjA==
brandmark-thespec.svg
www.thespec.com/assets/svg/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/svg/brandmark-thespec.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
cb46793b16474c3edd63f754a9f7b9969e7b23ce1bcb5f01ad0863d1385b4339
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:30:54 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
7826
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
2572
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"a0c-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
twQ_wgs9fKkkgMvTMCSfYQswRy43RH4h90I7eSzkpjt1nQKl3PtGVA==
app-store.svg
www.thespec.com/assets/svg/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/svg/app-store.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
133d99ecc7e1f65d2e0bdc9d04fae746f2e9b820213b2a2df7fed60ba073475e
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:30:31 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
7849
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
7779
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"1e63-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
yTJl81aG_6z7JB8kGAr0r5pH36HbMpFt0fhUtqFE6SZBlFCc_0M9Vg==
google-play.svg
www.thespec.com/assets/svg/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/svg/google-play.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
b0ab2f21243b940db6c6b986e1cedb149ffcc296b62b326e9214366585d1040d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:33:41 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
7659
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
10329
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"2859-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
DpcwqviGSZNUlwckerV4Fa3EXDzYviBvp32Hsj34K_3XUA65afsJ5A==
beacon.js
sb.scorecardresearch.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-41.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 04:19:59 GMT
content-encoding
gzip
via
1.1 3ffc96c97d8be4bd38d62dce94cb1db0.cloudfront.net (CloudFront)
last-modified
Thu, 09 Mar 2023 09:22:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P8
age
43887
x-amz-server-side-encryption
AES256
etag
W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
8cwkccvyLTjpIxbpmn_AB-qv9gI_InG8Xteors8PjqWQOfImRjI5yw==
/
d1nxn87txdj54y.cloudfront.net/ 		43 B
524 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d1nxn87txdj54y.cloudfront.net/?a=40727dc8cfba4185b5b471b11fed6eb9
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.36.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-36-115.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:21 GMT
Via
1.1 dd50f5bdd8da1cdd9e698cc2d6f8e828.cloudfront.net (CloudFront)
Last-Modified
Mon, 22 Apr 2013 19:31:32 GMT
Server
AmazonS3
X-Amz-Cf-Pop
EWR53-C2
ETag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
X-Cache
RefreshHit from cloudfront
Content-Type
image/gif
Cache-Control
no-cache
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
43
X-Amz-Cf-Id
dEd8EgG2cjsMIwFGsCpI7TUGADadILQqEEqVL91exN58ATRKJbZLnQ==
p.js
d1z2jf7jlzjs58.cloudfront.net/ 		930 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.164.131.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-131-14.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 08:37:45 GMT
Via
1.1 4da3e729faec3d2f5eeca39813785c2c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
JFK50-P7
Age
21815
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
930
Pragma
public
Last-Modified
Wed, 06 May 2020 20:19:48 GMT
Server
nginx
ETag
"5eb31be4-3a2"
Content-Type
application/javascript
Cache-Control
max-age=86400, public
Accept-Ranges
bytes
X-Amz-Cf-Id
BGFdRmgCLDm8YZ4ChHtysRgO6A2xahSuYpCe9cO5DM-aDxSk4Ci-Tg==
Expires
Sat, 03 Jun 2023 08:37:45 GMT
uhup2d5upsj28vf1-nbc.js
cdn.petametrics.com/ 		158 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.petametrics.com/uhup2d5upsj28vf1-nbc.js?ts=468254
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map3.hwcdn.net
Software
AmazonS3 /
Resource Hash
f341962426b90ce776ae4e165e6872476c976924aaee9ed73d3bfb8f316b6130

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
x-amz-version-id
JbDduM4kZunHIWvd75TmICEByw8wR2we
last-modified
Thu, 30 Mar 2023 03:36:47 GMT
server
AmazonS3
x-amz-request-id
DWZGSWQ5PRDAZM5Q
etag
"2bb3a482f971efc1f644e12203499299"
x-amz-server-side-encryption
AES256
x-hw
1685716880.cds242.fr8.hn,1685716880.cds252.fr8.c
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=86400, s-maxage=31536000
accept-ranges
bytes
content-length
47101
x-amz-id-2
zKjmQGLz7IFRsqWf0e003Ggkc28mUbYqxCjy9rmTjJ/DV1joNJPo6B4sCQ/uHkM1Npu5ZYBck5A=
apstag.js
c.amazon-adsystem.com/aax2/ 		228 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.107.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-107-138.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e5455fe11eef6ea9da6fd8b89ec7d0376cf18b8d863a31fd6f4e13225055049a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:15:43 GMT
content-encoding
gzip
via
1.1 47c0295005ec7d8570406951491004c2.cloudfront.net (CloudFront), 1.1 8c17de0f985b9ec9dbef8f79e2137106.cloudfront.net (CloudFront)
last-modified
Mon, 22 May 2023 19:17:46 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3, JFK50-P3
age
1538
x-amz-server-side-encryption
AES256
etag
W/"164d5b26a12963e375c4bac3b8c240e8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-id
jAT5ukNDgnczNwCA4_iEAq32ebDkT486pm5DO83Iz8NVkDBQvzt_BQ==
cs
torstar.blueconic.net/DG/DEFAULT/ 		16 B
698 B 		Script
General
Check archive.org
Download Go to
Full URL
https://torstar.blueconic.net/DG/DEFAULT/cs?&callback=bc_json299
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.189.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-189-105.compute-1.amazonaws.com
Software
- /
Resource Hash
4bdd7d90638e1014b4551127fc7cec16c6b7de3600883836737a30ab515e4508
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
-
x-permitted-cross-domain-policies
master-only
content-type
text/javascript; charset=utf-8
p3p
policyref="", CP="DSP"
cache-control
no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag
noindex, nofollow
content-length
36
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
v2
api.viafoura.co/v2/www.thespec.com/bootstrap/ 		7 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.viafoura.co/v2/www.thespec.com/bootstrap/v2
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/entry/index.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:44f0:4847:757a:9f73:587:7107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
07ba8b6a769f306219056245b915f4eb5394c3456630a67d5c2f2b1d8370a454

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-instance-id
i-048195fd1f5111006
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.thespec.com
cache-control
max-age=0
access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires
Fri, 02 Jun 2023 14:41:20 GMT
px.gif
ad-delivery.net/ 		43 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=2
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
359221
x-guploader-uploadid
ADPycdssXNg8YAtJunklo7C4QNsk8Xl2VAjbXHuOpGyy6au8R8LsgdD-8f5pvPVW_Zr4E3Q_TCdgs53hHMykMrN-kYWk7kBDwnM5
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q8hivkw%2Fm1iT8Oc9jXgWvsXnjfz6IOu3FGGg0pPKFSZCZUuvymJdSsqHgD7IxEasEbOPH%2BHaLrPN1P8jKN0oVyEG5RVo2SYlk4ck7EMba8nRJwR5adFQ8Dw8LavvAHMsd58f6Sm8AOeDO%2Bb1DA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
7d1074e8cbc45b28-IAD
expires
Sat, 03 Jun 2023 14:41:20 GMT
favicon.ico
ad.doubleclick.net/ 		1 KB
571 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul02s04-in-f6.1e100.net
Software
sffe /
Resource Hash
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 19:59:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
67299
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
104
x-xss-protection
0
last-modified
Tue, 08 May 2012 13:08:06 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 02 Jun 2023 19:59:41 GMT
px.gif
ad-delivery.net/ 		43 B
936 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ad-delivery.net/px.gif?ch=1&e=0.5550810145493448
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
359221
x-guploader-uploadid
ADPycdssXNg8YAtJunklo7C4QNsk8Xl2VAjbXHuOpGyy6au8R8LsgdD-8f5pvPVW_Zr4E3Q_TCdgs53hHMykMrN-kYWk7kBDwnM5
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
5
x-goog-stored-content-encoding
identity
content-length
43
last-modified
Wed, 05 May 2021 19:25:32 GMT
server
cloudflare
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3"
vary
Accept-Encoding
x-goog-generation
1620242732037093
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
access-control-expose-headers
*, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=86400
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0SpozRnm2NEZQQBdLUmhUui4VURMUxxVcC9w6x5liVfnnxrWMT0AAzbgi%2BgrXP%2BzrSxR9MoXX2dV%2FX7aqaj0sEV71mr0DJ9D4JFCqwVZVBdb59pEGBloeFkIz9Gs3HoZD%2BA6jIbnMv1ZQY5aQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length
43
accept-ranges
bytes
cf-ray
7d1074e8cbc65b28-IAD
expires
Sat, 03 Jun 2023 14:41:20 GMT
id
dpm.demdex.net/ 		387 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&d_nsid=0&ts=1685716880711
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.1.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-1-225.compute-1.amazonaws.com
Software
/
Resource Hash
001c41197b8371ab7a20b3b8d34bc0fa94bd64ec85b63ba654b845d11532e1c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-va6-2-v047-028d7592e.edge-va6.demdex.com 3 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
weDVI0JoQQE=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.thespec.com
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
326
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:05 GMT
x-amz-version-id
6J0JN_13cZu3wFl7HEdzb_NqrweM_607
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"dfdd9e1f988805f0c2fbb10cd6b8f034"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
496
x-amz-cf-id
TZKMJ0rwoI_GiUenlGTo0Qcm9IpKWqnx2tC1Vg1Dz7fWzSKJlcAsRg==
AppMeasurement_Module_ActivityMap.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:05 GMT
x-amz-version-id
e02z36L04HOGrlrb2kN33H7BshECPKcv
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"b89fcb8870ac40eecb6d3cc844d35389"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
496
x-amz-cf-id
HuhSOg9U59FuOGezPuOetLj1OJybYe0UcHc-Nm-PJxkaNAAjVxS1GQ==
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=34&ud=false&qa=1600&qb=1200&qc=0&qd=0&qf=1600&qe=1200&qh=1600&qg=1285&qi=1600&qj=1200&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qm=0&qn=6OZw%3DoHB%2CEF%3FKC1I%3Cq.bWoCSV2W0Su*TDXlCfX2iR2%25(GyHN%3DI(%2C%3Ba15lK1t!9ZpAH..4iwM%25z4mc4djG%3D_11%5Dz(m3%7CuK9~P%5DDohjO%7BcEKHD%40%404KrD(KA.E%24C%23I%3BC%2FVKw(%24Y4%5D%2B)%60K%3A%3A%2FAwJ_%5B%259%5BHhUKF%5EhRZ8!v%5ETm_h%7CR%22%3Ba%3CgeMBC.F%5BNVfBB2%2B%7BLTaU%40%5BG%2BQVxtRF%3BmXB7I%22u%25B_QIx)%2CaqRBXED%3Fd%5BvP%25l7g(ksGBGN35*mUx!f%2Bwb%7B!wJu4DmSUw%3ClE8kJBdSX%5EZFKC%2C)Ib%3BA8%2266%3CBl%3F%24b%3AameaUc%5EKu%3BUDXp%2B3W%60R2zA.Nt%7CQjtoDxpwoFKR*emgSuR)%2Cea*X%3Dy%3E%5B%25B7k.%3ETy%25.8e%40GW*_)9L%2CzVx)rOS2z.%5BOCDTWRe%2Ba%2Fke%3BR30982iYBgDzb%23Ls1(u0EnUa%3Fwb%26k!C%24%26J%3BBcJVrwLy%3Aaq%24StZzTm!ja8V%22%3BU%5DDTg%7Df%2FH%40%26%2Bc%5B5IUOG(%2CWV%7BGrV~1HmDkP8D4rUDtmxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BC%24%3D!!t%3C%2C%5BhKjmfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BlTr1W*d%5BOCF%259%3CUYoo813_xB%2CN22Ib%40aFB&qp=00000&qq=000001000000&qr=0&gz=0&hh=0&hn=0&qt=0&i=TORONTOSTARCONTENT1&hp=1&pl=1&cm=7&kq=1&dnt=0&bq=0&f=0&j=https%3A%2F%2Fnews.google.com&o=3&t=1685716880420&de=95314933683&m=0&ar=5072747-clean&q=0&cb=0&cu=1685716880644&ll=2&ln=0&em=0&en=0&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&qs=1&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&vc=2&gw=torontocontentstarcontent37863992&fd=1&ac=1&it=500&fs=98876&na=1903110086&cs=0
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:20 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:20 GMT
pxid
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/v2.0/ 		46 B
394 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/v2.0/pxid?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
51.9.241.35.bc.googleusercontent.com
Software
Permutive /
Resource Hash
133185efc3ebe51623accb7177e2b7e4ef1e7bad63c1ace950239d118ea74f9b

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66
getuidj
ib.adnxs.com/ 		11 B
819 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/getuidj
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.2 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:20 GMT
AN-X-Request-Uuid
2d40fdf0-82b1-4cc3-9d04-5797c12e0159
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.thespec.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
geoip
api.permutive.com/v2.0/ 		249 B
373 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
65e46732d0930db4f321ac805a0838672ce0345e7590a32b66c6ef879fd65147

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
178
watson
api.permutive.com/v2.0/ 		2 B
87 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/watson?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/ 		408 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
325be98d467be29fd7b3d1c36f2e137806b171ca7d73ef3b535e198ec0bd1dc1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 11:54:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
9998
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128806
x-xss-protection
0
server
cafe
etag
8074574313080668351
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Sat, 01 Jun 2024 11:54:42 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		69 B
78 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.thespec.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5154e8c20331d4072f81178925ed2dda1381fccf4f3a5f6cceb64022e19c9748
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54
x-xss-protection
0
expires
Fri, 02 Jun 2023 14:41:20 GMT
analytics.js
www.google-analytics.com/ 		51 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M6PLRD&gtm_auth=2ozXXKEccdpJMKRFB8D5oA&gtm_preview=env-1&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 02 Jun 2023 13:18:40 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
4960
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Fri, 02 Jun 2023 15:18:40 GMT
services
sr.studiostack.com/v3/ 		26 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sr.studiostack.com/v3/services
Requested by
Host: adserver.pressboard.ca
URL: https://adserver.pressboard.ca/v3/embedder?media=130507
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.104.19 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6930c1acb61e726bd2f0c6ed17935d5243887297289afc1c2117ef2e054c216c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
0
Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:21 GMT
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
26237
request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1685716880912&ns_c=UTF-8&c7=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Fun...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1685716880912&ns_c=UTF-8&c7=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Fu...
0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1685716880912&ns_c=UTF-8&c7=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&c8=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&c9=https%3A%2F%2Fnews.google.com%2F
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Server
13.35.93.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-41.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
via
1.1 3ffc96c97d8be4bd38d62dce94cb1db0.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P8
x-amz-cf-id
SHchZ6gpA8y-i7KJx4wsPH94mTId5imUSkT-BwjfTvZtYyf1fEMiEQ==
x-cache
Miss from cloudfront

Redirect headers

date
Fri, 02 Jun 2023 14:41:21 GMT
via
1.1 3ffc96c97d8be4bd38d62dce94cb1db0.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
location
/b2?c1=2&c2=3005674&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1685716880912&ns_c=UTF-8&c7=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&c8=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&c9=https%3A%2F%2Fnews.google.com%2F
content-length
0
x-amz-cf-id
bq3JDFbXM2NRzZNypLPVi_J9zW_Vng3OXntyhib2cMZxdh5MVuiuZQ==
gpt.js
www.googletagservices.com/tag/js/ 		76 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/bundle.js?v=7f4fce14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8f489e41c30772428ebfa185d2ceee55884d86d6ed3bc9baa24145207cab1942
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
25335
x-xss-protection
0
server
cafe
etag
665 / 19510 / m202305300101 / config-hash: 14983065937393175231
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 02 Jun 2023 14:41:21 GMT
breakingnews
www.thespec.com/api/alerts/ 		19 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/alerts/breakingnews
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
6707bbab4dbba0ac7fce42d70d1a036d37a9e2fbeb320156e9d960e193c1d6c9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:38:04 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
age
221
x-powered-by
Express
etag
W/"13-dtK7HFxXRJGTWdPpmheUxDbkx20"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Hit from cloudfront
cache-control
max-age=180
content-length
19
x-amz-cf-id
XVVbhxwSqAbwIcYJ89LopjzD6-HbWufp0CBT1aPiyFhZ4tWwR0OFmQ==
updates
www.thespec.com/api/alerts/ 		19 B
447 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/alerts/updates
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
b3abab8c0524b6f876d36f99aedd1fb14317c2e3758d2bdf093362d458f6f199
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
age
23
x-powered-by
Express
etag
W/"13-Ke/+pN/k0l2LXDxWablmwTVvPYs"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Hit from cloudfront
cache-control
max-age=180
content-length
19
x-amz-cf-id
aD96SWx4q47nhtboZcc_BGAMyvMCW0irfc8HJ3tsqIFDqabPlZEleg==
related
api.parsely.com/v2/ 		11 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.parsely.com/v2/related?apikey=thespec.com&tag=tlc_news&url=https:%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&limit=20&boost=views&pub_date_start=48h
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.242.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-242-235.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2e87fb4cc4c586bf8aae23bd3726d40a20087b26989bf9668b18e31c3db62fd2

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
server
nginx
x-cache-status
MISS
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=120
expires
Fri, 02 Jun 2023 14:43:21 GMT
articles
www.thespec.com/api/ 		90 KB
15 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/articles?type=top
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
7094d04ea8b0392929875dd172e215885bce14457db59e9c4b391ba6003bc9db
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:40:46 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
age
35
x-powered-by
Express
etag
W/"16943-qieyBKyorwvhC8LtaLFyZg9zH+g"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Hit from cloudfront
cache-control
max-age=180
x-amz-cf-id
ndezIWB83Fa8zog149oWe8N7eF_q2rAk5xYAIbZwMpKLmThSEvOhyw==
posts
api.parsely.com/v2/analytics/ 		40 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.parsely.com/v2/analytics/posts?apikey=thestar.com&secret=XMZfv5sJ1L3qE6DZfkeSIh4mI4bCvQ1hZdyWNEOZAQg&sort=views&limit=20&page=1&period_start=15m
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.222.242.235 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-222-242-235.compute-1.amazonaws.com
Software
nginx /
Resource Hash
941989003a69c246ce43bf83550a69e285146495de1e288adf0f1227f3d3510e

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
server
nginx
x-cache-status
HIT
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=600
expires
Fri, 02 Jun 2023 14:51:21 GMT
16.css
www.thespec.com/static/ 		257 B
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/16.css?v=77f92dd85f139b4be241
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/bundle.js?v=7f4fce14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
6118aab3972757bc62c6e4c730c32154718c63b74cffc6c66733af493c730139
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:25:56 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80189
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
257
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"101-188541085c8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
accept-ranges
bytes
x-amz-cf-id
zU9MS_KZnHRe7VQn6KyPWEp040hc1BAMveUXVO0jAl0Bz_2Nq64ZrA==
RightRailAds-RightRailAds.chunk.js
www.thespec.com/static/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/static/RightRailAds-RightRailAds.chunk.js?v=8c487d61
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/bundle.js?v=7f4fce14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
818bebc960e07f89d65ebb8c1771e28dbb03c905bd88104735f316b4a8bf076f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Thu, 01 Jun 2023 16:25:58 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
80189
x-powered-by
Express
x-cache
Hit from cloudfront
last-modified
Thu, 25 May 2023 17:59:09 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"141e-188541085c8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=86400
x-amz-cf-id
h4DHWT4GsU2ZOjTxPF2FhlijYBYssHDDTa5SU-E4-ZQ8Pnnhm6jH3g==
NSG-Logo-NSB.svg
www.thespec.com/assets/svg/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/svg/NSG-Logo-NSB.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
52c6b724460d1cc1eef6b6b43f27f26d9f17f392ca2148e0df83f05f3cbc9970
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:24:58 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
8183
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
28238
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"6e4e-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
vFomaLvP7kLiM9NiiAWOg7A5g4HXApltoFARPCMeiJElC7I9qPbs7g==
indicator-icon-blue.svg
www.thespec.com/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.thespec.com/assets/img/indicator-icon-blue.svg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/bundle.css?v=92a346c14980da850d62
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
7b986be165af27dbe780c4d161221f28e30b58f6bc4749488874186ea2f8f80a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/static/bundle.css?v=92a346c14980da850d62
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 12:32:24 GMT
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
7737
x-powered-by
Express
x-cache
Hit from cloudfront
content-length
1636
last-modified
Thu, 25 May 2023 17:52:52 GMT
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
etag
W/"664-188540ac520"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://amp.thespec.com
cache-control
max-age=14400
accept-ranges
bytes
x-amz-cf-id
nuCJDWffenfjGPFQNWkh551DzL2ZuPF8norwp5hraMUYJLFJ0LiHug==
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
757f9e52aae63cd3a35f11a9848010dfc99a63840ddd0e13c45cfa2f49b859e5

Request headers

Referer
Origin
https://www.thespec.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
dest5.html
torontostarnewspaperslimited.demdex.net/ Frame E4FF 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://torontostarnewspaperslimited.demdex.net/dest5.html?d_nsid=0
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.231.84.56 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-231-84-56.compute-1.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-va6-1-v047-08ce75a69.edge-va6.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
YiFI/VyUQvs=
content-encoding
gzip
date
Fri, 2 Jun 2023 14:41:21 GMT
last-modified
Wed, 10 May 2023 10:44:37 GMT
vary
accept-encoding
id
s.thespec.com/ 		48 B
458 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.thespec.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=19A568F454F72DAF0A4C98A6%40AdobeOrg&mid=14704239918408065180314003276415442791&ts=1685716881291
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.38.113 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ip-63-140-38-113.data.adobedc.net
Software
jag /
Resource Hash
d64838c3671d2f4e0548c83bc49a7ec448aedb3737c202dd8ec8bc708707404e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
https://www.thespec.com
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=ZHn-kQAAAB7tkANw
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=14712650147332947160312601295629075821
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZHn-kQAAAB7tkANw
42 B
940 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZHn-kQAAAB7tkANw
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Server
35.171.1.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-1-225.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v047-02e5f5384.edge-va6.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
6G1F+7HKTec=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZHn-kQAAAB7tkANw
Date
Fri, 02 Jun 2023 14:41:21 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
15412e3d-2e1a-4500-96b8-cde01e17a504
https://www.thespec.com/ 		215 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.thespec.com/15412e3d-2e1a-4500-96b8-cde01e17a504
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abe3aa99e2acf0a113e6de6c4fa0c8c2becb65b2b487cdda05d80696116368ce

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Length
220645
Content-Type
a2473b49-f6ef-46b5-bf94-49823e1a7c81
https://www.thespec.com/ 		215 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.thespec.com/a2473b49-f6ef-46b5-bf94-49823e1a7c81
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abe3aa99e2acf0a113e6de6c4fa0c8c2becb65b2b487cdda05d80696116368ce

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Length
220645
Content-Type
p.js
cdn.parsely.com/keys/thespec.com/ 		56 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/thespec.com/p.js
Requested by
Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.101.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-101-60.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
c046091dc561069d9016665a4887400bd4f6cd1a4d890bcc5fc02ec40b8fa82b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
public
date
Thu, 01 Jun 2023 14:53:32 GMT
content-encoding
gzip
via
1.1 ab734ad5d81cc9d470b6176a05dd968e.cloudfront.net (CloudFront)
last-modified
Fri, 24 Jun 2022 01:41:35 GMT
server
nginx
x-amz-cf-pop
JFK50-P5
age
85675
etag
W/"62b5164f-df4a"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400, public
x-amz-cf-id
miyikgVB_3ZZ02GHojEGY8LT64qhUQ4Pi9Mf5VkCECXWaGr70A12qg==
expires
Fri, 02 Jun 2023 14:53:26 GMT
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		79 KB
16 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881327
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
0be3b3c29eb1481c54d5e848beab08078ac74c10bc54aa77cf80d98b5902fd8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
14832
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
3rG2AUuKOkCQSv5gg1hY3sCytllrhh1481P0RHfTtUSkL4hXkgGymQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
identify
api.permutive.com/v2.0/ 		50 B
88 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/identify?k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
ad36e105d30ef5df085b7236b565bd9249128f8e9d84f15c2bcfe8caba8c1823

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70
v2
api.viafoura.co/v2/www.thespec.com/bootstrap/ 		7 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.viafoura.co/v2/www.thespec.com/bootstrap/v2
Requested by
Host: cdn.viafoura.net
URL: https://cdn.viafoura.net/entry/index.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:44f0:4847:757a:9f73:587:7107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4230eb0b2967a0e37379c2eb0ce011bf23b3d5a9e27d83282fa14820f36ef260

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-instance-id
i-048195fd1f5111006
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, PUT, DELETE, PATCH, HEAD
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.thespec.com
cache-control
max-age=0
access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
expires
Fri, 02 Jun 2023 14:41:21 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		544 B
892 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=5028&u=https%3A%2F%2Fwww.thespec.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.107.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-107-138.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
62651edf87d2816cb10682476cb72ad3065481fe168cb6b18d91d0e2aa0a64dd

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 13:05:47 GMT
via
1.1 8c17de0f985b9ec9dbef8f79e2137106.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P3
age
5733
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.thespec.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
544
x-amz-cf-id
7Cl0dHdNdD1aqw6GTDdcsLGRXw2sbMeXrvpRTOOUvhap1kfJ_S_jxw==
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.107.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-107-138.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-amz-version-id
Zm_tZQQ808JKRizBfXGgSN2OWn8Z6JUU
content-encoding
gzip
via
1.1 c790ffcab27717f283a6e87f31c6d65a.cloudfront.net (CloudFront)
date
Fri, 02 Jun 2023 01:40:48 GMT
x-amz-cf-pop
JFK50-P3
age
46834
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Fri, 26 May 2023 01:35:48 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
a67_haVD76sn382uhcbKuxKY3r5-MscmI8gJHz039KQ6_Oi69avOAQ==
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&kq=1&lo=0&qs=1&ak=https%3A%2F%2Fwww.thespec.com%2F%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2F-&i=TORONTOSTARCONTENT1&ud=false&qm=0&qn=6OZw%3DoHB%2CEF%3FKC1I%3Cq.bWoCSV2W0Su*TDXlCfX2iR2%25(GyHN%3DI(%2C%3Ba15lK1t!9ZpAH..4iwM%25z4mc4djG%3D_11%5Dz(m3%7CuK9~P%5DDohjO%7BcEKHD%40%404KrD(KA.E%24C%23I%3BC%2FVKw(%24Y4%5D%2B)%60K%3A%3A%2FAwJ_%5B%259%5BHhUKF%5EhRZ8!v%5ETm_h%7CR%22%3Ba%3CgeMBC.F%5BNVfBB2%2B%7BLTaU%40%5BG%2BQVxtRF%3BmXB7I%22u%25B_QIx)%2CaqRBXED%3Fd%5BvP%25l7g(ksGBGN35*mUx!f%2Bwb%7B!wJu4DmSUw%3ClE8kJBdSX%5EZFKC%2C)Ib%3BA8%2266%3CBl%3F%24b%3AameaUc%5EKu%3BUDXp%2B3W%60R2zA.Nt%7CQjtoDxpwoFKR*emgSuR)%2Cea*X%3Dy%3E%5B%25B7k.%3ETy%25.8e%40GW*_)9L%2CzVx)rOS2z.%5BOCDTWRe%2Ba%2Fke%3BR30982iYBgDzb%23Ls1(u0EnUa%3Fwb%26k!C%24%26J%3BBcJVrwLy%3Aaq%24StZzTm!ja8V%22%3BU%5DDTg%7Df%2FH%40%26%2Bc%5B5IUOG(%2CWV%7BGrV~1HmDkP8D4rUDtmxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BC%24%3D!!t%3C%2C%5BhKjmfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BlTr1W*d%5BOCF%259%3CUYoo813_xB%2CN22Ib%40aFB&qp=00000&qq=000001000000&qr=0&gz=0&hh=0&hn=0&qt=0&bq=0&g=0&vc=2&pl=1&fl=1&sr=0&sb=0&sq=0&sa=0&sn=0&sj=0&sm=0&si=0&md=0&mc=0&lb=4262&la=0&ld=0&lc=0&cw=-1&cx=-1&sh=undefined&xa=0&xb=0&xc=0&h=4&w=4&dnt=0&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&cm=7&f=0&j=https%3A%2F%2Fnews.google.com&o=3&t=1685716880420&de=95314933683&cu=1685716880644&m=375&ar=5072747-clean&cb=0&ll=2&ln=0&gh=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1285&lk=undefined&le=1&gm=1&io=1&ch=0&as=0&ag=0&an=0&gf=0&gg=0&pg=0&pf=0&cc=0&bw=0&bx=0&em=0&en=0&bu=1&cd=0&ah=1&am=0&re=0&wb=1&cl=0&at=0&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&gw=torontocontentstarcontent37863992&ab=1&ac=1&fd=1&kt=strict&it=500&fs=98876&na=1528653462&cs=0
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:21 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:21 GMT
bus_terminal_1.jpg
images.thestarimages.com/oXOlmeee9VZdvLUe0gr5w4-sxb4=/1200x800/smart/filters:cb(1685655596209):format(webp)/https://www.thespec.com/content/dam/therecord/news/waterloo-region/2023/06/02/region-set-... 		100 KB
100 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/oXOlmeee9VZdvLUe0gr5w4-sxb4=/1200x800/smart/filters:cb(1685655596209):format(webp)/https://www.thespec.com/content/dam/therecord/news/waterloo-region/2023/06/02/region-set-to-move-ahead-with-remediation-of-soilgroundwater-contamination-at-former-bus-terminal-in-kitchener/bus_terminal_1.jpg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60fd8589cc7cfe1b217ddb7859959f534c5ebad3aa8a4b9986feca00deeb63b3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
14839
etag
"e4dce9c73452e0de542b92d21bd07235838f63d0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hHAllxWY3McEy1HUv2VHTsM0A7dWV6OTCr%2Fb3HiFPYA%2F9bLeCFkIV5Wpi4DOqTC%2B3QTzGtzfS%2Fg7frUgCt0wV5qEVzaeLc%2BIfMk6TnBxpZGULFsRqe%2BL627evsNpQDFGE7NSVdfVHIcNMnK%2Bh%2BhRbrmyFDbQtwY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074ecea81424d-EWR
alt-svc
h3=":443"; ma=86400
content-length
102096
expires
Thu, 31 Dec 2037 23:55:55 GMT
green_valley_fire_2.jpg
images.thestarimages.com/dtt5P0Z11MdxZ28XPOyjQVcpF4A=/1200x831/smart/filters:cb(1685703001018):format(webp)/https://www.thespec.com/content/dam/therecord/news/waterloo-region/2023/06/01/fire-at-kit... 		283 KB
284 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/dtt5P0Z11MdxZ28XPOyjQVcpF4A=/1200x831/smart/filters:cb(1685703001018):format(webp)/https://www.thespec.com/content/dam/therecord/news/waterloo-region/2023/06/01/fire-at-kitchener-townhouse-complex-started-on-deck-before-quickly-spreading-to-rear-police/green_valley_fire_2.jpg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e55b8063e1a865029e59734a1614c36a36a40e08698dc4a9b33c0a9622abc9d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
6379
etag
"9e212c36e4e581539f1083a4960d633f989e227a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jy%2FWg8UwwtqClwcAhn7%2F8VjTxnl%2BxLaYTsYxXaLnNormORLXlisX9ieUC2nNix56qN2Y8pDb7itPsfOdQNJ1If7XQoJnhgKkzhwSQSDvcMm1tDZ8gCW2uWgBJB52MeqDIRWtCYRjaM%2B0me71OCMsiFrfPUGQuTU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074ecea82424d-EWR
alt-svc
h3=":443"; ma=86400
content-length
290036
expires
Thu, 31 Dec 2037 23:55:55 GMT
f9d6e3cf6885424c2a1104db8e2dbc78
bc.thespec.com/plugin/plugin/ 		258 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/plugin/plugin/f9d6e3cf6885424c2a1104db8e2dbc78
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
37f32cda3d74b3634eaaca668df1c2dc9dc4d16e40aeea240334d2fc25dc2212
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 10:46:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
186915
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
59688
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 10:46:06 GMT
server
-
etag
f9d6e3cf6885424c2a1104db8e2dbc78
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
-bCuOCq-onDyQb_BYzEiloBpE_242aKL6z7gi6FRvxw0mHVBA6MWBw==
expires
Thu, 30 May 2024 10:46:06 GMT
__activity.gif
query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/ 		35 B
175 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/__activity.gif?e=pageview&ct=%E2%80%98Our+on-premises+email+server+was+compromised%E2%80%99+%E2%80%94+University+of+Waterloo+interrupts+suspected+ransomware+attack&ccu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&tspl=1435&blst=481&ist=1427&iet=1432&bdst=481&bdet=1004&bcttt=10&jsfv=nbc&ts=1685716881469&jsk=uhup2d5upsj28vf1&jsv=20230329&cu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=f511a889-02fd-4f77-d5f9-19560506f6bd&sid=1bfea41f-76e1-40a3-c00d-2ac8cf744662&pvid=993d3ac9-4e3e-4083-8704-0a1cf731c5df&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.90+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&ref=https%3A%2F%2Fnews.google.com%2F&tzo=0&sdk=bc-pixel
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.14.190.35.bc.googleusercontent.com
Software
openresty/1.13.6.2 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:21 GMT
via
1.1 google
server
openresty/1.13.6.2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
content-type
image/gif
collect
www.google-analytics.com/j/ 		3 B
23 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=477708834&t=pageview&_s=1&dl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&dr=https%3A%2F%2Fnews.google.com%2F&ul=en-us&de=UTF-8&dt=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=880952393&gjid=2144898733&cid=27418797.1685716881&tid=UA-30417358-1&_gid=210198880.1685716881&_r=1&_slc=1&gtm=45He35v0n71M6PLRD&z=1194318299
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=477708834&t=pageview&_s=1&dl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&dr=https%3A%2F%2Fnews.google.com%2F&ul=en-us&de=UTF-8&dt=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAAABAAAAAC~&jid=827861133&gjid=324719358&cid=27418797.1685716881&tid=UA-73335503-1&_gid=210198880.1685716881&_r=1&_slc=1&gtm=45He35v0n71M6PLRD&cd1=story&cd2=core-site&cd3=desktop&cd4=landscape&cd5=no&cd6=&cd7=no&z=1541176746
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
attention-event
sr.studiostack.com/track/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sr.studiostack.com/track/attention-event
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.104.19 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.thespec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin
*
Allow
POST
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
4
Content-Type
text/html; charset=utf-8
Date
Fri, 02 Jun 2023 14:41:21 GMT
ETag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
Expires
0
Pragma
no-cache
request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
attention-event
sr.studiostack.com/track/ 		0
396 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sr.studiostack.com/track/attention-event
Requested by
Host: sr.studiostack.com
URL: https://sr.studiostack.com/v3/services
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.104.19 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Expires
0
Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:21 GMT
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
0
request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
macdonald_stone.jpg
images.thestarimages.com/_7WQOIMipczdyyOQGT4Xz30BJbM=/0x0:474x316/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/crime/2023/06/01/stoney-creek-homicide/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/_7WQOIMipczdyyOQGT4Xz30BJbM=/0x0:474x316/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/crime/2023/06/01/stoney-creek-homicide/macdonald_stone.jpg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
176fee37001cdc59696ba8496d3e39194d4eb668e774c95d5e6933c1e8e19c98

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
68358
etag
"a94590f7ff4476d3f204ff83f9f2ae1fd16dedc0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kcFSby6ALMW89fp%2FQOOg3UqFZFxgwyr8nFODtCezePpfa5LVEd7ZSRG0IzIKOUrhvPa%2Fl%2FzyNzaHeIb0Ok98WZNUJslY7GFTRBlH%2BEYOfBRCHjtnqz5smmrV5dqyVzzvjJG%2F8uHTJ7jjCdvV5rpX9xOW0XvzBJE%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074ed9f34c434-EWR
alt-svc
h3=":443"; ma=86400
content-length
2056
expires
Thu, 31 Dec 2037 23:55:55 GMT
re_enactment.jpg
images.thestarimages.com/rqCsQ_rVRggO_KVtCM7SJ48bgLA=/0x0:1176x784/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/hamilton-region/2023/06/02/hamilton-is-hot-wit... 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/rqCsQ_rVRggO_KVtCM7SJ48bgLA=/0x0:1176x784/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/hamilton-region/2023/06/02/hamilton-is-hot-with-activities-this-weekend/re_enactment.jpg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
624adcaa282392acb25cc86581dca014e3d38649c94d1c762feb4798c3b35d9d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
9007
etag
"b8d831ef60fcd1cc6784037e2ae7ff35c5a34b0d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vBcl06UldNd7LT9bcPBKbVcnDLTTAa8M1ya8JTuf3g1Xt7ol7SWktAe3nwVPiZRus99STDt1QDfDNusDQedupgKNKPUIpL2LB7eL9cMY6AcuVMgeoqsnsmtWJeUu0Gpz6JziC7wpjHRDfnREYdEDorf8OTta%2F18%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074ed9f35c434-EWR
alt-svc
h3=":443"; ma=86400
content-length
2680
expires
Thu, 31 Dec 2037 23:55:55 GMT
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 		0
452 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.168.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-168-175.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:21 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.168.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-168-175.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.thespec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length
0
date
Fri, 02 Jun 2023 14:41:21 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=4&q=0&ai=541&hp=1&kq=1&lo=0&qs=1&ak=-&i=TORONTOSTARCONTENT1&ud=false&qm=0&qn=6OZw%3DoHB%2CEF%3FKC1I%3Cq.bWoCSV2W0Su*TDXlCfX2iR2%25(GyHN%3DI(%2C%3Ba15lK1t!9ZpAH..4iwM%25z4mc4djG%3D_11%5Dz(m3%7CuK9~P%5DDohjO%7BcEKHD%40%404KrD(KA.E%24C%23I%3BC%2FVKw(%24Y4%5D%2B)%60K%3A%3A%2FAwJ_%5B%259%5BHhUKF%5EhRZ8!v%5ETm_h%7CR%22%3Ba%3CgeMBC.F%5BNVfBB2%2B%7BLTaU%40%5BG%2BQVxtRF%3BmXB7I%22u%25B_QIx)%2CaqRBXED%3Fd%5BvP%25l7g(ksGBGN35*mUx!f%2Bwb%7B!wJu4DmSUw%3ClE8kJBdSX%5EZFKC%2C)Ib%3BA8%2266%3CBl%3F%24b%3AameaUc%5EKu%3BUDXp%2B3W%60R2zA.Nt%7CQjtoDxpwoFKR*emgSuR)%2Cea*X%3Dy%3E%5B%25B7k.%3ETy%25.8e%40GW*_)9L%2CzVx)rOS2z.%5BOCDTWRe%2Ba%2Fke%3BR30982iYBgDzb%23Ls1(u0EnUa%3Fwb%26k!C%24%26J%3BBcJVrwLy%3Aaq%24StZzTm!ja8V%22%3BU%5DDTg%7Df%2FH%40%26%2Bc%5B5IUOG(%2CWV%7BGrV~1HmDkP8D4rUDtmxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BC%24%3D!!t%3C%2C%5BhKjmfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BlTr1W*d%5BOCF%259%3CUYoo813_xB%2CN22Ib%40aFB&qp=00000&qq=000001000000&qr=0&gz=0&hh=0&hn=0&qt=0&bq=0&g=1&vc=2&pl=1&fl=1&sr=0&sb=0&sq=0&sa=0&sn=0&sj=0&sm=0&si=0&md=28&mc=0&lb=4262&la=0&ld=1200&lc=0&cw=1600&cx=1200&sh=4262&xa=0&xb=0&xc=0&h=4&w=4&dnt=0&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&cm=7&f=0&j=https%3A%2F%2Fnews.google.com&o=3&t=1685716880420&de=95314933683&cu=1685716880644&m=765&ar=5072747-clean&cb=0&ll=2&ln=0&gh=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1285&lk=undefined&le=1&gm=1&io=1&ch=0&as=0&ag=0&an=0&gf=0&gg=0&pg=0&pf=0&cc=0&bw=0&bx=0&em=0&en=0&bu=1&cd=1&ah=1&am=1&re=0&wb=1&cl=0&at=0&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&gw=torontocontentstarcontent37863992&ab=1&ac=1&fd=1&kt=strict&it=500&fs=98876&na=1224780045&cs=0
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:21 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:21 GMT
model
query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/ 		10 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/model
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.14.190.35.bc.googleusercontent.com
Software
openresty/1.13.6.2 /
Resource Hash
cc3c110bb25be5bd3e5663f64681734135aa6eb85c854b808b12cdf758ae4ca7

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
via
1.1 google
server
openresty/1.13.6.2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
application/json
attention-data
sr.studiostack.com/track/ 		231 B
718 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sr.studiostack.com/track/attention-data?media=130507&ref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Requested by
Host: sr.studiostack.com
URL: https://sr.studiostack.com/v3/services
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.104.19 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c329b0419532f7f4f820859731983d9e6c56b6b06d6022c50395185231d3d681

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
0
Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:21 GMT
ETag
W/"e7-jYcVTnR0cxGcqQayoGcg5JLFpxQ"
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
231
request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
collect
stats.g.doubleclick.net/j/ 		1 B
346 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-73335503-1&cid=27418797.1685716881&jid=827861133&gjid=324719358&_gid=210198880.1685716881&_u=YEDAAAABAAAAAC~&z=277295973
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 02 Jun 2023 14:41:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
ingest
i.viafoura.co/v3/www.thespec.com/ 		67 B
325 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.viafoura.co/v3/www.thespec.com/ingest?t=%7B%22view%22%3A%7B%22domain%22%3A%22www.thespec.com%22%2C%22siteUuid%22%3A%2200000000-0000-4000-8000-eff92f57b54d%22%2C%22pageViews%22%3A2%2C%22outgoing%22%3A%2210%22%2C%22sessionStart%22%3A%221685716881%22%2C%22uniqueId%22%3A%22d8aef348-1ff9-4aa5-ae12-3632274ce1b7%22%2C%22firstVisit%22%3A%221685716881%22%2C%22previousVisit%22%3A%221685716881%22%2C%22currentVisit%22%3A%221685716881%22%2C%22visitCount%22%3A%221%22%2C%22referrerStart%22%3A%221685716881%22%2C%22refVisitCount%22%3A%221%22%2C%22ref%22%3A%7B%22medium%22%3A%22referral%22%2C%22source%22%3A%22https%3A%2F%2Fnews.google.com%2F%22%2C%22sharer_uuid%22%3A%22%22%2C%22terms%22%3A%22%22%7D%7D%2C%22meta%22%3A%7B%22domain%22%3A%22www.thespec.com%22%2C%22site%22%3A%2200000000-0000-4000-8000-eff92f57b54d%22%2C%22section%22%3A%2200000000-0000-4000-8000-eff92f57b54d%22%2C%22pageImage%22%3A%22https%3A%2F%2Fimages.thestarimages.com%2Fit4POXMFTLMhCBKt9QiotZBQO1I%3D%2F1200x719%2Fsmart%2Ffilters%3Acb(1685646410893)%3Aformat(webp)%2Fhttps%3A%2F%2Fwww.thespec.com%2Fcontent%2Fdam%2Ftherecord%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems%2Funiversity_of_waterloo_1.jpg%22%2C%22ref%22%3A%7B%7D%2C%22vf%22%3Afalse%2C%22url%22%3A%22https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%22%2C%22path%22%3A%22%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%22%2C%22title%22%3A%22%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%22%2C%22privilege%22%3A%22guest%22%2C%22page_type%22%3A%22article%22%2C%22page_description%22%3A%22%E2%80%98Fortunately%2C%2099.9%20per%20cent%20of%20our%20email%20users%20are%20not%20affected%20because%20their%20email%20services%20are%20hosted%20in%20the%20cloud%E2%80%99%22%2C%22topics%22%3A%5B%22News%22%2C%22myregion%22%2C%22myrecord%22%2C%22Myneedtoknow%22%2C%22University%20of%20Waterloo%22%2C%22cyber-attack%22%2C%22Ransomware%20attack%22%2C%22cloud%22%2C%22online%20systems%22%2C%22smg_wrr%22%2C%22smg_waterloo-region%22%2C%22smg2_news%22%2C%22InHouseArticle_therecord%22%5D%2C%22amp%22%3Afalse%2C%22thirdparty_enabled%22%3Afalse%2C%22container_id%22%3A%22%22%7D%2C%22ua%22%3A%7B%22nl%22%3A%22en-US%22%2C%22nu%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.90%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%2C%22sd%22%3A24%2C%22vp%22%3A%221600x1200%22%2C%22dt%22%3A%22%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com%22%2C%22de%22%3A%22UTF-8%22%2C%22dl%22%3A%22en%22%7D%2C%22rq%22%3A%228a2dbafc-a52b-4359-be16-862916ef6e4e%22%2C%22w%22%3A%5B%22vf-conversations%22%2C%22vf-conversations-count%22%5D%2C%22event_type%22%3A%22analytics.view_lite%22%7D
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.227.114.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-227-114-111.compute-1.amazonaws.com
Software
/
Resource Hash
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/png
date
Fri, 02 Jun 2023 14:41:21 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
67
expires
Fri, 01 Jan 1990 00:00:00 GMT
auction
elb.the-ozone-project.com/openrtb2/ 		7 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/openrtb2/auction
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
435d2a4f9752c742107b0423be9e34bad86830867e0b6a7b5d382087e31009f9

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
7d1074ef0e3b54b5-YYZ
expires
0
mdc.textfield.min.js
bc.thespec.com/plugins/toolbar_whatcounts/ts_d3dd9500cca2bd121600d736b16f4f6c/frontend/src/scripts/ 		66 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/plugins/toolbar_whatcounts/ts_d3dd9500cca2bd121600d736b16f4f6c/frontend/src/scripts/mdc.textfield.min.js
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
2d767fe00284ba315844a0f61f8f69721df84ca58781e8b960455fee618c9778
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Sun, 02 Apr 2023 19:21:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
5253594
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
11561
x-xss-protection
1; mode=block
last-modified
Sat, 01 Apr 2023 19:21:27 GMT
server
-
etag
6255d33f94b82e67e60ed3d71ba26fe3
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
q6ErsJezYGa8ZniPD8KxspV0t34pJAIaKbMog_xbiWfbs1t6wxjmbQ==
expires
Mon, 01 Apr 2024 19:21:27 GMT
c07527cc50b9272ae6d9e8b8c24ceb92
bc.thespec.com/plugin/library/ 		453 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/plugin/library/c07527cc50b9272ae6d9e8b8c24ceb92
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
7a601e1f3532dfb3784acb9637e1a4e4063360abe2dc0b7ba82a391a0adf2b7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 07:22:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
199124
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
144698
x-xss-protection
1; mode=block
last-modified
Tue, 30 May 2023 07:22:37 GMT
server
-
etag
c07527cc50b9272ae6d9e8b8c24ceb92
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
35IfE5EgnSg1Bh6t0HHf3h_7y7U2avzUylag_BCovb2y_r2Fjvcreg==
expires
Thu, 30 May 2024 07:22:37 GMT
LB-Zone-1
bc.thespec.com/DG/DEFAULT/rest/rpc/298/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298/LB-Zone-1?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=&bctempid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881738
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
02a4225dce02c122ea0f6c9b27fdb08433b9dc76ec802aaffde961feb1d9f612
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
1271
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
LRL59j3pNkgHJrLzkdvSx8s5wLi1WObit3Fa-vqQ6D2cyA-Z1z1xhQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
logo-hamilton-spectator.png
bc.thespec.com/rest/dialogues/files/e13e1fd1-901d-4208-bff1-a973c0919527/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bc.thespec.com/rest/dialogues/files/e13e1fd1-901d-4208-bff1-a973c0919527/logo-hamilton-spectator.png
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
f42bbeaf126cf497823f753f4e01e75d657906d24be3b5240c896206f347d730
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Mon, 05 Dec 2022 22:00:32 GMT
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
15439249
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
5544
x-xss-protection
1; mode=block
last-modified
Sun, 04 Dec 2022 22:00:32 GMT
server
-
etag
0ac2d4c3ea544250ac651754b67eb0a0
content-type
image/png
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
X4bTaUDigoHjrxt8X8xpMmCFP2ioOiKspHni_dVm408esn9BZ2_sgg==
expires
Tue, 05 Dec 2023 22:00:32 GMT
Overlay_ThinkingAboutYou_495x300.png
bc.thespec.com/rest/dialogues/files/ab1734c4-20f2-445b-bf56-aa071200c82f/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bc.thespec.com/rest/dialogues/files/ab1734c4-20f2-445b-bf56-aa071200c82f/Overlay_ThinkingAboutYou_495x300.png
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
28197ceb983f0b9d36b397add84509800d73ef9c6b2191343b9e96191a96a9f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Mon, 01 May 2023 06:10:44 GMT
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
2795437
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
50521
x-xss-protection
1; mode=block
last-modified
Sun, 30 Apr 2023 06:10:44 GMT
server
-
etag
7c6cd2bcaaa1a33f2021bf77540243c7
content-type
image/png
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
Dqxu4RtvOJtGI2DBpl0LaBr4P94vt0bD5FD1nHRAKGFUk2X4TLECJA==
expires
Tue, 30 Apr 2024 06:10:44 GMT
images
www.thespec.com/api/liftigniter/ 		9 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/liftigniter/images
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
01fe569dffd6f9247d5b98dcd3f13d0fddae9ab86a22e604c7196b5a5979b546
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
x-powered-by
Express
etag
W/"2255-DVDL904faCtSe4S5Y+eAlKmADNU"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Miss from cloudfront
cache-control
max-age=180
x-amz-cf-id
LhJ0ZY6xGPFFLZdWkMJEnJLpRLywDQFsd1Da4JgZV2AjXFhz3xilDA==
auction
elb.the-ozone-project.com/openrtb2/ 		11 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/openrtb2/auction
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb228657c70408ac8b2da62b4cf1025931dd7a3fc028b1a219422c7e628310d8

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
7d1074ef5e9254b5-YYZ
expires
0
cs
torstar.blueconic.net/DG/DEFAULT/ 		66 B
858 B 		Script
General
Check archive.org
Download Go to
Full URL
https://torstar.blueconic.net/DG/DEFAULT/cs?bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&&callback=bc_json300
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.234.189.105 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-234-189-105.compute-1.amazonaws.com
Software
- /
Resource Hash
c5995519a907da5fad47a645f3c0bc5e88b0208de210e552f0d00168e2950646
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
-
x-permitted-cross-domain-policies
master-only
content-type
text/javascript; charset=utf-8
p3p
policyref="", CP="DSP"
cache-control
no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag
noindex, nofollow
content-length
86
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		181 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881880
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
06bb8c86e0692f4542437a0abcc2cf07f5fabf6c99ab1a1ff6b83f54fb92d294
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
171
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
br8I4oj24MeTYrgxSP8x5jl8ExW6fBqZa4hQFPKp6j4laN_ZhYxnKQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
jquery.fancybox.pack.js
bc.thespec.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/jquery.fancybox.pack.js
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
99c2257ab0c877ef811c0dde48d17bfb2cf1f1a5bd5bc6a9e9a7f4a114f4df3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Tue, 28 Mar 2023 12:09:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
5711533
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
8529
x-xss-protection
1; mode=block
last-modified
Mon, 27 Mar 2023 12:09:08 GMT
server
-
etag
bcd257ffe249380dcdc2e45c7ca35fb1
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
-irvD-DKFACO0FJ_a7Bha74yCaFTnZvbed4guzBdMvM0eIXfEzwpUQ==
expires
Wed, 27 Mar 2024 12:09:08 GMT
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881887
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
12b121eb22ce19541fa86ce19b9c9981ac5d5ae37729c8d4c3cdd63c6b2634e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
2517
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
DBlUDC30GnJYdv4AWpidcUClyOZNEVRYrbWlpdWtiJq3nrJ9i24f0Q==
expires
Thu, 01 Jan 1970 00:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		106 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/plugin/plugin/f9d6e3cf6885424c2a1104db8e2dbc78
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f8fbf7e16e3604db25ab37c4a496865033167bb550e3b2e92f1070424f48723a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 02 Jun 2023 14:41:21 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27497
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
rHXtadVpkhmclGJzSfWwwFGtWkiKK3vnkNrf6JPOGSba2+6B2AGjix9ZZDbAVCiA/N8Q9MZeXrr+WyAw43PiIg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		553 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881902
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
a1aa6fedfd542521d223a26c6d4510af436b14ee00275c2a72a05e4c89bb335b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
179
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
Zi90ObK0R9LbAuVzGs9DWWUF6DxVEmSL3xeH2YHldZUzb8NlEmlp2A==
expires
Thu, 01 Jan 1970 00:00:00 GMT
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		185 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881905
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
5d19d95434eb4ff0c6bab9d7d8e46f023effe1404bf9beccdafa7260d76dbf80
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
165
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
Ep_VT4JKRqg7ES2VOe0i2ZJKhwCepMOs56KlSOtK82Vp-vLxB1leLQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		185 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881907
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
286770eac4396ea2a2e587f3f981a7ab16890b925c16d5f10e617924d2ed0bbf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
165
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
J7WapRmWLW2V6p0NmYITN8YZNZwLUQrqV1_ZRKRbjYgOFyAm6cMUdg==
expires
Thu, 01 Jan 1970 00:00:00 GMT
images
www.thespec.com/api/liftigniter/ 		8 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/liftigniter/images
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
a18687b0d9a995e6ec68d999fe1131209deee56f67dfa43ba1b05cb6281b9e8a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 02 Jun 2023 14:41:21 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
x-powered-by
Express
etag
W/"1fdf-Wb+Nnn4rSSD5OvXMrwG5LJxCwU0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Miss from cloudfront
cache-control
max-age=180
x-amz-cf-id
troFeRJY0zgakVkD-ttgw8JmtSTQCHGjqOX6x-FEI7APzK5JmuOKdA==
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		402 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A21%2B00%3A00&ts=1685716881965
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
1280928ff3311afe4e1ea30521ab9d06b838ee3efdbad88fed50f42fcc1c7ba2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
237
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
Pu1sag5IhT2GYfrH4wTvV9Tbp67-FTWqVcHTBxfHjXmqHMDAlugjww==
expires
Thu, 01 Jan 1970 00:00:00 GMT
images
www.thespec.com/api/liftigniter/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/liftigniter/images
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
4349c1ea6737b944d8fab7867c5c4d327d2ccbe155162ec392e85897f4ce6507
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
x-powered-by
Express
etag
W/"e45-hS9hwiKO4plDqyelpTJ08R/Knzg"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Miss from cloudfront
cache-control
max-age=180
x-amz-cf-id
TCqYGUygcfTt_3bzsefaJP8-kwc7SPj6Rv01Yr5jEw5fDDyvvLB7Ug==
jquery.fancybox.css
bc.thespec.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/lib/fancybox/jquery.fancybox.css
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/plugin/plugin/f9d6e3cf6885424c2a1104db8e2dbc78
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
27eb87df8f4eb3164ad81ff266aed79d50a33f6869c249ee27ac80ad0c1e3dc2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 07:45:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
5208972
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
1429
x-xss-protection
1; mode=block
last-modified
Sun, 02 Apr 2023 07:45:10 GMT
server
-
etag
a422994bd079b12c03bcc1bd67573254
content-type
text/css; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
pY9Kr4dw3wBHTnIdIE-YLenRSudVmmJO79couQZMqqDdrqVF0IUDdw==
expires
Tue, 02 Apr 2024 07:45:10 GMT
lightbox.css
bc.thespec.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/css/ 		219 B
706 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/plugins/lightboxinteractiontype_torstar/ts_290479a801b4198c27927de5770d3c7c/frontend/src/css/lightbox.css
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/plugin/plugin/f9d6e3cf6885424c2a1104db8e2dbc78
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
e4058b846286433d019ff33bb22b2eca434c9d36249df436d5a3c623825674d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 07 Apr 2023 19:07:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
4822458
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
174
x-xss-protection
1; mode=block
last-modified
Thu, 06 Apr 2023 19:07:04 GMT
server
-
etag
509ab20e0f70a848e487fc09470fbf83
content-type
text/css; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
nZX1_RyD9p1_K35gugZ72JtJ29W4AkqCZBjNpvaCYCVRzGLTnPIkFw==
expires
Sat, 06 Apr 2024 19:07:04 GMT
segment
api.permutive.com/adv/v2/ 		14 B
78 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/adv/v2/segment?new-session=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:22 GMT
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14
content-type
application/json
549886031832745
connect.facebook.net/signals/config/ 		512 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/549886031832745?v=2.9.104&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b1aaf4f2a405bdb5f0967a37fd5fba482980bd0b35b7710286acff0a6817e668
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 02 Jun 2023 14:41:22 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
151772
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
oNiBseUwdMc0+XwD/s3H3fn/P/Yjx6pAd07YcV8fORw3ohpyVBNbqQZUXDz/70NGz/24N4lEC63Jbvb1tFNlvA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
barton.jpg
images.thestarimages.com/7yurnWzkllhsVHna3PGjZMtFOJQ=/0x0:1200x800/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/hamilton-region/2023/05/31/section-of-barton-s... 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/7yurnWzkllhsVHna3PGjZMtFOJQ=/0x0:1200x800/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/hamilton-region/2023/05/31/section-of-barton-street-closed-for-police-investigation/barton.jpg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b73ab08d45df209c848e3d788be3b125c45c7d34f5de7a9c542c0379df4ac5f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
93781
etag
"e2c0f72380e2740243a72811b49c8957e810250e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yu62jCs6r4AUOERfx35yhNxBjN39%2F9RtbiHr9Un9kNnrMRWEWWs8m6LIAyGkIClOaCLbz47bd4RRmv8aCygHAAKvCb60vxHTACixiKooBxfMomHhLfk29L1HETK3dEAFy9MpoXxve8eA1m87Lygwch2suCAxt7M%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074f12ad7c434-EWR
alt-svc
h3=":443"; ma=86400
content-length
3160
expires
Thu, 31 Dec 2037 23:55:55 GMT
10933922_SarahJane1.JPG
images.thestarimages.com/zk0Y4DWOUdLiI_pDkAZfz-jvwSQ=/0x0:1200x800/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/localcommunities/hamilton_mountain_news/news/2023/05/30/ham... 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/zk0Y4DWOUdLiI_pDkAZfz-jvwSQ=/0x0:1200x800/100x100/smart/filters:format(webp)/https://www.thespec.com/content/dam/localcommunities/hamilton_mountain_news/news/2023/05/30/hamilton-mountain-homeowner-out-thousands-after-botched-concrete-job/10933922_SarahJane1.JPG
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c5abe1491ffbb02498051e698c3327ebef2aca7e51360c77aef050a7df94fd5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
271020
etag
"7d9187e4bd80bbde14780a4f3b76568e1b6dfc3e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=63LSWuDX2H7MY3gWEzApwSPeIgKFLQ17uxmuUAXLBfGI2CZ8DLCwDyJKlyfX3ZBfHMP83c2qO4GY8LXnzfbZ%2FtLBgUkw0ujCz7M8tA%2BOujY%2F4E3mGP6zNKdY5CwCnQQZQOXJwU5PVdOIsV%2B5rARDEDfG5%2FQnNj8%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074f12ad8c434-EWR
alt-svc
h3=":443"; ma=86400
content-length
2958
expires
Thu, 31 Dec 2037 23:55:55 GMT
__activity.gif
query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/ 		35 B
94 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/__activity.gif?e=widget_shown&ct=%E2%80%98Our+on-premises+email+server+was+compromised%E2%80%99+%E2%80%94+University+of+Waterloo+interrupts+suspected+ransomware+attack&ccu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&tspl=2089&blst=481&ist=1427&iet=1432&bdst=481&bdet=1004&bcttt=21&jsfv=nbc&ts=1685716882123&jsk=uhup2d5upsj28vf1&jsv=20230329&cu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=f511a889-02fd-4f77-d5f9-19560506f6bd&sid=1bfea41f-76e1-40a3-c00d-2ac8cf744662&pvid=993d3ac9-4e3e-4083-8704-0a1cf731c5df&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.90+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&ref=https%3A%2F%2Fnews.google.com%2F&tzo=0&w=spec_web_ymbii&source=LI&pl=null&tr=null&st=2086&vi=%5B%22https%3A%2F%2Fwww.thespec.com%2Fnews%2Fhamilton-region%2F2023%2F05%2F31%2Fsection-of-barton-street-closed-for-police-investigation.html%22%2C%22https%3A%2F%2Fwww.thespec.com%2Flocal-hamilton-mountain%2Fnews%2F2023%2F05%2F30%2Fhamilton-mountain-homeowner-out-thousands-after-botched-concrete-job.html%22%2C%22https%3A%2F%2Fwww.thespec.com%2Fnews%2Fcrime%2F2023%2F05%2F30%2Fstoney-creek-homicide-victims.html%22%2C%22https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F05%2F31%2Fa-kitchener-mother-took-her-daughter-to-the-er-for-a-cold-the-five-year-old-girl-died-12-hours-later.html%22%2C%22https%3A%2F%2Fwww.thespec.com%2Fts%2Fnews%2Fgta%2F2023%2F06%2F01%2Fit-was-very-weird-ex-girlfriend-testifies-in-trial-of-toronto-cop-accused-of-defrauding-dead-mans-estate.html%22%2C%22https%3A%2F%2Fwww.thespec.com%2Fnews%2Fcrime%2F2023%2F05%2F29%2Fstoney-creek-couple-killed-after-dispute-with-landlord-had-planned-to-move-out-days-later.html%22%5D&sdk=bc-pixel
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.14.190.35.bc.googleusercontent.com
Software
openresty/1.13.6.2 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:22 GMT
via
1.1 google
server
openresty/1.13.6.2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
content-type
image/gif
barton.jpg
images.thestarimages.com/N49CbEbptxALRhYaKVjiPN3OB4M=/0x0:1200x800/690x460/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/hamilton-region/2023/05/31/section-of-barton-s... 		69 KB
70 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/N49CbEbptxALRhYaKVjiPN3OB4M=/0x0:1200x800/690x460/smart/filters:format(webp)/https://www.thespec.com/content/dam/thespec/news/hamilton-region/2023/05/31/section-of-barton-street-closed-for-police-investigation/barton.jpg
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eae88bc2b7f33928fc9516f697725352f3586224093ada09bfbe01282205c8a7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
93671
etag
"51197962c1bbead6d448f4acbca1efcd75148d51"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=veCHAr%2BbhqJZAB0sK5kTkMI8CVcReT5F4GT11rX1M2lqnoFsMnlczNt79nIb2u6R6z7TWP1YKGwF8BdHvkjARXVJBWtqDNeDGgWnlb3AqpHV70SayiIMOQ%2BcmrbYqCD%2BXEj4E14IhNLbMQXWqCLdW4hzh7808Kg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074f15b0fc434-EWR
alt-svc
h3=":443"; ma=86400
content-length
70912
expires
Thu, 31 Dec 2037 23:55:55 GMT
10933922_SarahJane1.JPG
images.thestarimages.com/AGOq1YGzHd7eNf72IEKdJrMHENE=/0x0:1200x800/690x460/smart/filters:format(webp)/https://www.thespec.com/content/dam/localcommunities/hamilton_mountain_news/news/2023/05/30/ham... 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.thestarimages.com/AGOq1YGzHd7eNf72IEKdJrMHENE=/0x0:1200x800/690x460/smart/filters:format(webp)/https://www.thespec.com/content/dam/localcommunities/hamilton_mountain_news/news/2023/05/30/hamilton-mountain-homeowner-out-thousands-after-botched-concrete-job/10933922_SarahJane1.JPG
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:e0::ac40:6b1b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ddca01e3dcba24b322b5cc65fc0df212d6ebdda5f479053e5c704bdd72dd3b9d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
270846
etag
"47b9a13c72ebc8e8560a9d5195ec670c524eaa6e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xA4TXXNDNMhR4D53cQnhtTnbNjNTT6mQdWnL3EQiGz4DDzBO%2FUkIniy3%2FlslZ9lIx0uhw9JTGuSGhNH2pW7P%2BopdWJYWNbaRIkvDxOquD8RKz3hrGbJWdPB8P1tUBZz2XVS2OEHfUtb0d5QUbWZBMLN1x5kwb84%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cache-control
max-age=315360000
accept-ranges
bytes
cf-ray
7d1074f15b10c434-EWR
alt-svc
h3=":443"; ma=86400
content-length
65810
expires
Thu, 31 Dec 2037 23:55:55 GMT
__activity.gif
query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/ 		35 B
49 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/__activity.gif?e=conversion_shown&ct=%E2%80%98Our+on-premises+email+server+was+compromised%E2%80%99+%E2%80%94+University+of+Waterloo+interrupts+suspected+ransomware+attack&ccu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&tspl=2126&blst=481&ist=1427&iet=1432&bdst=481&bdet=1004&bcttt=29&jsfv=nbc&ts=1685716882160&jsk=uhup2d5upsj28vf1&jsv=20230329&cu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=f511a889-02fd-4f77-d5f9-19560506f6bd&sid=1bfea41f-76e1-40a3-c00d-2ac8cf744662&pvid=993d3ac9-4e3e-4083-8704-0a1cf731c5df&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.90+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&ref=https%3A%2F%2Fnews.google.com%2F&tzo=0&conversion_t=%5BSPEC%5D%20Overlay_NonSubsDesktop_Q123_MayJuneSale&sdk=bc-pixel
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.14.190.35.bc.googleusercontent.com
Software
openresty/1.13.6.2 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:22 GMT
via
1.1 google
server
openresty/1.13.6.2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
content-type
image/gif
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		13 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A22%2B00%3A00&ts=1685716882193
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
29c6a208824b56fd5d1d51f00cf1e519993d2448ff2b1ab90c375ca9917aa79d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
2617
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
ls_3dWDARtBZk3BYCU5ac6Oa_at3tvdcFqnH6MUp8nxZNJM1AqfYFQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=31&q=0&hp=1&kq=1&lo=0&qs=1&ak=-&i=TORONTOSTARCONTENT1&ud=false&qm=0&qn=6OZw%3DoHB%2CEF%3FKC1I%3Cq.bWoCSV2W0Su*TDXlCfX2iR2%25(GyHN%3DI(%2C%3Ba15lK1t!9ZpAH..4iwM%25z4mc4djG%3D_11%5Dz(m3%7CuK9~P%5DDohjO%7BcEKHD%40%404KrD(KA.E%24C%23I%3BC%2FVKw(%24Y4%5D%2B)%60K%3A%3A%2FAwJ_%5B%259%5BHhUKF%5EhRZ8!v%5ETm_h%7CR%22%3Ba%3CgeMBC.F%5BNVfBB2%2B%7BLTaU%40%5BG%2BQVxtRF%3BmXB7I%22u%25B_QIx)%2CaqRBXED%3Fd%5BvP%25l7g(ksGBGN35*mUx!f%2Bwb%7B!wJu4DmSUw%3ClE8kJBdSX%5EZFKC%2C)Ib%3BA8%2266%3CBl%3F%24b%3AameaUc%5EKu%3BUDXp%2B3W%60R2zA.Nt%7CQjtoDxpwoFKR*emgSuR)%2Cea*X%3Dy%3E%5B%25B7k.%3ETy%25.8e%40GW*_)9L%2CzVx)rOS2z.%5BOCDTWRe%2Ba%2Fke%3BR30982iYBgDzb%23Ls1(u0EnUa%3Fwb%26k!C%24%26J%3BBcJVrwLy%3Aaq%24StZzTm!ja8V%22%3BU%5DDTg%7Df%2FH%40%26%2Bc%5B5IUOG(%2CWV%7BGrV~1HmDkP8D4rUDtmxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BC%24%3D!!t%3C%2C%5BhKjmfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BlTr1W*d%5BOCF%259%3CUYoo813_xB%2CN22Ib%40aFB&qp=00000&qq=000001000000&qr=0&gz=0&hh=0&hn=0&qt=0&bq=0&g=2&vc=2&pl=1&fl=1&sr=0&sb=0&sq=0&sa=0&sn=0&sj=0&sm=0&si=0&md=28&mc=28&lb=6806&la=1200&ld=1200&lc=1200&cw=1600&cx=1200&sh=6014&xa=0&xb=0&xc=0&h=4&w=4&dnt=0&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&cm=7&f=0&j=https%3A%2F%2Fnews.google.com&o=3&t=1685716880420&de=95314933683&cu=1685716880644&m=1821&ar=5072747-clean&cb=0&ll=2&ln=0&gh=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1285&lk=undefined&le=1&gm=1&io=1&ch=0&as=0&ag=0&an=0&gf=0&gg=0&aj=0&pg=0&pf=0&cc=0&bw=0&bx=0&dj=0&aa=0&ad=0&cn=0&gk=0&gl=0&cq=0&em=0&en=0&bu=1337&cd=1&ah=1337&am=1&re=1&wb=1&ai=541&cl=0&at=0&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&gw=torontocontentstarcontent37863992&ab=1&ac=1&fd=1&kt=strict&it=500&fs=98876&na=869652832&cs=0
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:22 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:22 GMT
/
p1.parsely.com/plogger/ 		43 B
257 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p1.parsely.com/plogger/?rand=1685716882317&plid=8314968&idsite=thespec.com&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&urlref=https%3A%2F%2Fnews.google.com%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2214704239918408065180314003276415442791%22%7D&sid=1&surl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&sref=https%3A%2F%2Fnews.google.com%2F&sts=1685716881619&slts=0&date=Fri+Jun+02+2023+14%3A41%3A22+GMT%2B0000+(GMT)&action=heartbeat&inc=1&tt=630&u=pid%3D0e34022597b1ccc177efc0bab7eda828
Requested by
Host: cdn.parsely.com
URL: https://cdn.parsely.com/keys/thespec.com/p.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:22 GMT
Cache-Control
no-cache
Last-Modified
Friday, 02-Jun-2023 14:41:22 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
ruleenginedata
www.thespec.com/api/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/ruleenginedata
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
f1ef4c1955d0829a87514d7ca024407ca0640a980ce0609c02cffa9c7c064d3f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:37:20 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
age
243
x-powered-by
Express
etag
W/"8eb-bCFw6p33/iofV+kY5MiepG3DenU"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Hit from cloudfront
cache-control
max-age=180
x-amz-cf-id
TWGCkGJckeDN2f2yS7OMt-sjr38iqr_I_pQ2FmqsqwJ6SW4Apph6DQ==
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1685716882322&plid=8314968&idsite=thespec.com&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&urlref=https%3A%2F%2Fnews.google.com%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2214704239918408065180314003276415442791%22%2C%22_scrollIncrement%22%3A1%2C%22_scrollMethod%22%3A%22heartbeat%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A6806%2C%22_trustBar%22%3A2969%7D&sid=1&surl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&sref=https%3A%2F%2Fnews.google.com%2F&sts=1685716881619&slts=0&title=%E2%80%98Our+on-premises+email+server+was+compromised%E2%80%99+%E2%80%94+University+of+Waterloo+interrupts+suspected+ransomware+attack+%7C+TheSpec.com&date=Fri+Jun+02+2023+14%3A41%3A22+GMT%2B0000+(GMT)&action=_scroll&u=pid%3D0e34022597b1ccc177efc0bab7eda828
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:22 GMT
Cache-Control
no-cache
Last-Modified
Friday, 02-Jun-2023 14:41:22 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1685716882323&plid=8314968&idsite=thespec.com&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&urlref=https%3A%2F%2Fnews.google.com%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2214704239918408065180314003276415442791%22%2C%22_scrollIncrement%22%3A0%2C%22_scrollMethod%22%3A%22pageview%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A6806%2C%22_trustBar%22%3A2969%7D&sid=1&surl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&sref=https%3A%2F%2Fnews.google.com%2F&sts=1685716881619&slts=0&title=%E2%80%98Our+on-premises+email+server+was+compromised%E2%80%99+%E2%80%94+University+of+Waterloo+interrupts+suspected+ransomware+attack+%7C+TheSpec.com&date=Fri+Jun+02+2023+14%3A41%3A22+GMT%2B0000+(GMT)&action=pageview&js=1&pvid=75415471&u=pid%3D0e34022597b1ccc177efc0bab7eda828
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:22 GMT
Cache-Control
no-cache
Last-Modified
Friday, 02-Jun-2023 14:41:22 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
events
api.permutive.com/v2.0/batch/ 		101 B
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e7132074537f32430e3cf3c28f5bd37009987838ec9e1de55fa1a992ed4ed9f9

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
109
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		181 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A22%2B00%3A00&ts=1685716882712
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
c69f6c228856dcd06546b3782129e13d474f5f2b0c8207e8f79885c3d34cf708
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
172
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
nnIDaN9UMh8jOdCFpT34hv_EUqOXF7Ktsn33DD3EJvJMtFNHbu9Htw==
expires
Thu, 01 Jan 1970 00:00:00 GMT
14704239918408065180314003276415442791
api.thestar.com/users/data/anonymous/sitename/thespec/id/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.thestar.com/users/data/anonymous/sitename/thespec/id/14704239918408065180314003276415442791
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-103.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
x-api-key
Access-Control-Request-Method
GET
Origin
https://www.thespec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
GET,OPTIONS
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Fri, 02 Jun 2023 14:41:22 GMT
via
1.1 c38cfac20df9757e670e782ca61768aa.cloudfront.net (CloudFront)
x-amz-apigw-id
F5Te_HTKIAMFZzQ=
x-amz-cf-id
_Ky4qTVbk_e91KaEJZxWjq4lav3N2Z-sp3QEpd9k8ZDpjpmGW3tMRQ==
x-amz-cf-pop
JFK50-P6
x-amzn-requestid
53ec38ec-9c55-46fc-baa1-dc5a74373589
x-cache
Miss from cloudfront
14704239918408065180314003276415442791
api.thestar.com/users/data/anonymous/sitename/thespec/id/ 		51 B
429 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.thestar.com/users/data/anonymous/sitename/thespec/id/14704239918408065180314003276415442791
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-103.jfk50.r.cloudfront.net
Software
/
Resource Hash
a0ec8793ecc2c9d97dcceac6cce1de315e1a0cf7b6c5180060916c2d047c9a1c

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
x-api-key
b07LQ46EyU42X8fc14kd08w8gAyfSf337nbF5L8b

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
via
1.1 c38cfac20df9757e670e782ca61768aa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P6
x-amzn-trace-id
Root=1-6479ff92-001be1bd48e462d94d86ac11;Sampled=0;lineage=ec555b06:0
x-amzn-requestid
93e9a937-24e3-408a-af44-c9d62d124e7c
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
x-amz-apigw-id
F5TfAFLLoAMFWmA=
content-length
51
x-amz-cf-id
86JcV8PXQlwcO5PCOSpKPGLQaw2icfiYwv2Flsole1qfyw_RJnocKg==
b
engagefront.theweathernetwork.com/x/ 		47 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://engagefront.theweathernetwork.com/x/b?data=%7B%22advertiser_org_id%22%3A%2261731269aabe2aa0d6cf5785%22%2C%22event_name%22%3A%2249695385_45a9_4217_b0c5_58934bb70a35%22%2C%22subevent%22%3A%2278386%2C79992%2C79993%2C79994%22%7D
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.23.223 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
223.23.120.34.bc.googleusercontent.com
Software
TornadoServer/6.3.1 /
Resource Hash
af9dbf02c85319fda5ed6e97828a8328ce87a4a11e2a95d506654bf7dee244f4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
via
1.1 google
server
TornadoServer/6.3.1
etag
"2f28ed1ccf7c08cf22491757fe20385249db162e"
p3p
policyref='/static/w3c/p3p.xml', CP='NOI DSP COR DEVa TAIa OUR BUS UNI'
content-type
image/gif
cache-control
max-age=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47
expires
Fri, 02 Jun 2023 14:41:22 GMT
close.png
bc.thespec.com/rest/dialogues/files/38bbb8e6-2ab5-4aca-b63f-d8596ddc3ba8/ 		269 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bc.thespec.com/rest/dialogues/files/38bbb8e6-2ab5-4aca-b63f-d8596ddc3ba8/close.png
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
f5ee1f486d72b4c1b2ba4a16320729616508e9d67b4440aa5fc3a78fd18cd0e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 07 Apr 2023 03:21:31 GMT
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
age
4879191
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
269
x-xss-protection
1; mode=block
last-modified
Thu, 06 Apr 2023 03:21:31 GMT
server
-
etag
bdffbfd63e3bf04b6c6c464895067bcf
content-type
image/png
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
C_F133Lwmk70hnOp6Gfghv0miFKZUYzewdxAYLxJ5Hwj-madL63kMg==
expires
Sat, 06 Apr 2024 03:21:31 GMT
465561283852945
connect.facebook.net/signals/config/ 		300 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/465561283852945?v=2.9.104&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cb68c85ec678d8d358314efdc8858f9d33fee686b7f1b2d8e52d265528e92f1a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 02 Jun 2023 14:41:22 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
88006
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
Lce85ZuUinDbn9nrbEZw1HB+SSQxrJ/mB6RC1aAPiOAdArlxjYO4H8r9E6VPfRQHC5EI/TSl0f35VABoFS/ufA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
gtm.js
www.googletagmanager.com/ 		109 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-57Q9DV2
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
eda56fdfa95038cc8da36137585d26bbdcdbfb5a5096d7393683889efb4d5384
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43222
x-xss-protection
0
last-modified
Fri, 02 Jun 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 02 Jun 2023 14:41:22 GMT
__inventory.gif
query.petametrics.com/v1/ 		35 B
48 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://query.petametrics.com/v1/__inventory.gif?ts=1685716882891&jsk=uhup2d5upsj28vf1&jsv=20230329&cu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&item=%7B%22content_tier%22%3A%5B%22metered%22%5D%2C%22publisher%22%3A%5B%22https%3A%2F%2Fwww.facebook.com%2Fwaterlooregionrecord%22%5D%2C%22published_time%22%3A%5B%222023-06-01T17%3A50%3A49.574Z%22%5D%2C%22modified_time%22%3A%5B%222023-06-01T19%3A06%3A51.952Z%22%5D%2C%22section%22%3A%5B%22News%22%5D%2C%22tag%22%3A%5B%22News%22%5D%2C%22title%22%3A%5B%22%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%22%5D%2C%22type%22%3A%5B%22article%22%5D%2C%22url%22%3A%5B%22https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%22%5D%2C%22description%22%3A%5B%22%E2%80%98Fortunately%2C%2099.9%20per%20cent%20of%20our%20email%20users%20are%20not%20affected%20because%20their%20email%20services%20are%20hosted%20in%20the%20cloud%E2%80%99%22%5D%2C%22site_name%22%3A%5B%22therecord.com%22%5D%2C%22image%22%3A%5B%22https%3A%2F%2Fimages.thestarimages.com%2F21RM0ypiBVKdpVt5PEcYY7YruNg%3D%2F1280x1024%2Fsmart%2Ffilters%3Acb(1685649402679)%2Fhttps%3A%2F%2Fwww.therecord.com%2Fcontent%2Fdam%2Ftherecord%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems%2Funiversity_of_waterloo_1.jpg%22%5D%2C%22truncatedDescription%22%3A%5B%22%E2%80%98Fortunately%2C%2099.9%20per%20cent%20of%20our%20email%20users%20are%20not%20affected%20because%20their%20email%20services%20are%20hosted%20in%20the%20cloud%E2%80%99%22%5D%2C%22subsection%22%3A%5B%22Waterloo%20Region%22%5D%2C%22hasImage%22%3A%5B%22true%22%5D%2C%22asset_id%22%3A%5B%220f479f22-152f-4458-8510-6b3d72ba8d54%22%5D%2C%22thumbor_image%22%3A%5B%22%7B%5C%22imageid%5C%22%3A%5C%22GVT1QLA91.3%5C%22%2C%5C%22origImageSize%5C%22%3A%5C%221200x719%5C%22%2C%5C%22lastmodified%5C%22%3A1685646410893%2C%5C%22fullWindowMainart%5C%22%3Afalse%2C%5C%22forceoriginal%5C%22%3Afalse%2C%5C%22caption%5C%22%3A%5C%22%20The%20University%20of%20Waterloo%20said%20Thursday%20it%20interrupted%20a%20suspected%20ransomware%20attack.%20%5C%22%2C%5C%22source%5C%22%3A%5C%22Waterloo%20Region%20Record%20file%20photo%5C%22%2C%5C%22type%5C%22%3A%5C%22image%5C%22%2C%5C%22credit%5C%22%3A%5C%22Mathew%20McCarthy%5C%22%2C%5C%22mainartSize%5C%22%3A%5C%22medium%5C%22%2C%5C%22url%5C%22%3A%5C%22%2Fcontent%2Fdam%2Ftherecord%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems%2Funiversity_of_waterloo_1.jpg%5C%22%7D%22%5D%2C%22last_modified%22%3A%5B%222023-06-01T19%3A06%3A50.852Z%22%5D%2C%22inHouseArticle%22%3A%5B%22true%22%5D%2C%22enableLivechat%22%3A%5B%22false%22%5D%2C%22images%22%3A%5B%22https%3A%2F%2Fwww.therecord.com%2Fassets%2Fimg%2Ftherecord-ribbon.png%22%5D%2C%22noShow%22%3A%5B%22false%22%5D%2C%22enableConversations%22%3A%5B%22true%22%5D%2C%22abstract%22%3A%5B%22%E2%80%98Fortunately%2C%2099.9%20per%20cent%20of%20our%20email%20users%20are%20not%20affected%20because%20their%20email%20services%20are%20hosted%20in%20the%20cloud%E2%80%99%22%5D%2C%22smg_tag%22%3A%5B%22wrr%22%5D%2C%22enableLivechatadmin%22%3A%5B%22false%22%5D%2C%22author_names%22%3A%5B%22Robert%20Williams%22%5D%2C%22authors%22%3A%5B%22%5B%7B%5C%22author%5C%22%3A%5C%22Robert%20Williams%5C%22%7D%5D%22%5D%2C%22smg2_tag%22%3A%5B%22news%22%5D%7D&ttl=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.14.224 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
224.14.190.35.bc.googleusercontent.com
Software
openresty/1.13.6.2 /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:22 GMT
via
1.1 google
server
openresty/1.13.6.2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
content-type
image/gif
events
pixel.thestar.com/ 		0
117 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.thestar.com/events
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/549886031832745?v=2.9.104&r=stable
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1430:9000:eeee:2de2:4483:dc16 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.thespec.com
date
Fri, 02 Jun 2023 14:41:23 GMT
access-control-allow-credentials
true
content-length
0
vary
origin
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=549886031832745&ev=PageView&dl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&rl=https%3A%2F%2Fnews.google.com%2F&if=false&ts=1685716882918&sw=1600&sh=1200&v=2.9.104&r=stable&ec=0&o=30&fbp=fb.1.1685716882912.1095007794&eid=ob3_plugin-set_b0e25f45769b32e8b30eb2b5123eba2345b06e544b9d39cddb1e02fa77f2602a&cs_est=true&it=1685716882081&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 02 Jun 2023 14:41:22 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=465561283852945&ev=PageView&dl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&rl=https%3A%2F%2Fnews.google.com%2F&if=false&ts=1685716882920&sw=1600&sh=1200&v=2.9.104&r=stable&ec=0&o=30&fbp=fb.1.1685716882912.1095007794&it=1685716882081&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 02 Jun 2023 14:41:22 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
TheSpec
www.thespec.com/api/overlaydatarule/ 		36 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/overlaydatarule/TheSpec
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
f81dcd52bcb43ab9d7131914859c8e412f42cab53a5411812a6526a52d6f6a25
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:40:22 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
age
158
x-powered-by
Express
etag
W/"90e6-HYsSkTzjJW1A4wFm2i7H5grhfRc"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Hit from cloudfront
cache-control
max-age=180
x-amz-cf-id
LT8Y42tH2wYld9VRGemydC2nfdgyQXq_V2Fjf_DlxLXcrBMZkItURA==
overlaydata
www.thespec.com/api/ 		44 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.thespec.com/api/overlaydata
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/static/vendors~bundle.chunk.js?v=70ddd6d7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-87.ewr52.r.cloudfront.net
Software
Apache/2.4.57 (Unix) OpenSSL/1.1.1n / Express
Resource Hash
24ab75edf1a82aa35ce36917a67de6866caa71904eb001bdb13cfaa4901f03bb
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
gzip
via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
server
Apache/2.4.57 (Unix) OpenSSL/1.1.1n
x-amz-cf-pop
EWR52-C1
age
1
x-powered-by
Express
etag
W/"b0f0-hNk7KKvdas4qC939G12NSl11GT4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://amp.thespec.com
x-cache
Hit from cloudfront
cache-control
max-age=180
x-amz-cf-id
btP7U6__Yz7VvPTWaJThWgk7WPeei-lmwOOyBEsqOLMUAjba4tLIrw==
state
api.permutive.com/v1.0/ 		0
33 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v1.0/state?fetch_unseen=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
RC92631a6dea374f7f8c4e27bdaaf0a413-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RC92631a6dea374f7f8c4e27bdaaf0a413-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
49bd5cc239085142e293f889016f2329dfc5e6b96c4974468341c4af12bf343d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:06 GMT
x-amz-version-id
ALu2fJYvmGUskRNVn3Qg1dLze3L7WJr9
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"388ec145ed98f88ff80931dd624227af"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
498
x-amz-cf-id
-bKe6VzNHuzOuMJwtcBM6NPO1TRGKq603G9wZ2s20jFLzrQalKCb8g==
298
bc.thespec.com/DG/DEFAULT/rest/rpc/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bc.thespec.com/DG/DEFAULT/rest/rpc/298?referer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bcsessionid=36bdb71a-3844-486b-b1b8-35dac4ea5e8e&bctempid=&overruleReferrer=&time=2023-06-02T14%3A41%3A23%2B00%3A00&ts=1685716883172
Requested by
Host: bc.thespec.com
URL: https://bc.thespec.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-60.jfk50.r.cloudfront.net
Software
- /
Resource Hash
74ab538279bbe1a1ee19a79ff46eb25085f93c601646688ae11366bdd1c31c0d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 1721c5705940b20c9d951889ca1932b6.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
2520
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
3Sn-a6_c1JoyFx5BcdaqByKTXm5h312Y19Hsupc9DKoqGbFKY1rCKw==
expires
Thu, 01 Jan 1970 00:00:00 GMT
AGSKWxXldbvRMx-JGY7DqCANmJgdyk2ojbO841S0olAwqg1Bys8kdOHtqx1cVusBNtvROHvW5kZfygvQbCWaVxRDhdE=
fundingchoicesmessages.google.com/f/ 		133 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXldbvRMx-JGY7DqCANmJgdyk2ojbO841S0olAwqg1Bys8kdOHtqx1cVusBNtvROHvW5kZfygvQbCWaVxRDhdE=
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
9e14fd10a9c089db488b0266c4a36a3980b2bf174687344fb6d26fd0af0bfab8
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-D2qx5F9X6JL6gSlnqdV8lA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-security-policy
script-src 'report-sample' 'nonce-D2qx5F9X6JL6gSlnqdV8lA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
RC5e3aa078185a404a90c26089a206fc93-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RC5e3aa078185a404a90c26089a206fc93-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7a42dac047c13d30244074e7c1caf24f3c12a5af603c8e15b79b1bb84236dcb5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:06 GMT
x-amz-version-id
OTmLVhKnC5NJoHBabbaBHRtE4coSDShk
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"8b2988d9bb6bf2bea1f082246dee7f4e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
498
x-amz-cf-id
FrasOgJDn_SgvWEVnnTBSyiavWt45viBfG8rmTT4OvxXhSH6hLNdGg==
events
pixel.thestar.com/ 		0
116 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pixel.thestar.com/events
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/signals/config/549886031832745?v=2.9.104&r=stable
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:1430:9000:eeee:2de2:4483:dc16 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://www.thespec.com
date
Fri, 02 Jun 2023 14:41:23 GMT
access-control-allow-credentials
true
content-length
0
vary
origin
/
www.facebook.com/tr/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=549886031832745&ev=ViewContent&dl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&rl=https%3A%2F%2Fnews.google.com%2F&if=false&ts=1685716883258&sw=1600&sh=1200&v=2.9.104&r=stable&ec=1&o=30&fbp=fb.1.1685716882912.1095007794&eid=ob3_plugin-set_f98c378f3f3903bd1cd983c9beb5764e5320158b9669ea28bb5ad739a63d4160&it=1685716882081&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 02 Jun 2023 14:41:23 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=465561283852945&ev=ViewContent&dl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&rl=https%3A%2F%2Fnews.google.com%2F&if=false&ts=1685716883260&sw=1600&sh=1200&v=2.9.104&r=stable&ec=1&o=30&fbp=fb.1.1685716882912.1095007794&it=1685716882081&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 02 Jun 2023 14:41:23 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
RC0dc25b20a90b4585b160e266222619c3-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		971 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RC0dc25b20a90b4585b160e266222619c3-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
64eb1841c385edc0225cb4f85b2ea001cc69cccee156dea5d99a28cfacfe9be9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:06 GMT
x-amz-version-id
pProd1_JMKSdNnDOrzUUHGHPvethubLU
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P7
age
498
etag
"3a609f16f21e010b73bb99d7afd35275"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
971
x-amz-cf-id
62hRCq0tBwGE2iVGTTMkPOm5lLLxTMEf7vMNCulfOg20YO31ROzqQg==
RCd768af7a41d447a48ddbb694e078eba8-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RCd768af7a41d447a48ddbb694e078eba8-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
563ef2ed3f9d0f46ac612d268d96164a269cc6e6689d85afbf5d647c4b026334

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:02 GMT
x-amz-version-id
j4zuFRzXQ_BSwpW0P9bV3vm4NCtFkgo5
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"9f7b4240eb4c7c5ce0e6a49f6ddf31ec"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
502
x-amz-cf-id
j3EsdNpNuWynDq4tX7DIWaHICCHDJPzQQE3RIA3GZzzeQqJhaMNppg==
js
www.googletagmanager.com/gtag/ 		190 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-11101175418
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
39a2081996839223659775e59a17c80055abe389a7ba35cd43c8b9ac09f63d71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
69953
x-xss-protection
0
last-modified
Fri, 02 Jun 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 02 Jun 2023 14:41:23 GMT
js
www.googletagmanager.com/gtag/ 		190 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-11101175418&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M6PLRD&gtm_auth=2ozXXKEccdpJMKRFB8D5oA&gtm_preview=env-1&gtm_cookies_win=x
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a1ef1bae111d81a03790f14bd0726733ac21001f1a3636dcb3db5f6575cb6250
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
69953
x-xss-protection
0
last-modified
Fri, 02 Jun 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 02 Jun 2023 14:41:23 GMT
js
www.googletagmanager.com/gtag/ 		124 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-12987815
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
56058c446fe27877827d6a21a153507463b42db351d2508dffbbd2f19eccad74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49261
x-xss-protection
0
last-modified
Fri, 02 Jun 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 02 Jun 2023 14:41:23 GMT
js
www.googletagmanager.com/gtag/ 		124 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-12987815&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M6PLRD&gtm_auth=2ozXXKEccdpJMKRFB8D5oA&gtm_preview=env-1&gtm_cookies_win=x
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2008 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
80054139c1329d1a4fb14379f44aef7396b7bd351abaa58535c3254d696c3c46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49260
x-xss-protection
0
last-modified
Fri, 02 Jun 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 02 Jun 2023 14:41:23 GMT
RC336079137ceb479aab0ece6eedbf95e1-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		1020 B
977 B 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RC336079137ceb479aab0ece6eedbf95e1-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1604a5ba0f2f61ff17add24c3796fbf2275d0d70d66dd0ec001a79218f5a3099

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:06 GMT
x-amz-version-id
1xKqjpBUj1CFsNyMa7jbSyBGMKj5SRY.
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"d419ee4e79426c4b54d9f35731de136d"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
498
x-amz-cf-id
GNKAAt5XIu49VSSTP0lvFd-9vAibwSJS433GbOemzKQlPHBhQDh4Dg==
RCe057394b62624c84884a89981136d531-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		1 KB
989 B 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RCe057394b62624c84884a89981136d531-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
978ddf3ddbf0fe3fb2aa857326a2dc7a202193a10b95b1d011328f162ab6e598

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:06 GMT
x-amz-version-id
gbib6RjWJ0Yi_lUFXkylAFeSeFV7Khxt
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"44303d9e781fec41b89c567e24665cdc"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
498
x-amz-cf-id
pVft9zJ3dZiNLlLxASh9pannmiKhwv68gs7OViWSRb2cwYFCWMT1hQ==
AGSKWxVc_SL_QhPRSBQrSERhi6YUHiR3IKJjnqVUrShmjvGuTmCbz6GkP8lWVW4slgphCIB4Adl3tdAa_Tkc0e6IV8s=
fundingchoicesmessages.google.com/f/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVc_SL_QhPRSBQrSERhi6YUHiR3IKJjnqVUrShmjvGuTmCbz6GkP8lWVW4slgphCIB4Adl3tdAa_Tkc0e6IV8s=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjg1NzE2ODgzLDM4NjAwMDAwMF0sIkE4QTNFNEE0LUQwNEUtNEYxMC04QzZBLTg2NjVDNDI0Q0Y5OSIsbnVsbCxudWxsLFtudWxsLFs3XV0sImh0dHBzOi8vd3d3LnRoZXNwZWMuY29tL3RyL25ld3Mvd2F0ZXJsb28tcmVnaW9uLzIwMjMvMDYvMDEvdW5pdmVyc2l0eS1vZi13YXRlcmxvby1pbnRlcnJ1cHRzLXN1c3BlY3RlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbCIsbnVsbCxbWzgsInpmMVVkS1VZTU1jIl0sWzksImVuLVVTIl0sWzE2LCJbMSwxLDFdIl0sWzE3LCJbMF0iXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0e9ccac01e78946f97c905d468ca5a23e4c48aab3f84fe187d1b4cc0a19898bb
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-WYhQiNe1orLhNH5RQxSsYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:23 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-WYhQiNe1orLhNH5RQxSsYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
RCf39ced5c22854dc7bd6e804a34d45663-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RCf39ced5c22854dc7bd6e804a34d45663-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5f38fdbb3a0b25f3fbd984e544b8f1cd33252c19757a23dad98582bd498e220d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:33:07 GMT
x-amz-version-id
YfvxaztmSIz1CTDKDIZni6sdx2ny9WwF
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"c62d873d09adddd63bcfbe2f0d92c99b"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
497
x-amz-cf-id
1b27_YYCvCIACg8LrYhLA6qntk9ZslTWOHrmPgbwytFSG6nASriNwA==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/11101175418/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11101175418/?random=1685716883419&cv=11&fst=1685716883419&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&hn=www.googleadservices.com&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&auid=1430835873.1685716883&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11101175418&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
683a1a8b9a62ef07363ed753ef08af2037c6f7e951ba5ac3fa2d3b1cbcd8a8cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1484
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/11101175418/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/11101175418/?random=1685716883443&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&label=oXUeCNn52Y0YEPr8ua0p&hn=www.googleadservices.com&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&gtm_ee=1&ec_m=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)*A%3Atrue%3A25%3Afalse*1&ec_sel=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)&ec_meta=A%3Atrue%3A25%3Afalse&ec_lat=0&ec_s=1&auid=1430835873.1685716883&uamb=0&uaw=0&data=event%3Dconversion&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-11101175418&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.98 East White Plains, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s79-in-f2.1e100.net
Software
cafe /
Resource Hash
8f7e2aec938d93a79372ef71ee7ebf36406aba48ea8777d194b5570faf2927b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:23 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1819
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ Frame 29DE 		0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.thespec.com
Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.thespec.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Fri, 02 Jun 2023 14:41:23 GMT
priority
u=0,i
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
/
www.facebook.com/tr/ Frame A2A5 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.thespec.com
Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.thespec.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Fri, 02 Jun 2023 14:41:23 GMT
priority
u=0,i
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
activityi;dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=htt...
12987815.fls.doubleclick.net/ Frame 1140
Redirect Chain
  • https://12987815.fls.doubleclick.net/activityi;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=...
  • https://12987815.fls.doubleclick.net/activityi;dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;u...
577 B
668 B 		Document
General
Check archive.org
Download Go to
Full URL
https://12987815.fls.doubleclick.net/activityi;dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-12987815
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.134 East White Plains, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s80-in-f6.1e100.net
Software
cafe /
Resource Hash
93d615f48a65ed6c18de3415af8431bd0b7c16b1b45fa06935589019a2257afb
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
330
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 02 Jun 2023 14:41:23 GMT
expires
Fri, 02 Jun 2023 14:41:23 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 02 Jun 2023 14:41:23 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://12987815.fls.doubleclick.net/activityi;dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
RCcebeff8c827742329aac568372637b0b-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		1 KB
970 B 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RCcebeff8c827742329aac568372637b0b-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbaf07acd0356b90bb8d0ca983d2d2d19f7a3426e5b89c8cdcd9c9d28193fca8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:32:49 GMT
x-amz-version-id
pVC2.PiJjCP9H0sN5K7_U59YRCeDO.Wn
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"1e409dfea5bd5fe54adddcee492963ac"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
515
x-amz-cf-id
zQqBahXDC7MLz0e-l9pIyjxrJqE4jKoJS2pz00AbUYznT3PwY7_lAQ==
/
www.google.com/pagead/1p-user-list/11101175418/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/11101175418/?random=1685716883419&cv=11&fst=1685714400000&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3120678448&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2004 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/11101175418/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/11101175418/?random=1685716883419&cv=11&fst=1685714400000&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3120678448&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://insight.adsrvr.org/track/pxl/?adv=33bbu1k&ct=0:l2muwt0&fmt=3
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=M2QwMGJiZDEtYTM1MS00YjMyLTk4NDYtNDAxMWFjZjNjMDIy&gdpr=0&gdpr_consent=&ttd_tdid=3d00bbd1-a351-4b32-9846-4011a...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=3d00bbd1-a351-4b32-9846-4011acf3c022&google_gid=CAESELWy5VJF7s7LQ4YY3ehZz5M&google_cver=1
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=3d00bbd1-a351-4b32-9846-4011acf3c022&_origin=1&redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=3d00bbd1-a351-4b32-9846-4011acf3c022&_origin=1&redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-xlNq3oFE2uLZtPwUy3ORkmfHshuxtKc-~A&gdpr=0
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=3d00bbd1-a351-4b32-9846-4011acf3c022
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fmatch.adsrvr.org%252ftrack%252fcmf%252fappnexus%253fttd%253d1%2526anid%253d%2524UID%26ttd_tdid%3D3d00bbd1-a351-4b32-9846-4011acf3c022
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=561783506929456550&ttd_tdid=3d00bbd1-a351-4b32-9846-4011acf3c022
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&expiration=1688308884&gdpr=0&gdpr_consent=
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&expiration=1688308884&gdpr=0&gdpr_consent=&C=1
43 B
766 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=39&external_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&expiration=1688308884&gdpr=0&gdpr_consent=&C=1
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
/rum?cm_dsp_id=39&external_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&expiration=1688308884&gdpr=0&gdpr_consent=&C=1
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
0
Expires
0
RC0ce5bb995d064dccbfa9bf274646021d-source.min.js
resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/ 		2 KB
1017 B 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/RC0ce5bb995d064dccbfa9bf274646021d-source.min.js
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/launch-EN5e55511c260e4c0cb05872ba3729b255.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-117.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f13c139d48dadf2a0c42bc0d21525dcc27989bb3a4181b1d4d972e54c8a20b63

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:32:50 GMT
x-amz-version-id
RSxMBDeCU.RunLcxuFOEA1zX0G3krCkU
content-encoding
gzip
last-modified
Fri, 02 Jun 2023 14:32:15 GMT
server
AmazonS3
via
1.1 fe705b44d5a5a2d7d6e73595ceeca2e2.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
etag
W/"1bbfa6d8368446042e876147696e6735"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
age
514
x-amz-cf-id
NZOy6TqLRAHiKsuxh8U7rKFhVw1ChhnHNRXGb-rI3ULQGRg8UDVn_Q==
/
cdn.cluepixel.com/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cluepixel.com/?id=101&a1=https%3A%2F%2Fnews.google.com%2F&a2=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&a15=universal
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::11 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers
/
www.google.ca/pagead/1p-conversion/11101175418/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww...
  • https://www.google.com/pagead/1p-conversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fn...
  • https://www.google.ca/pagead/1p-conversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fne...
42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-conversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&label=oXUeCNn52Y0YEPr8ua0p&hn=www.googleadservices.com&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&gtm_ee=1&ec_m=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)*A%3Atrue%3A25%3Afalse*1&ec_sel=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)&ec_meta=A%3Atrue%3A25%3Afalse&ec_lat=0&ec_s=1&auid=1430835873.1685716883&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOEtibW93WVE1N3l2bU92TnFaZEtFaVlBSGw4eFFTX1kyN2ZNOWpNR0otQ0VKX0lDU19qZG9KSkFRMkZUeWFjX1g3ejJtbHc3encaWENoQUk4S2Jtb3dZUXctRHc5Nnp1cG9WcEVpNEFSVTdmb3pPdW5IMWJiQVpNT2xFUnhmWmZySkhkUGd4TUNnMm5MbWQ3T2NpRGVHWTFTc3FtMC1COVN6bWEiEwiT-6Lg6KT_AhV0DGgIHSnMCf0&is_vtc=1&ocp_id=k_95ZNPlH_SYoPMPqZin6A8&cid=CAQSKQBygQiDQQJqCA2OVQcVlYtcA8loIFtUWBu828gZe8fPNSeX-7uUTWu-&random=3476104424&ipr=y&ezwbk=AZuM4hAAX5fHv_ugl6wUiw8a8rey-PNwFrbelkBaaopUjmFdcRRouYjg4tKfl4XD46el-uLjz4yFEmydnV7GiZ-CHpnn
Protocol
H2
Server
2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:23 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.ca/pagead/1p-conversion/11101175418/?random=452570527&cv=11&fst=1685716883443&bg=ffffff&guid=ON&async=1&gtm=45be35v0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&label=oXUeCNn52Y0YEPr8ua0p&hn=www.googleadservices.com&frm=0&tiba=%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%20%7C%20TheSpec.com&gtm_ee=1&ec_m=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)*A%3Atrue%3A25%3Afalse*1&ec_sel=%23body-content%3E%3Anth-child(1)%3E%3Anth-child(3)%3E%3Anth-child(1)%3E%3Anth-child(2)%3E%3Anth-child(1)%3E%3Anth-child(20)%3E%3Anth-child(2)%3E%3Anth-child(2)&ec_meta=A%3Atrue%3A25%3Afalse&ec_lat=0&ec_s=1&auid=1430835873.1685716883&uamb=0&uaw=0&data=event%3Dconversion&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJOEtibW93WVE1N3l2bU92TnFaZEtFaVlBSGw4eFFTX1kyN2ZNOWpNR0otQ0VKX0lDU19qZG9KSkFRMkZUeWFjX1g3ejJtbHc3encaWENoQUk4S2Jtb3dZUXctRHc5Nnp1cG9WcEVpNEFSVTdmb3pPdW5IMWJiQVpNT2xFUnhmWmZySkhkUGd4TUNnMm5MbWQ3T2NpRGVHWTFTc3FtMC1COVN6bWEiEwiT-6Lg6KT_AhV0DGgIHSnMCf0&is_vtc=1&ocp_id=k_95ZNPlH_SYoPMPqZin6A8&cid=CAQSKQBygQiDQQJqCA2OVQcVlYtcA8loIFtUWBu828gZe8fPNSeX-7uUTWu-&random=3476104424&ipr=y&ezwbk=AZuM4hAAX5fHv_ugl6wUiw8a8rey-PNwFrbelkBaaopUjmFdcRRouYjg4tKfl4XD46el-uLjz4yFEmydnV7GiZ-CHpnn
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=*;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ft...
adservice.google.com/ddm/fls/z/ Frame 1140 		42 B
401 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://adservice.google.com/ddm/fls/z/dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=*;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Requested by
Host: 12987815.fls.doubleclick.net
URL: https://12987815.fls.doubleclick.net/activityi;dc_pre=CN2spuDopP8CFVLahwod7jMKsw;src=12987815;type=invmedia;cat=thesp0;ord=6440512224478;gtm=45fe35v0;auiddc=1430835873.1685716883;uaa=;uab=;uafvl=;uam=;uamb=0;uap=;uapv=;uaw=0;~oref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://12987815.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:23 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bid
aax.amazon-adsystem.com/e/dtb/ 		127 B
568 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=5028&u=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&pr=https%3A%2F%2Fnews.google.com%2F&pid=ACJwSSIgngtJI&cb=0&ws=1600x1200&v=23.517.1921&t=2000&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-9%22%2C%22s%22%3A%5B%222x1%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-10%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-11%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-1%22%2C%22s%22%3A%5B%221x1%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-2%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-3%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-4%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x250%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-5%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-6%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-7%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-large-news-waterloo-region-8%22%2C%22s%22%3A%5B%22134x170%22%5D%2C%22sn%22%3A%2258580620%2Fthe_spec%2Fnews%2Fwaterloo-region%22%7D%5D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.98.157 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-98-157.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
1b29af82ad757fab4ab348e30008412ea6380c49637bff2366212fbd7d6ea236
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 8a9cdb228e33f8d52a4b42c56ca26590.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-amz-rid
F1M2SEVH4W3ED08143DC
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
127
x-amz-cf-id
FC3KgI8WZeKgp2Mkjco9J8b_Iu8r5MHIjQjj-UEvatPqVXEXZvSKgg==
integrator.js
adservice.google.ca/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=www.thespec.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
317 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.thespec.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
iu3
s.amazon-adsystem.com/ Frame 99A9
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5&dcc=t
297 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5&dcc=t
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
b3e7087e228be3a58b28db80acc7ba4d178749326af5386b4b754f1160b6b44a
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
297
Content-Type
text/html;charset=ISO-8859-1
Date
Fri, 02 Jun 2023 14:41:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
HTFXD6EE6G75NBKZMJPH

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Fri, 02 Jun 2023 14:41:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
YFVFXDGCPZFFJSS6YFQB
ads
securepubads.g.doubleclick.net/gampad/ 		307 KB
34 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1993785869996969&correlator=2145161071438846&eid=31074993%2C31075057&output=ldjh&gdfp_req=1&vrg=202305300101&ptt=17&impl=fifs&iu_parts=58580620%2Cthe_spec%2Cnews%2Cwaterloo-region&enc_prev_ius=0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3%2C0%2F1%2F2%2F3&prev_iu_szs=2x1%2C300x250%7C300x600%2C300x250%7C300x600%2C1x1%2C728x90%2C728x90%7C970x250%2C728x90%7C970x250%2C134x170%2C134x170%2C134x170%2C134x170&ifi=1&adks=3403783111%2C3280074653%2C3280074652%2C3830593978%2C925884987%2C2481828497%2C2481828496%2C2888541442%2C2888541443%2C2888541452%2C2888541453&sfv=1-0-40&prev_scp=pos%3D1%26refresh%3Dfalse%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dtrue%26hb_format_ozone%3Dbanner%26hb_size_ozone%3D300x600%26hb_pb_ozone%3D0.26%26hb_adid_ozone%3D226a99aaa048ea-0-oz-0%26hb_bidder_ozone%3Dozone%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.26%26hb_adid%3D226a99aaa048ea-0-oz-0%26hb_bidder%3Dozone%26oz_size%3D300x600%26oz_adId%3D226a99aaa048ea-0-oz-0%26oz_pb_r%3D0.21%26oz_pb%3D0.210367%26oz_pb_v%3D2.7.0-torstar-ix-cad-fix%26oz_imp_id%3D226a99aaa048ea%26oz_bid%3Dtrue%26oz_winner%3Dappnexus%26oz_auc_id%3Da2b726e0-b045-4757-9a1c-c3d763533d0b%26oz_appnexus_pb_r%3D0.21%26oz_appnexus_adId%3D226a99aaa048ea-0-oz-0%26oz_appnexus_adv%3Dchapelle-outremont.ca%26oz_appnexus_crid%3D424928898%26oz_appnexus%3Dappnexus%26amznbid%3D2%26amznp%3D2%7Cpos%3D2%26refresh%3Dtrue%26hb_format_ozone%3Dbanner%26hb_size_ozone%3D300x600%26hb_pb_ozone%3D0.26%26hb_adid_ozone%3D31b91ed1a8007c-0-oz-1%26hb_bidder_ozone%3Dozone%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.26%26hb_adid%3D31b91ed1a8007c-0-oz-1%26hb_bidder%3Dozone%26oz_size%3D300x600%26oz_adId%3D31b91ed1a8007c-0-oz-1%26oz_pb_r%3D0.21%26oz_pb%3D0.210367%26oz_pb_v%3D2.7.0-torstar-ix-cad-fix%26oz_imp_id%3D31b91ed1a8007c%26oz_bid%3Dtrue%26oz_winner%3Dappnexus%26oz_auc_id%3Da2b726e0-b045-4757-9a1c-c3d763533d0b%26oz_appnexus_pb_r%3D0.21%26oz_appnexus_adId%3D31b91ed1a8007c-0-oz-1%26oz_appnexus_adv%3Dlecartier.ca%26oz_appnexus_crid%3D401525779%26oz_appnexus%3Dappnexus%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dtrue%26hb_format_ozone%3Dbanner%26hb_size_ozone%3D728x90%26hb_pb_ozone%3D0.18%26hb_adid_ozone%3D5ae4e62ccce791-0-oz-0%26hb_bidder_ozone%3Dozone%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.18%26hb_adid%3D5ae4e62ccce791-0-oz-0%26hb_bidder%3Dozone%26oz_size%3D728x90%26oz_adId%3D5ae4e62ccce791-0-oz-0%26oz_pb_r%3D0.14%26oz_pb%3D0.142749%26oz_pb_v%3D2.7.0-torstar-ix-cad-fix%26oz_imp_id%3D5ae4e62ccce791%26oz_bid%3Dtrue%26oz_winner%3Dappnexus%26oz_auc_id%3D0e3ae82d-daba-4401-afec-bf401a78b7f5%26oz_appnexus_pb_r%3D0.14%26oz_appnexus_adId%3D5ae4e62ccce791-0-oz-0%26oz_appnexus_adv%3Dlecartier.ca%26oz_appnexus_crid%3D401763402%26oz_appnexus%3Dappnexus%26amznbid%3D2%26amznp%3D2%7Cpos%3D2%26refresh%3Dtrue%26hb_format_ozone%3Dbanner%26hb_size_ozone%3D970x250%26hb_pb_ozone%3D0.08%26hb_adid_ozone%3D67b8f29fe1779c-1-oz-0%26hb_bidder_ozone%3Dozone%26oz_ix_pb_r%3D0.06%26oz_ix_adId%3D67b8f29fe1779c-1-oz-0%26oz_ix_adv%3Dkalesafe.com%26oz_ix_crid%3D25048205%26oz_ix%3Dix%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.08%26hb_adid%3D67b8f29fe1779c-1-oz-0%26hb_bidder%3Dozone%26oz_size%3D970x250%26oz_adId%3D67b8f29fe1779c-1-oz-0%26oz_pb_r%3D0.06%26oz_pb%3D0.062992%26oz_pb_v%3D2.7.0-torstar-ix-cad-fix%26oz_imp_id%3D67b8f29fe1779c%26oz_bid%3Dtrue%26oz_winner%3Dix%26oz_auc_id%3D0e3ae82d-daba-4401-afec-bf401a78b7f5%26amznbid%3D2%26amznp%3D2%7Cpos%3D3%26refresh%3Dtrue%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2%7Cpos%3D1%26refresh%3Dundefined%26polarAdDisplayType%3Dwith_column_image%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=permutive%3D79992%252C79993%252C79994%252Crts%26gs_channels%3Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%26tkspo%3D9%26env%3Dbeta%26referrer%3Dgoogle%26environment%3Dproduction%26cutpoint%3Dlarge%26subscribed%3Dno%26registered%3Dno%26author%3Drobertwilliams%26assetid%3D0f479f22-152f-4458-8510-6b3d72ba8d54%26kvng%3Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%26kvcalais%3Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cwaterloo%252Cnational_security%252Crebecca_elming%26key%3D%2520%26article_b%3Dtrue%26prmtvsdk%3Dweb&ppid=14704239918408065180314003276415442791&sc=1&cookie_enabled=1&abxe=1&dt=1685716884154&lmt=1685716884&dlt=1685716880214&idt=1362&adxs=1036%2C1050%2C1050%2C0%2C436%2C436%2C436%2C217%2C515%2C812%2C1110&adys=1416%2C1462%2C2121%2C0%2C0%2C4215%2C6222%2C4822%2C4822%2C4822%2C4822&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C2%7C3%7C0%7C0%7C4%7C5%7C6%7C7%7C8%7C9&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca%7Cb&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ref=https%3A%2F%2Fnews.google.com%2F&frm=20&vis=1&psz=328x1%7C300x-1%7C300x-1%7C1600x0%7C1600x-1%7C728x90%7C728x90%7C273x0%7C273x0%7C273x0%7C273x0&msz=328x1%7C300x-1%7C300x-1%7C1x-1%7C1600x-1%7C728x90%7C728x90%7C273x0%7C273x0%7C273x0%7C273x0&fws=4%2C516%2C516%2C4%2C516%2C4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&ga_vid=27418797.1685716881&ga_sid=1685716884&ga_hid=477708834&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4b7536e7a009e1e43e5da7cba000269c401db82ec2c76c83027aa36cf3276445
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2,-2,-2,407102,407102,-2,-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34463
x-xss-protection
0
google-lineitem-id
5886863882,5914509064,5914509064,-2,5914509049,-1,-1,6293101149,6276373650,6276373650,6255858455
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138378437674,138380890222,138380890264,-2,138380890237,-1,-1,138432729052,138434605512,138434576033,138434837862
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305300101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
39cde2628915da4d5c9c1672bf8435916c42e58721c3fe89e4512951d7f9da0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11131
x-xss-protection
0
container.html
8fd3bc06c5801f35dd31c36f0bd0a294.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A97D 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://8fd3bc06c5801f35dd31c36f0bd0a294.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 02 Jun 2023 14:41:24 GMT
expires
Sat, 01 Jun 2024 14:41:24 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
s41911114707673
s.thespec.com/b/ss/torontodnnlocal/1/JS-2.23.0-LDQM/ 		43 B
328 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://s.thespec.com/b/ss/torontodnnlocal/1/JS-2.23.0-LDQM/s41911114707673
Requested by
Host: resources.thestar.com
URL: https://resources.thestar.com/cf7f3d5747a0/cb6b77270cd8/6f6fb187a386/hostedLibFiles/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.38.113 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ip-63-140-38-113.data.adobedc.net
Software
jag /
Resource Hash
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy"
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 03 Jun 2023 14:41:24 GMT
server
jag
etag
3620049444915380224-4619323252129119107
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
expires
Thu, 01 Jun 2023 14:41:24 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 02 Jun 2023 14:41:24 GMT
pr
s.amazon-adsystem.com/v3/ Frame AAF2 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_ox-db5_rbd_an-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
b7e923b744b90a3af2ae85b1ef0b797a7611056cfb4879f90aa8ced6679885e9
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-sharethrough_rbd_ox-db5_an-db5&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
1219
Content-Type
text/html;charset=ISO-8859-1
Date
Fri, 02 Jun 2023 14:41:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
5RQ5CQDWT6FEV4Z9J0PS
/
match.sharethrough.com/jwumXNuB/v1/ Frame 3827 		427 B
944 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_ox-db5_rbd_an-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.231.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-231-85.compute-1.amazonaws.com
Software
/
Resource Hash
cb173186366387bcf49ac06892d80f8575a49fce32f1fe0d35569e6a1518a8cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-length
427
date
Fri, 02 Jun 2023 14:41:24 GMT
cm
u.openx.net/w/1.0/ Frame D4CF
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX...
693 B
733 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_ox-db5_rbd_an-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
6cc3cea50ece06b0fdea4c8470095557062eecbf8b9b5579cf326394067bdacb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
401
content-type
text/html
date
Fri, 02 Jun 2023 14:41:24 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 02 Jun 2023 14:41:24 GMT
location
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
via
1.1 google
usync.html
eus.rubiconproject.com/ Frame 91AA 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_ox-db5_rbd_an-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-3-115-102.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 02 Jun 2023 14:41:24 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
ecm3
s.amazon-adsystem.com/ Frame 0D3F
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.amazon-adsystem.com/ecm3?id=$UID&ex=appnexus.com
  • https://s.amazon-adsystem.com/ecm3?id=561783506929456550&ex=appnexus.com
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?id=561783506929456550&ex=appnexus.com
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-sharethrough_ox-db5_rbd_an-db5&fv=1.0&a=cm&cm3ppd=1&dmt=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Fri, 02 Jun 2023 14:41:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
HH8JZ3AKMHZ81NB0YQGM

Redirect headers

AN-X-Request-Uuid
0df7833d-1b2a-466a-b8fd-b5c061006457
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Fri, 02 Jun 2023 14:41:24 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://s.amazon-adsystem.com/ecm3?id=561783506929456550&ex=appnexus.com
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.23.2
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2D17 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
79180
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 01 Jun 2023 16:41:44 GMT
expires
Fri, 31 May 2024 16:41:44 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 2B3B 		783 B
534 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2004 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c3f150ee9a5d40ccc643b5aae13a580dac5c2741ed2944aded212c78438bee24
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-xXm2Nrtjr-lKGIMolZklLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-xXm2Nrtjr-lKGIMolZklLA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 02 Jun 2023 14:41:24 GMT
expires
Fri, 02 Jun 2023 14:41:24 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
EHMIEcXmxjhpa6ysVw94xheqxns9jQBWcUzwmgw4Ck0.js
pagead2.googlesyndication.com/bg/ Frame 2D17 		38 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/EHMIEcXmxjhpa6ysVw94xheqxns9jQBWcUzwmgw4Ck0.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
10730811c5e6c638696bacac570f78c617aac67b3d8d0056714cf09a0c380a4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 14:14:46 GMT
content-encoding
br
x-content-type-options
nosniff
age
174398
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14824
x-xss-protection
0
last-modified
Tue, 30 May 2023 11:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 30 May 2024 14:14:46 GMT
ecm3
s.amazon-adsystem.com/ Frame D4CF 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=9aeda2a5-a037-8656-93bc-ee6808c5786e
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
QZ12VBV4C1226APVTQRN
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
56fcb89c-2c31-afe5-6265-7a0a9fa17ec7
pr-bh.ybp.yahoo.com/sync/openx/ Frame D4CF 		43 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/56fcb89c-2c31-afe5-6265-7a0a9fa17ec7?gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a07:1d29:9fda:71f8:ef93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
dcm
s.amazon-adsystem.com/ Frame D4CF 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=9aeda2a5-a037-8656-93bc-ee6808c5786e
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
R7Y0JEZ5AB3W13G1P541
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
openx
match.adsrvr.org/track/cmf/ Frame D4CF 		70 B
598 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=c23bded8-bc9d-3dac-53b2-6cff60f6b38e&gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame D4CF 		170 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZWU1NDBkMTItNzVlYS02MzA4LTQ2NTItMzY0NmFhMTQ3ZGVl
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul02s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame D4CF
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC3GYKbUzQutMuwgvNJspLg&google_cver=1
43 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC3GYKbUzQutMuwgvNJspLg&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEC3GYKbUzQutMuwgvNJspLg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 2B3B 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305300101&jk=1993785869996969&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers
usync.js
eus.rubiconproject.com/ Frame 91AA 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-3-115-102.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
0b6d1e665ed037683597a779c1d367c8d58c182bf7fd76c8ed651ce6e43f5cb8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:24 GMT
Content-Encoding
gzip
Last-Modified
Fri, 02 Jun 2023 02:13:43 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=41595
Connection
keep-alive
Content-Length
10112
Expires
Sat, 03 Jun 2023 02:14:39 GMT
ecm3
s.amazon-adsystem.com/ Frame 3827 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=fdb0baa9-3fb0-4a86-a520-d53416904644
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
NZA0HSBK0BPHVGGMAB2Q
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
v1
match.sharethrough.com/sync/ Frame 3827
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
  • https://secure.adnxs.com/getuid?https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=$UID
  • https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=561783506929456550
68 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=561783506929456550
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
34.196.231.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-231-85.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Date
Fri, 02 Jun 2023 14:41:24 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
b0b5c452-27b9-4182-be13-a1299dcff36c
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://match.sharethrough.com/sync/v1?source_id=0e8893f90b606c9c5d33f1be&gdpr=0&gdpr_consent=&source_user_id=561783506929456550
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
match.sharethrough.com/sync/ Frame 3827
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
  • https://bttrack.com/pixel/cookiesync?source=d0afdff5-c51e-4a8d-b07b-b52a29015170&secure=1
  • https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=ee2e694b-9bf4-467c-b7b6-9a70b7b6a777&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
68 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=ee2e694b-9bf4-467c-b7b6-9a70b7b6a777&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
34.196.231.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-231-85.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

x-servername
Track003-iad
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:08 GMT
strict-transport-security
max-age=31536000;
content-type
text/html; charset=utf-8
location
https://match.sharethrough.com/sync/v1?source_id=FGhqNjC2WnFmmvNpTL32LMME&source_user_id=ee2e694b-9bf4-467c-b7b6-9a70b7b6a777&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}
cache-control
private,no-cache
content-length
296
expires
-1
v1
match.sharethrough.com/sync/ Frame 3827
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
68 B
605 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
34.196.231.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-231-85.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
v1
match.sharethrough.com/sync/ Frame 3827
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
  • https://ssum.casalemedia.com/usermatchredir?s=186046&cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__
  • https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
68 B
608 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D$UID
Protocol
H2
Server
34.196.231.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-231-85.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
0
Expires
0
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=2.900126372422488
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-WezFHJNgBw3MGt9F4qhImw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-security-policy
script-src 'report-sample' 'nonce-WezFHJNgBw3MGt9F4qhImw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
px.gif
fundingchoicesmessages.google.com/img/ 		43 B
68 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=0.35841627268496734
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-fmehX6GK0RLN9ujCBfLrFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-security-policy
script-src 'report-sample' 'nonce-fmehX6GK0RLN9ujCBfLrFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
image/gif
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 91AA
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&khaos=LIEOB497-C-4XP5
  • https://s.amazon-adsystem.com/ecm3?id=LIEOB497-C-4XP5&ex=d-rubiconproject.com&status=ok
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=LIEOB497-C-4XP5&ex=d-rubiconproject.com&status=ok
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
MEPPT4WW7KK3KEQ650KS
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://s.amazon-adsystem.com/ecm3?id=LIEOB497-C-4XP5&ex=d-rubiconproject.com&status=ok
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
368ba1c92c09ff88b641150fbbf94341
Expires
0
AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-kRjXW8MVxsNcN8JSkhJ2mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-kRjXW8MVxsNcN8JSkhJ2mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.thespec.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 2D17 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?8RG__A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame 91AA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TElFT0I0OTctQy00WFA1
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEB7-iaysKFtDqsMvfLXzZCY&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElFT0I0OTctQy00WFA1&google_push=
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElFT0I0OTctQy00WFA1&google_push=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H3
Server
172.217.13.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul02s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TElFT0I0OTctQy00WFA1&google_push=
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
Expires
0
tap.php
pixel.rubiconproject.com/ Frame 91AA
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA169PBEoPBZKdIF_YWOe_I&google_cver=1
42 B
892 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA169PBEoPBZKdIF_YWOe_I&google_cver=1
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
10af108baa8103fb427a2cc0433d74a0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA169PBEoPBZKdIF_YWOe_I&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 91AA
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=&expires=30
42 B
892 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
10af108baa8103fb427a2cc0433d74a0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=&expires=30
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
289
setuid
px.ads.linkedin.com/ Frame 91AA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIEOB497-C-4XP5
0
515 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIEOB497-C-4XP5
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 8E3EAE89277948D88538565DFDABBEA4 Ref B: YMQ01EDGE0605 Ref C: 2023-06-02T14:41:24Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX9JowdR/UKNGoQkRR4Kw==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LIEOB497-C-4XP5
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
10af108baa8103fb427a2cc0433d74a0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
dcm
aax-eu.amazon-adsystem.com/s/ Frame 91AA 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.224.144 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
YWZARAZKXFP40DEEV8VT
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
tap.php
pixel.rubiconproject.com/ Frame 91AA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/uckgxDIs-96fkBQB1a-BgA?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-CTr8cT9E2oJVf2_vSz4q1orU._1KE9EqrRvF.A--~A
42 B
892 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-CTr8cT9E2oJVf2_vSz4q1orU._1KE9EqrRvF.A--~A
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
8.43.72.98 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
10af108baa8103fb427a2cc0433d74a0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Fri, 02 Jun 2023 14:41:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-CTr8cT9E2oJVf2_vSz4q1orU._1KE9EqrRvF.A--~A
content-length
0
ecm3
s.amazon-adsystem.com/ Frame 91AA
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=3zDJKnvkRaiSiFM3g1uLzg&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3zDJKnvkRaiSiFM3g1uLzg
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3zDJKnvkRaiSiFM3g1uLzg
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
HTTP/1.1
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
DZ3K8QPY8RHWP6EASEWK
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=3zDJKnvkRaiSiFM3g1uLzg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
10af108baa8103fb427a2cc0433d74a0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame 91AA
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ0NTE1OGExNWEzMDE1ZjU4Nzk4MzNkNTk4M2NiYzI5ZGJhYWViYg
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ0NTE1OGExNWEzMDE1ZjU4Nzk4MzNkNTk4M2NiYzI5ZGJhYWViYg
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east
Protocol
H3
Server
172.217.13.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul02s05-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YjQ0NTE1OGExNWEzMDE1ZjU4Nzk4MzNkNTk4M2NiYzI5ZGJhYWViYg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
view
securepubads.g.doubleclick.net/pcs/ Frame D823 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv4nMAwjtcpupqD1vNvNsITZi6Z05nWpMu-uREtt_i1ia74JjRSbwcMjyf_-2MnpnNO-glZp3KKdmN9pXzM5jzF6_SPW65wsb0dij5HfC4QfLkO4GdYg-C1vBRA9RWgfPvR2i2h4SI_k0zCaTB7PzkXQzyQE9Dh4a-Nz3oOOcOWdVH-cLwnv1q2rVic7MvO8YPKnAqL_Oi8qCIbCsGNSY_qquRxv8hO-swn1zCqKKn14OJJia-CJNMn1h9_AKQaSNFQ2KW36-KbnsZ0DySMz49ZgOX_a6WwLA4dxEdlswBb1gJ54tRbp6oqPyyQqDA7cqfes09aq8-83jZ1WEXJFw&sai=AMfl-YTwUN5DwiU2YaWfAlqTrhdiJoZ7syg6ov0fQhLE5sPDRlc5Dt27g9DsEIrGKJsJLTXpQJQY1LFtqUbeULcfefkYqXSLj-uCDBGnRXYukwyJssFibSuo1ro_XV5Y60MsxFUoNn411vjx2ZzQoy44&sig=Cg0ArKJSzMFLUcMxH-LnEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
freeskreen.min.js
static.freeskreen.com/ba/22/ Frame D823 		28 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.freeskreen.com/ba/22/freeskreen.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-103.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7bb05bc0a6f02c90de52b1a2600ee3524a379b0a1bc01b14079b2c19371c1af1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-amz-version-id
Qb5vjlXI9EC2gLvpj6f5a4y5gFJRZ1o3
Content-Encoding
gzip
Via
1.1 6f9ef5ae165c9835aa6935d9fb7e2072.cloudfront.net (CloudFront)
Date
Fri, 02 Jun 2023 12:27:13 GMT
Last-Modified
Wed, 29 Sep 2021 21:16:14 GMT
Server
AmazonS3
X-Amz-Cf-Pop
EWR53-P1
Age
8052
ETag
"4d0871684e9b79b9dcde7ccd604b0c1e"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9641
X-Amz-Cf-Id
cjjsQ5LHQTil2hDPWpxFEtq6_IpMRLQWe2oYnwrEa5MfZ689sfyWQQ==
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame D823 		171 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54276
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1685532878231373"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 Jun 2023 14:41:24 GMT
moatad.js
z.moatads.com/torontostar63296366476/ Frame D823 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8964a5347b489a4bb3a8a4040198055dc71df378a7237a2dccec66ba12c2258e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
52ANFMBMK2QAR5W5
etag
"67ec8b92b6e22827e1421995e42dfdc2"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=36640
accept-ranges
bytes
content-length
3992
x-amz-id-2
doH/sRZdO4prlrIcFpESOILnYxu+1WFDi82jojcBUtJrJgi4d3SPW25LTTm56KeHJv3Ud6UeZIs=
view
securepubads.g.doubleclick.net/pcs/ Frame 8258 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuSuw1PeLVZFsnrU44rlk95S0kqqI8SQEC9WvzXpdzs1wdZQg68pDKO2Nuv2Wq0GKqNfrMi9SnDqe2OdSiHGgc8hEZTBbsZIO6ASF15IUrxzib9sGxhgFzRpJiotQJs2X5x2KQpfEv8UhBoxPic9tihPUNTHdw6m3CJjUc0EO9EXFEn0shbAJ2sdXpgFdh4QoGh04M7wnzmWVGowJVTuDUPKfj2xIjgv_Y5FUz1cYpYqDGKfBXGbR_n5pgVA4e7Jb-6suD2sPQIAM5tBzb-duduU0b3HCz38uChKPyrgnQrlokfF9nvLn2TP_CQZEnyxMnWouHZ8t9joV9WQdNvu74FWg&sai=AMfl-YSoIK-LdA_piNkPlqVds0lq5R7a0dXgfUvJToGe4E2HOjbJUf3uc6dlpArGeI4Fcmj91Is8EKh3JJamxfz_K_lStqlWCkfpe9jAANdvB5_PRLBc3ZeUrmda7cJBtPEN2KlCcJo6yAjb6ohNbIXT&sig=Cg0ArKJSzJ21WedupWw9EAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
creative.js
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 8258 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 02 Jun 2023 14:41:24 GMT
x-content-type-options
nosniff
content-encoding
br
age
5984
x-jsd-version
1.15.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
9276
x-served-by
cache-fra-eddf8230064-FRA, cache-yul12827-YUL
x-jsd-version-type
version
etag
W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8258 		171 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54276
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1685532878231373"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 Jun 2023 14:41:24 GMT
moatad.js
z.moatads.com/torontostar63296366476/ Frame 8258 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8964a5347b489a4bb3a8a4040198055dc71df378a7237a2dccec66ba12c2258e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
52ANFMBMK2QAR5W5
etag
"67ec8b92b6e22827e1421995e42dfdc2"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=36640
accept-ranges
bytes
content-length
3992
x-amz-id-2
doH/sRZdO4prlrIcFpESOILnYxu+1WFDi82jojcBUtJrJgi4d3SPW25LTTm56KeHJv3Ud6UeZIs=
view
securepubads.g.doubleclick.net/pcs/ Frame 9C0D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvBVnqa8v0MS3bZTIHoe0Zn6JkJzC2blbiQ16Hi0AA5x7UDv77PJAvl5VKPomrsQWFlw77HO24CLhIOSDshiR02tL9uUqEYojo7aPLpNoIYVzPRK0VAWd4_BUGcYmMSMsM3wFX1WT0teawGHjKX-wwoY6NgzSpy2TkLz2mPg8P0cno5WwfbV9R78uXzNJ_vzPOIqGDDAPuMjMS-rhF85a0jauNzsp43m34IMdd_iKtInMVEo3n-la8oVVqkX5_npm_ZQousipg8kNnmi13bJoWR-sNB-mMa-GOJOOOVAwdsRGjDv0kvxyHISHznRVqlllR7HhzAA8AJGxOEhR4DDJP-7A&sai=AMfl-YRFPkEgPAdUiCa97Y-YhE59zI9WtjCPQYz-BenY3005lFiwX0Qg3wuj7YEmi94Yfs-7lTJ8i_ezTtGgaNgyGqLrGuAUvbT9Bb8G0cfRlzAFuLEJQjC0KXWiskUQFi6-VbZ_ZQk6O6ULje0XL-iL&sig=Cg0ArKJSzDrmzPAIjfzjEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
creative.js
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 9C0D 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 02 Jun 2023 14:41:24 GMT
x-content-type-options
nosniff
content-encoding
br
age
5984
x-jsd-version
1.15.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
9276
x-served-by
cache-fra-eddf8230064-FRA, cache-yul12827-YUL
x-jsd-version-type
version
etag
W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 9C0D 		171 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54276
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1685532878231373"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 Jun 2023 14:41:24 GMT
moatad.js
z.moatads.com/torontostar63296366476/ Frame 9C0D 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8964a5347b489a4bb3a8a4040198055dc71df378a7237a2dccec66ba12c2258e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
52ANFMBMK2QAR5W5
etag
"67ec8b92b6e22827e1421995e42dfdc2"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=36640
accept-ranges
bytes
content-length
3992
x-amz-id-2
doH/sRZdO4prlrIcFpESOILnYxu+1WFDi82jojcBUtJrJgi4d3SPW25LTTm56KeHJv3Ud6UeZIs=
view
securepubads.g.doubleclick.net/pcs/ Frame 0FD6 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsskWpt1DEm5CFDD-5saPdsd3_YXsXvQC-wxKdRSJREvLE2KtdaolxusrdB_-IvkMlaafLQVbSJqSIZMoi3Sr7t8Q739pVzlW7OwftLN6075NgTErQ0FiO-GTveOZiUiPDDGnQGBBEj8N2kkhmfF3b2iwJeFT0GgdrtCOjvqYbOXaM8ny8KzINL0dRVXU-waW0SglfuvTpBbOoe93w9255y8CSTlNRGmnz4jv23490IivSlRQKcaM66ipBwOoGDMyJFrZ2Qn_huKw9GX0ZCS8LbOV6rYyT8E5gAgGj0xXjjdi-Wvr0E1BK-zqi2K1bMcdtOk3tbgmjrUFgnOVB_uoLwnGQ&sai=AMfl-YTrPrMi-zJZ-U8H4l5FoMrXz9AUayR6dkkvTBWX9Trk_jjKdAemTPDvKzuq9cCAZHMdjX35RqgFIz4KnzNmk6FfkXZ387P6gXzoCJe3PKTcoWHH03YBjprM3uV1drO3Jy0WS49M5d6ZRY_Z-IeE&sig=Cg0ArKJSzPGbJuv9EljCEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
creative.js
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 0FD6 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 02 Jun 2023 14:41:24 GMT
x-content-type-options
nosniff
content-encoding
br
age
5984
x-jsd-version
1.15.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
9276
x-served-by
cache-fra-eddf8230064-FRA, cache-yul12827-YUL
x-jsd-version-type
version
etag
W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 0FD6 		171 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
54276
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1685532878231373"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 Jun 2023 14:41:24 GMT
moatad.js
z.moatads.com/torontostar63296366476/ Frame 0FD6 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatad.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305300101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
8964a5347b489a4bb3a8a4040198055dc71df378a7237a2dccec66ba12c2258e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
52ANFMBMK2QAR5W5
etag
"67ec8b92b6e22827e1421995e42dfdc2"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=36640
accept-ranges
bytes
content-length
3992
x-amz-id-2
doH/sRZdO4prlrIcFpESOILnYxu+1WFDi82jojcBUtJrJgi4d3SPW25LTTm56KeHJv3Ud6UeZIs=
ab
nym1-ib.adnxs.com/ Frame 8258 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-DvBMfgcAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKQUUAGcBKBgwMzk5MTg0FSkAcwEVFDgzMjQwNh0rMHInLCA0MjQ5Mjg4OTgFLPSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVDwUnRlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbPICEQoGQURWX0lEEgcyNTczNTk38gISCgZDUEdfSUQSCDIwiS8BFSAFQ1BfSUQSCTKRLhDyAg0KCAE-GEZSRVESATAFEBxSRU1fVVNFUgUQAAwJIDRDT0RFEgDyAhcKCENQRwkPSAtGTE8tMjE0NjYtMvICCwoHQ1AJGRwA8gIQCgVJTwFsCAc4MIXDGPICFAoHSU8JIQQJRhE6QPICEwoPQ1VTVE9NX01PREVMATQUAPICGgoWMhYAHExFQUZfTkFNBYUIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnt8NCAAwCIAwGQAwCYAxSgAwGqAwDAA6wCyAMA2APdkiTgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xNDkuNTYuMTUzLjE4OagEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANIEDjE5MDgjTllNMjo1NjUw2gQCCAHgBADwBILNz8oBiAUBmAUAoAX___________8BqgUkYTJiNzI2ZTAtYjA0NS00NzU3LTlhMWMtYzNkNzYzNTMzZDBiwAUAyQUAAAAAAADwP9IFCQkAAAkONNgFAeAFAfAF6OhY-gUEAZUokAYAmAYAuAYAwQYJIyjwP9AG4QbaBhYKEAkRGQF0EAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0JESgBJgjaBwYBXXAYAOAHAOoHAggA8AeRgAiKCAIQAJUIAACAP5gIAQ..&s=d3575755514d465449cf2a6e8bdbe0824bce70e4&pp=0.210367
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
18fe303b90ec11272afb9bcdc4fddb8b860c4e8b9cb1da505444c60073a7e62d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:24 GMT
Content-Encoding
gzip
X-Creative-ID
424928898
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
1f3302d1-c2a7-47aa-99ea-6480f45b2898
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
wp.gif
elb.the-ozone-project.com/ Frame 8258 		0
565 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/wp.gif?currency=USD&seat_id=1908&request_id=a2b726e0-b045-4757-9a1c-c3d763533d0b&adunit=div-gpt-ad-large-news-waterloo-region-10&size=300x600&adomain=%5Bchapelle-outremont.ca%5D&imp_id=226a99aaa048ea&auction_id=&bid_id=3135144916444447025&crid=424928898&price=0.210367&seat_name=appnexus&publisher_id=TKN100000001&dealid=
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
cf-cache-status
DYNAMIC
last-modified
Fri, 02 Jun 2023 14:41:24 GMT
server
cloudflare
vary
Origin, Accept-Encoding
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
7d107502ac0354b5-YYZ
content-length
0
expires
Wed, 11 Nov 1998 11:11:11 GMT
ab
nym1-ib.adnxs.com/ Frame 9C0D 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-F_BM_gsAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8RuLJEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPA8dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBxrSCDDyAhIKBkNQR19JRBIIHr4IGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADAkgKENPREUSAPICGQoIAVEFD1ANRkxPLTIxNDE5LTEuMvICCwoHQ1AJGxwA8gIQCgVJTwFmAAcaTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8AQSsQogiAUBmAUAoAX_EQG4AaoFJDBlM2FlODJkLWRhYmEtNDQwMS1hZmVjLWJmNDAxYTc4YjdmNcAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe8zwXSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=db218f8cdfdf8a0cddab1cf9103536a47f1699cd&pp=0.142749
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
94f85f14f383789ad93a5497662e9c58dd12af11f920edd3c4c56b00f09f6f4a
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:24 GMT
Content-Encoding
gzip
X-Creative-ID
401763402
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
7a397b2c-e8d2-42d7-809b-1d7abc1911b7
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
wp.gif
elb.the-ozone-project.com/ Frame 9C0D 		0
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/wp.gif?currency=USD&seat_id=1908&request_id=0e3ae82d-daba-4401-afec-bf401a78b7f5&adunit=div-gpt-ad-large-news-waterloo-region-2&size=728x90&adomain=%5Blecartier.ca%5D&imp_id=5ae4e62ccce791&auction_id=&bid_id=3419643141646223123&crid=401763402&price=0.142749&seat_name=appnexus&publisher_id=TKN100000001&dealid=
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
cf-cache-status
DYNAMIC
last-modified
Fri, 02 Jun 2023 14:41:24 GMT
server
cloudflare
vary
Origin, Accept-Encoding
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
7d107502ac1854b5-YYZ
content-length
0
expires
Wed, 11 Nov 1998 11:11:11 GMT
ab
nym1-ib.adnxs.com/ Frame 0FD6 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL_F_BM_wsAAAMA1gAFAQiR_-ejBhDXmayp67jznWcYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUJOYu78BWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaHVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA3ODExMjM4LCAwKQUULGcnLCAxOTY4Mzc1NxUpLGMnLCA1NDY3OTk5MBUVMHInLCA0MDE1MjU3NzkFFvReAZICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdKMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGa2l5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JldldBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASEtQlBkYXc6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPB1dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBzI1NzM1OTfyAhIKBkNQR19JRBIIMTk2ODM3NTfyAgoKBUNQX0lEEgEw8gINCghBRFZfRlJFURIBMAUQOFJFTV9VU0VSEgEw8gIMCgUgNENPREUSAPICGQoIQ1BHCQ9QDUZMTy0yMTQxOS0xLjLyAgsKB0NQCRsgAPICEAoFSU9fAY4ENzgSTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8AQSsgogiAUBmAUAoAX_EQG4AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=bf5541330a476f3b671b8f4990171d999c384710&pp=0.210367
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4d1b71f4ffdff139c5778a6ab809db2008d1c42df078d25f8f10f735990f0417
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:24 GMT
Content-Encoding
gzip
X-Creative-ID
401525779
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
97ac1ab0-5397-4405-80ac-2017a96f3bc2
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
wp.gif
elb.the-ozone-project.com/ Frame 0FD6 		0
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/wp.gif?currency=USD&seat_id=1908&request_id=a2b726e0-b045-4757-9a1c-c3d763533d0b&adunit=div-gpt-ad-large-news-waterloo-region-11&size=300x600&adomain=%5Blecartier.ca%5D&imp_id=31b91ed1a8007c&auction_id=&bid_id=5985440830498234273&crid=401525779&price=0.210367&seat_name=appnexus&publisher_id=TKN100000001&dealid=
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
cf-cache-status
DYNAMIC
last-modified
Fri, 02 Jun 2023 14:41:24 GMT
server
cloudflare
vary
Origin, Accept-Encoding
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
7d107502bc2054b5-YYZ
content-length
0
expires
Wed, 11 Nov 1998 11:11:11 GMT
script.js
sb.freeskreen.com/publisher/ 		85 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.freeskreen.com/publisher/script.js?bai=22&ut=&uts=&p_cust_params=amznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9&flc=other&slc=&windowlocation=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&usp=&gdpr=-1&cs=-1
Requested by
Host: static.freeskreen.com
URL: https://static.freeskreen.com/ba/22/freeskreen.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d6a68cdc992b6fc7a2a81a52041baf27b77a5280afd672aea7fe8a147218da05

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
server
Apache/2.4.29 (Ubuntu)
vary
Accept-Encoding
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
text/html;charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
content-length
23434
expires
Thu, 01 Jan 1970 00:00:00 GMT
moatcore.js
z.moatads.com/torontostar63296366476/ Frame D823 		317 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatcore.js
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/torontostar63296366476/moatad.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
96a09b113a717216a966d68981089e3ce552dae5cdf88683be3f046ae22665c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:24 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
XDFAE22KAA8540XT
etag
"189e340b2a02691abf61e68e1d971d72"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=42420
accept-ranges
bytes
content-length
110502
x-amz-id-2
P3SRwXjfv2Z7xxb5Vtrdv6HKR3srtmVUW2qc9DTe/sIgrzBspmx/92MJokWhccZRJ0bQadlGDUk=
truncated
/ Frame D823 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
28564772b2b25e7d5d5e4a1b865a0767bf2a9af8e1b5379f2dcdb0ecb4679dbc

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/png
1227
creative.sofiapulse.com/flow/ Frame A244 		498 B
719 B 		Document
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13d3efc57a481a1a210404e48c9d27bcc4e22bfe56e60bdc988f19afa9e666e8

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
7d107503cdb55b17-IAD
content-encoding
br
content-type
text/html
date
Fri, 02 Jun 2023 14:41:25 GMT
last-modified
Tue, 09 May 2023 16:45:32 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zD58NMXtx00Fqz0i%2BpsV%2BPpEgxpC%2Fxt3gr9s8OjiSvLacQujk7Rj8P%2B0fPj571fwcQj61L0eDA%2F5nl%2BvXIfFzp66yTYnFo%2Bjeok8caVJEeSviCLOZwXvYvNTq59FRYilUjnxR1hFUtkkBElp2psQuyZri%2FlM"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 1CA2 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-DvBMfgcAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKQUUAGcBKBgwMzk5MTg0FSkAcwEVFDgzMjQwNh0rMHInLCA0MjQ5Mjg4OTgFLPSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVDwUnRlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbPICEQoGQURWX0lEEgcyNTczNTk38gISCgZDUEdfSUQSCDIwiS8BFSAFQ1BfSUQSCTKRLhDyAg0KCAE-GEZSRVESATAFEBxSRU1fVVNFUgUQAAwJIDRDT0RFEgDyAhcKCENQRwkPSAtGTE8tMjE0NjYtMvICCwoHQ1AJGRwA8gIQCgVJTwFsCAc4MIXDGPICFAoHSU8JIQQJRhE6QPICEwoPQ1VTVE9NX01PREVMATQUAPICGgoWMhYAHExFQUZfTkFNBYUIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnt8NCAAwCIAwGQAwCYAxSgAwGqAwDAA6wCyAMA2APdkiTgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xNDkuNTYuMTUzLjE4OagEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANIEDjE5MDgjTllNMjo1NjUw2gQCCAHgBADwBILNz8oBiAUBmAUAoAX___________8BqgUkYTJiNzI2ZTAtYjA0NS00NzU3LTlhMWMtYzNkNzYzNTMzZDBiwAUAyQUAAAAAAADwP9IFCQkAAAkONNgFAeAFAfAF6OhY-gUEAZUokAYAmAYAuAYAwQYJIyjwP9AG4QbaBhYKEAkRGQF0EAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0JESgBJgjaBwYBXXAYAOAHAOoHAggA8AeRgAiKCAIQAJUIAACAP5gIAQ..&s=d3575755514d465449cf2a6e8bdbe0824bce70e4&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
24186
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 02 Jun 2023 14:41:25 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 24 May 2023 07:58:00 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2011, 147606
X-Served-By
cache-lga13626-LGA, cache-yul12831-YUL
X-Timer
S1685716885.040847,VS0,VE0
rd_log
nym1-ib.adnxs.com/ Frame 8258 		0
932 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-DvDefgcAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJjGXtvG2Z0T8RSS2UTE7tyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cuqG-Z0T8xAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQNVU0SYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKTt1ZignZwEoIDAzOTkxODQsIA0pAHMBFRw4MzI0MDYzMxUWMHInLCA0MjQ5Mjg4OTgFFvSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVDwUnRlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbPICEQoGQURWX0lEEgcyNTczNTk38gISCgZDUEdfSUQSCDIwiS8BFSAFQ1BfSUQSCTKRLhDyAg0KCAE-GEZSRVESATAFEBxSRU1fVVNFUgUQAAwJIDRDT0RFEgDyAhcKCENQRwkPSAtGTE8tMjE0NjYtMvICCwoHQ1AJGRwA8gIQCgVJTwFsDAc4MDOBwxjyAhQKB0lPCSEECUYROkDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWFCB4KGjYdAAhBU1QBPhBJRklFRAE-HBUKCFNQTElUAU0Z7fDQgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8ASCzc_KAYgFAZgFAKAF____________AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAAAAAAA8D_SBQkJAAAJDjTYBQHgBQHwBejoWPoFBAGVKJAGAJgGALgGAMEGCSMo8D_QBuEG2gYWChAJERkBdBAAGADgBgHyBgIIAIAHAYgHAKAHAcgHt9cD0gcNCREoASYI2gcGAV1wGADgBwDqBwIIAPAHkYAIiggCEACVCAAAgD-YCAE.&s=04e4bb46f1f54c4e225a15a1ea2215b2a95397fb&bdref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html,https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-DvBMfgcAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKQUUAGcBKBgwMzk5MTg0FSkAcwEVFDgzMjQwNh0rMHInLCA0MjQ5Mjg4OTgFLPSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVDwUnRlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbPICEQoGQURWX0lEEgcyNTczNTk38gISCgZDUEdfSUQSCDIwiS8BFSAFQ1BfSUQSCTKRLhDyAg0KCAE-GEZSRVESATAFEBxSRU1fVVNFUgUQAAwJIDRDT0RFEgDyAhcKCENQRwkPSAtGTE8tMjE0NjYtMvICCwoHQ1AJGRwA8gIQCgVJTwFsCAc4MIXDGPICFAoHSU8JIQQJRhE6QPICEwoPQ1VTVE9NX01PREVMATQUAPICGgoWMhYAHExFQUZfTkFNBYUIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnt8NCAAwCIAwGQAwCYAxSgAwGqAwDAA6wCyAMA2APdkiTgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xNDkuNTYuMTUzLjE4OagEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANIEDjE5MDgjTllNMjo1NjUw2gQCCAHgBADwBILNz8oBiAUBmAUAoAX___________8BqgUkYTJiNzI2ZTAtYjA0NS00NzU3LTlhMWMtYzNkNzYzNTMzZDBiwAUAyQUAAAAAAADwP9IFCQkAAAkONNgFAeAFAfAF6OhY-gUEAZUokAYAmAYAuAYAwQYJIyjwP9AG4QbaBhYKEAkRGQF0EAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0JESgBJgjaBwYBXXAYAOAHAOoHAggA8AeRgAiKCAIQAJUIAACAP5gIAQ..&s=d3575755514d465449cf2a6e8bdbe0824bce70e4&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
59bb4b88-4f5c-4773-b074-1c370e3f15af
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
it
nym1-ib.adnxs.com/ Frame 8258 		0
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QLTDPDeUwYAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJjGXtvG2Z0T8RSS2UTE7tyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cuqG-Z0T8xAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQNVU0SYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKTt1ZignZwEoIDAzOTkxODQsIA0pAHMBFRw4MzI0MDYzMxUWMHInLCA0MjQ5Mjg4OTgFFvSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVD0PgF0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWyAAwCIAwGQAwCYAxSgAwGqAwDAA6wCyAMA2APdkiTgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xNDkuNTYuMTUzLjE4OagEALIEDAgAEAAYACAAMAA4ArgEAMAEAMgEANIEDjE5MDgjTllNMjo1NjUw2gQCCAHgBADwBILNz8oBiAUBmAUAoAX___________8BqgUkYTJiNzI2ZTAtYjA0NS00NzU3LTlhMWMtYzNkNzYzNTMzZDBiwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAF6OhY-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBuEG2gYWChAAAAAAAAAAAAAACQoBw2DgBgHyBgIIAIAHAYgHAKAHAcgHt9cD0gcNFWQBJgzaBwYIBQlo4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=4907753ec3ace2a052365230765143a0db4e6f18
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-DvBMfgcAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKQUUAGcBKBgwMzk5MTg0FSkAcwEVFDgzMjQwNh0rMHInLCA0MjQ5Mjg4OTgFLPSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVDwUnRlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbPICEQoGQURWX0lEEgcyNTczNTk38gISCgZDUEdfSUQSCDIwiS8BFSAFQ1BfSUQSCTKRLhDyAg0KCAE-GEZSRVESATAFEBxSRU1fVVNFUgUQAAwJIDRDT0RFEgDyAhcKCENQRwkPSAtGTE8tMjE0NjYtMvICCwoHQ1AJGRwA8gIQCgVJTwFsCAc4MIXDGPICFAoHSU8JIQQJRhE6QPICEwoPQ1VTVE9NX01PREVMATQUAPICGgoWMhYAHExFQUZfTkFNBYUIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnt8NCAAwCIAwGQAwCYAxSgAwGqAwDAA6wCyAMA2APdkiTgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xNDkuNTYuMTUzLjE4OagEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANIEDjE5MDgjTllNMjo1NjUw2gQCCAHgBADwBILNz8oBiAUBmAUAoAX___________8BqgUkYTJiNzI2ZTAtYjA0NS00NzU3LTlhMWMtYzNkNzYzNTMzZDBiwAUAyQUAAAAAAADwP9IFCQkAAAkONNgFAeAFAfAF6OhY-gUEAZUokAYAmAYAuAYAwQYJIyjwP9AG4QbaBhYKEAkRGQF0EAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0JESgBJgjaBwYBXXAYAOAHAOoHAggA8AeRgAiKCAIQAJUIAACAP5gIAQ..&s=d3575755514d465449cf2a6e8bdbe0824bce70e4&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
a8dddc81-16f4-4397-b8e0-de243a4d1bda
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trk.js
cdn.adnxs.com/v/s/233/ Frame 8258 		80 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adnxs.com/v/s/233/trk.js
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-DvBMfgcAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKQUUAGcBKBgwMzk5MTg0FSkAcwEVFDgzMjQwNh0rMHInLCA0MjQ5Mjg4OTgFLPSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVDwUnRlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbPICEQoGQURWX0lEEgcyNTczNTk38gISCgZDUEdfSUQSCDIwiS8BFSAFQ1BfSUQSCTKRLhDyAg0KCAE-GEZSRVESATAFEBxSRU1fVVNFUgUQAAwJIDRDT0RFEgDyAhcKCENQRwkPSAtGTE8tMjE0NjYtMvICCwoHQ1AJGRwA8gIQCgVJTwFsCAc4MIXDGPICFAoHSU8JIQQJRhE6QPICEwoPQ1VTVE9NX01PREVMATQUAPICGgoWMhYAHExFQUZfTkFNBYUIHgoaNh0ACEFTVAE-EElGSUVEAT4cFQoIU1BMSVQBTRnt8NCAAwCIAwGQAwCYAxSgAwGqAwDAA6wCyAMA2APdkiTgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xNDkuNTYuMTUzLjE4OagEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANIEDjE5MDgjTllNMjo1NjUw2gQCCAHgBADwBILNz8oBiAUBmAUAoAX___________8BqgUkYTJiNzI2ZTAtYjA0NS00NzU3LTlhMWMtYzNkNzYzNTMzZDBiwAUAyQUAAAAAAADwP9IFCQkAAAkONNgFAeAFAfAF6OhY-gUEAZUokAYAmAYAuAYAwQYJIyjwP9AG4QbaBhYKEAkRGQF0EAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0JESgBJgjaBwYBXXAYAOAHAOoHAggA8AeRgAiKCAIQAJUIAACAP5gIAQ..&s=d3575755514d465449cf2a6e8bdbe0824bce70e4&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
096ef6644ebed2ac191e5a20c7c5bf31a24d8739912e2142003fdaa469a13aa5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
Wed, 22 May 2024 13:37:49 GMT
Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Age
867816
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
27646
X-Served-By
cache-lga21923-LGA, cache-yul12830-YUL
Last-Modified
Tue, 23 May 2023 13:36:07 GMT
Server
AkamaiNetStorage
X-Timer
S1685716885.046965,VS0,VE0
ETag
"9016354863c2896e70daab6e27775aa5:1684848967.582788"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
29, 1082641
creative_impression
api.sofiapulse.com/api/ Frame 8258 		35 B
465 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.sofiapulse.com/api/creative_impression?flowId=1227&campaignId=357&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc&time=1685716884982
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WH48V9XjYMYISIEV2FcIvZu%2FNZ%2FiYlKvB3Iszcq7LPSZ00fJnKzr6B2xJx4eED70Fud%2BGfKeqqnzhNN8nACzOsjEJo2jSLt02fid6dHM7Ir%2FS%2FF0pqBn9FGdiLBFSGj4vTSRENcJbFUPQMp0OBN0%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cf-ray
7d107503d859599e-IAD
appnexus-html5-lib-host.min.js
acdn.adnxs.com/html5-lib/host/1.4.0/ Frame 9C0D 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/html5-lib/host/1.4.0/appnexus-html5-lib-host.min.js
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-F_BM_gsAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8RuLJEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPA8dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBxrSCDDyAhIKBkNQR19JRBIIHr4IGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADAkgKENPREUSAPICGQoIAVEFD1ANRkxPLTIxNDE5LTEuMvICCwoHQ1AJGxwA8gIQCgVJTwFmAAcaTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8AQSsQogiAUBmAUAoAX_EQG4AaoFJDBlM2FlODJkLWRhYmEtNDQwMS1hZmVjLWJmNDAxYTc4YjdmNcAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe8zwXSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=db218f8cdfdf8a0cddab1cf9103536a47f1699cd&pp=0.142749
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4d30543ac6e90772e81a0884755c1ec57baacc83daac73fa91e30682c82d13dc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
Fri, 27 Jan 2023 02:15:19 GMT
Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Age
44506
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
3768
X-Served-By
cache-lga21981-LGA, cache-yul12823-YUL
Last-Modified
Wed, 23 May 2018 13:47:22 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Timer
S1685716885.040748,VS0,VE0
ETag
W/"5b0570ea-2b85"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Accept-Ranges
bytes
X-Cache-Hits
53322, 2122
rd_log
nym1-ib.adnxs.com/ Frame 9C0D 		0
932 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-F_BM_gsAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8Rt7JEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPA8dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBxrSCDDyAhIKBkNQR19JRBIIHr4IGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADAkgKENPREUSAPICGQoIAVEFD1ANRkxPLTIxNDE5LTEuMvICCwoHQ1AJGxwA8gIQCgVJTwFmAAcaTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8AQSsQogiAUBmAUAoAX_EQG4AaoFJDBlM2FlODJkLWRhYmEtNDQwMS1hZmVjLWJmNDAxYTc4YjdmNcAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe8zwXSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=a019eb5519daa063794de35b2a41c7bca83d2d38&bdref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html,https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-F_BM_gsAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8RuLJEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPA8dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBxrSCDDyAhIKBkNQR19JRBIIHr4IGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADAkgKENPREUSAPICGQoIAVEFD1ANRkxPLTIxNDE5LTEuMvICCwoHQ1AJGxwA8gIQCgVJTwFmAAcaTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8AQSsQogiAUBmAUAoAX_EQG4AaoFJDBlM2FlODJkLWRhYmEtNDQwMS1hZmVjLWJmNDAxYTc4YjdmNcAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe8zwXSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=db218f8cdfdf8a0cddab1cf9103536a47f1699cd&pp=0.142749
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
654e0951-8df2-4897-8545-69a36ed80091
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
it
nym1-ib.adnxs.com/ Frame 9C0D 		0
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QLhFfBM4QoAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8Rt7JEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPCwdGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1sgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8ATKDpQJIIgFAZgFAKAF_xEBuAGqBSQwZTNhZTgyZC1kYWJhLTQ0MDEtYWZlYy1iZjQwMWE3OGI3ZjXABQDJBQAAAQIU8D_SBQkJAQoBAXDYBQHgBQHwBd2jVPoFBAgAEACQBgCYBgC4BgDBBgEhMAAA8D_QBuEG2gYWChAJERkBAcNg4AYB8gYCCACABwGIBwCgBwHIB7zPBdIHDRVkASYI2gcGAV1wGADgBwDqBwIIAPAHkYAIiggCEACVCAAAgD-YCAE.&s=626566c012370bee092f508b2459413464b5ac43
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-F_BM_gsAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8RuLJEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPA8dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBxrSCDDyAhIKBkNQR19JRBIIHr4IGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADAkgKENPREUSAPICGQoIAVEFD1ANRkxPLTIxNDE5LTEuMvICCwoHQ1AJGxwA8gIQCgVJTwFmAAcaTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8AQSsQogiAUBmAUAoAX_EQG4AaoFJDBlM2FlODJkLWRhYmEtNDQwMS1hZmVjLWJmNDAxYTc4YjdmNcAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe8zwXSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=db218f8cdfdf8a0cddab1cf9103536a47f1699cd&pp=0.142749
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
908519a5-d50d-4dbc-a2ee-dc274c6ce6ac
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trk.js
cdn.adnxs.com/v/s/233/ Frame 9C0D 		80 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adnxs.com/v/s/233/trk.js
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL-F_BM_gsAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8RuLJEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPA8dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBxrSCDDyAhIKBkNQR19JRBIIHr4IGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADAkgKENPREUSAPICGQoIAVEFD1ANRkxPLTIxNDE5LTEuMvICCwoHQ1AJGxwA8gIQCgVJTwFmAAcaTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8AQSsQogiAUBmAUAoAX_EQG4AaoFJDBlM2FlODJkLWRhYmEtNDQwMS1hZmVjLWJmNDAxYTc4YjdmNcAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe8zwXSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=db218f8cdfdf8a0cddab1cf9103536a47f1699cd&pp=0.142749
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
096ef6644ebed2ac191e5a20c7c5bf31a24d8739912e2142003fdaa469a13aa5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
Wed, 22 May 2024 13:37:49 GMT
Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Age
867816
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
27646
X-Served-By
cache-lga21923-LGA, cache-yul12830-YUL
Last-Modified
Tue, 23 May 2023 13:36:07 GMT
Server
AkamaiNetStorage
X-Timer
S1685716885.046938,VS0,VE0
ETag
"9016354863c2896e70daab6e27775aa5:1684848967.582788"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
29, 1082640
script.js
acdn.adnxs-simple.com/strikeforce/ Frame 0FD6 		122 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs-simple.com/strikeforce/script.js
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL_F_BM_wsAAAMA1gAFAQiR_-ejBhDXmayp67jznWcYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUJOYu78BWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaHVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA3ODExMjM4LCAwKQUULGcnLCAxOTY4Mzc1NxUpLGMnLCA1NDY3OTk5MBUVMHInLCA0MDE1MjU3NzkFFvReAZICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdKMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGa2l5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JldldBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASEtQlBkYXc6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPB1dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBzI1NzM1OTfyAhIKBkNQR19JRBIIMTk2ODM3NTfyAgoKBUNQX0lEEgEw8gINCghBRFZfRlJFURIBMAUQOFJFTV9VU0VSEgEw8gIMCgUgNENPREUSAPICGQoIQ1BHCQ9QDUZMTy0yMTQxOS0xLjLyAgsKB0NQCRsgAPICEAoFSU9fAY4ENzgSTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8AQSsgogiAUBmAUAoAX_EQG4AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=bf5541330a476f3b671b8f4990171d999c384710&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
f63b683b181032b37e4b8a3fe5d001edc0b40a8df47c66b7966e2e7242f0226d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
Wed, 24 May 2023 23:40:38 GMT
Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Age
54031
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
43711
X-Served-By
cache-lga13622-LGA, cache-yul12825-YUL
Last-Modified
Wed, 10 May 2023 16:21:53 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Timer
S1685716885.046406,VS0,VE0
ETag
W/"645bc4a1-1e7fc"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Accept-Ranges
bytes
X-Cache-Hits
240, 26854
appnexus-html5-lib-host.min.js
acdn.adnxs.com/html5-lib/host/1.4.0/ Frame 0FD6 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/html5-lib/host/1.4.0/appnexus-html5-lib-host.min.js
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL_F_BM_wsAAAMA1gAFAQiR_-ejBhDXmayp67jznWcYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUJOYu78BWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaHVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA3ODExMjM4LCAwKQUULGcnLCAxOTY4Mzc1NxUpLGMnLCA1NDY3OTk5MBUVMHInLCA0MDE1MjU3NzkFFvReAZICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdKMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGa2l5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JldldBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASEtQlBkYXc6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPB1dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBzI1NzM1OTfyAhIKBkNQR19JRBIIMTk2ODM3NTfyAgoKBUNQX0lEEgEw8gINCghBRFZfRlJFURIBMAUQOFJFTV9VU0VSEgEw8gIMCgUgNENPREUSAPICGQoIQ1BHCQ9QDUZMTy0yMTQxOS0xLjLyAgsKB0NQCRsgAPICEAoFSU9fAY4ENzgSTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8AQSsgogiAUBmAUAoAX_EQG4AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=bf5541330a476f3b671b8f4990171d999c384710&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4d30543ac6e90772e81a0884755c1ec57baacc83daac73fa91e30682c82d13dc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
Fri, 27 Jan 2023 02:15:19 GMT
Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Age
44506
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
3768
X-Served-By
cache-lga21981-LGA, cache-yul12831-YUL
Last-Modified
Wed, 23 May 2018 13:47:22 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Timer
S1685716885.041474,VS0,VE0
ETag
W/"5b0570ea-2b85"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Accept-Ranges
bytes
X-Cache-Hits
53322, 2118
rd_log
nym1-ib.adnxs.com/ Frame 0FD6 		0
932 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL_F_SXAv8LAAADANYABQEIkf_nowYQ15msqeu4851nGKyAvNuQhdjtYCo2CYxl7bxtmdE_EUktlExO7co_GQAAAOCjcAdAITa2MjxR7co_KdOHLqhvmdE_MQAAAIAUruc_MInWvgs48kpA9A5IAlCTmLu_AViL511gAGjWyXd4t9cDgAEBigEDVVNEkgEDVVNEmAGsAqAB2ASoAQGwAQC4AQLAAQXIAQLQAQnYAQDgAQDwAQCKAmh1ZignYScsIDI1NzM1OTcsIDApO3VmKCdpJywgNzgxMTIzOCwgMCk7dWYoJ2cnLCAxOTY4Mzc1NywgMCk7dWYoJ2MnLCA1NDY3OTk5MCwgMCk7dWYoJ3InLCA0MDE1MjU3NzksIDApO5ICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fX19fX19fX193RVlfX19fX19fX19fX19BU0RfX19fX18FFRQ4QktBZ3cFCw0BCEFUag0KAQEMOEJRUAEIDQEId0ZJDQoFAQhBVkQFCAkBCDhCVzYsAABnCRgJAQRBVzZYAABjNiwAADQhyAkqCQEIQVlnNhAABFpBOhAAIGdCM1pJa29BSAkxBQEIOEJxOhAAAHM6EAAAdToQAAB3OhAAAHk6EAAgMEFHSjFyNEwyOhgAADQ6EAAANjoQAAA4OhAAHC1BRzBCSUFDBacNAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAABFlBLjECIQA2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRS37BQEIQVlnNhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAAhZQUYF-Q0BCEFZZzYQAABaOiAAAFo6IAAMY0VFQRUBCERKQhUMIEFBMkFRQThRURkSHElnRmtpeXBCERMUUEFfc1FVGSAITUVGGQ0EREouKAAAMC4oAAROaxUowDhEX2dCZXZXQWZBRnJiT3hDZmdGbllxZEFZSUdBME5CUklnR0FKQUdBWmdHQUtFR0ENYSxFRUNvQmdTeUJpUUoNEwEBAFIBBQ0BAFoNCAEBAGgBBQkBWEM0QmhRLpoCmQEhLUJQZGF3aTJzNGth9SkoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YEEhnQWlRERDwW0R3UHcuLtgCAOACy7VI6gKTAWh0dHBzOi8vd3d3LnRoZXNwZWMuY29tL3RyL25ld3Mvd2F0ZXJsb28tcmVnaW9uLzIwMjMvMDYvMDEvdW5pdmVyc2l0eS1vZi13ESkwaW50ZXJydXB0cy1zdQFQ8HV0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzyAhEKBkFEVl9JRBIHMjU3MzU5N_ICEgoGQ1BHX0lEEggxOTY4Mzc1N_ICCgoFQ1BfSUQSATDyAg0KCEFEVl9GUkVREgEwBRA4UkVNX1VTRVISATDyAgwKBSA0Q09ERRIA8gIZCghDUEcJD1ANRkxPLTIxNDE5LTEuMvICCwoHQ1AJGyAA8gIQCgVJT18BjjQ3ODExMjM48gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8AQSsgogiAUBmAUAoAX_EQG4AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=d14a9800b9098901ba7e67338a2adff50d2b2b58&bdref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html,https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL_F_BM_wsAAAMA1gAFAQiR_-ejBhDXmayp67jznWcYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUJOYu78BWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaHVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA3ODExMjM4LCAwKQUULGcnLCAxOTY4Mzc1NxUpLGMnLCA1NDY3OTk5MBUVMHInLCA0MDE1MjU3NzkFFvReAZICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdKMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGa2l5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JldldBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASEtQlBkYXc6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPB1dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBzI1NzM1OTfyAhIKBkNQR19JRBIIMTk2ODM3NTfyAgoKBUNQX0lEEgEw8gINCghBRFZfRlJFURIBMAUQOFJFTV9VU0VSEgEw8gIMCgUgNENPREUSAPICGQoIQ1BHCQ9QDUZMTy0yMTQxOS0xLjLyAgsKB0NQCRsgAPICEAoFSU9fAY4ENzgSTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8AQSsgogiAUBmAUAoAX_EQG4AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=bf5541330a476f3b671b8f4990171d999c384710&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
5c063d3e-a4ae-4d9a-908e-eb29fe6eee96
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
it
nym1-ib.adnxs.com/ Frame 0FD6 		0
932 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QLiFfSXAuIKAAADANYABQEIkf_nowYQ15msqeu4851nGKyAvNuQhdjtYCo2CYxl7bxtmdE_EUktlExO7co_GQAAAOCjcAdAITa2MjxR7co_KdOHLqhvmdE_MQAAAIAUruc_MInWvgs48kpA9A5IAlCTmLu_AViL511gAGjWyXd4t9cDgAEBigEDVVNEkgEDVVNEmAGsAqAB2ASoAQGwAQC4AQLAAQXIAQLQAQnYAQDgAQDwAQCKAmh1ZignYScsIDI1NzM1OTcsIDApO3VmKCdpJywgNzgxMTIzOCwgMCk7dWYoJ2cnLCAxOTY4Mzc1NywgMCk7dWYoJ2MnLCA1NDY3OTk5MCwgMCk7dWYoJ3InLCA0MDE1MjU3NzksIDApO5ICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fX19fX19fX193RVlfX19fX19fX19fX19BU0RfX19fX18FFRQ4QktBZ3cFCw0BCEFUag0KAQEMOEJRUAEIDQEId0ZJDQoFAQhBVkQFCAkBCDhCVzYsAABnCRgJAQRBVzZYAABjNiwAADQhyAkqCQEIQVlnNhAABFpBOhAAIGdCM1pJa29BSAkxBQEIOEJxOhAAAHM6EAAAdToQAAB3OhAAAHk6EAAgMEFHSjFyNEwyOhgAADQ6EAAANjoQAAA4OhAAHC1BRzBCSUFDBacNAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAABFlBLjECIQA2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRS37BQEIQVlnNhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAAhZQUYF-Q0BCEFZZzYQAABaOiAAAFo6IAAMY0VFQRUBCERKQhUMIEFBMkFRQThRURkSHElnRmtpeXBCERMUUEFfc1FVGSAITUVGGQ0EREouKAAAMC4oAAROaxUowDhEX2dCZXZXQWZBRnJiT3hDZmdGbllxZEFZSUdBME5CUklnR0FKQUdBWmdHQUtFR0ENYSxFRUNvQmdTeUJpUUoNEwEBAFIBBQ0BAFoNCAEBAGgBBQkBWEM0QmhRLpoCmQEhLUJQZGF3aTJzNGth9SkoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YEEhnQWlRERDwW0R3UHcuLtgCAOACy7VI6gKTAWh0dHBzOi8vd3d3LnRoZXNwZWMuY29tL3RyL25ld3Mvd2F0ZXJsb28tcmVnaW9uLzIwMjMvMDYvMDEvdW5pdmVyc2l0eS1vZi13ESkwaW50ZXJydXB0cy1zdQFQ9D4BdGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1sgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8ASTmLu_AYgFAZgFAKAF____________AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBd2jVPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbhBtoGFgoQAAAAAAAAAAAAAAkKAcNg4AYB8gYCCACABwGIBwCgBwHIB7fXA9IHDRVkASYM2gcGCAUJaOAHAOoHAggA8AeRgAiKCAIQAJUIAACAP5gIAQ..&s=e5f54d649190bb0628e0b96d20f6c0044cac141b
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL_F_BM_wsAAAMA1gAFAQiR_-ejBhDXmayp67jznWcYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUJOYu78BWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaHVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA3ODExMjM4LCAwKQUULGcnLCAxOTY4Mzc1NxUpLGMnLCA1NDY3OTk5MBUVMHInLCA0MDE1MjU3NzkFFvReAZICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdKMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGa2l5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JldldBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASEtQlBkYXc6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPB1dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBzI1NzM1OTfyAhIKBkNQR19JRBIIMTk2ODM3NTfyAgoKBUNQX0lEEgEw8gINCghBRFZfRlJFURIBMAUQOFJFTV9VU0VSEgEw8gIMCgUgNENPREUSAPICGQoIQ1BHCQ9QDUZMTy0yMTQxOS0xLjLyAgsKB0NQCRsgAPICEAoFSU9fAY4ENzgSTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8AQSsgogiAUBmAUAoAX_EQG4AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=bf5541330a476f3b671b8f4990171d999c384710&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
3c66bff2-7729-485e-b2db-e324e283a0eb
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
trk.js
cdn.adnxs.com/v/s/233/ Frame 0FD6 		80 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.adnxs.com/v/s/233/trk.js
Requested by
Host: nym1-ib.adnxs.com
URL: https://nym1-ib.adnxs.com/ab?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QL_F_BM_wsAAAMA1gAFAQiR_-ejBhDXmayp67jznWcYrIC825CF2O1gKjYJ04cuqG-Z0T8RNrYyPFHtyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cJJNAxAAAAgBSu5z8wida-CzjySkD0DkgCUJOYu78BWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQEG8EyYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaHVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA3ODExMjM4LCAwKQUULGcnLCAxOTY4Mzc1NxUpLGMnLCA1NDY3OTk5MBUVMHInLCA0MDE1MjU3NzkFFvReAZICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdKMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGa2l5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JldldBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASEtQlBkYXc6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPB1dGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1s8gIRCgZBRFZfSUQSBzI1NzM1OTfyAhIKBkNQR19JRBIIMTk2ODM3NTfyAgoKBUNQX0lEEgEw8gINCghBRFZfRlJFURIBMAUQOFJFTV9VU0VSEgEw8gIMCgUgNENPREUSAPICGQoIQ1BHCQ9QDUZMTy0yMTQxOS0xLjLyAgsKB0NQCRsgAPICEAoFSU9fAY4ENzgSTAkY8gIUCgdJTwkhAAkVPEDyAhMKD0NVU1RPTV9NT0RFTAE0FADyAhoKFjIWABxMRUFGX05BTQWHCB4KGjYdAAhBU1QBPhBJRklFRAE-HA0KCFNQTElUAU3wgQEwgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAC4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8AQSsgogiAUBmAUAoAX_EQG4AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAABAhTwP9IFCQkBCgEBcNgFAeAFAfAF3aNU-gUECAAQAJAGAJgGALgGAMEGASEwAADwP9AG4QbaBhYKEAkRGQFwEAAYAOAGAfIGAggAgAcBiAcAoAcByAe31wPSBw0VZAEmCNoHBgFdcBgA4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=bf5541330a476f3b671b8f4990171d999c384710&pp=0.210367
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
096ef6644ebed2ac191e5a20c7c5bf31a24d8739912e2142003fdaa469a13aa5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Expires
Wed, 22 May 2024 13:37:49 GMT
Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Age
867816
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
27646
X-Served-By
cache-lga21923-LGA, cache-yul12832-YUL
Last-Modified
Tue, 23 May 2023 13:36:07 GMT
Server
AkamaiNetStorage
X-Timer
S1685716885.047319,VS0,VE0
ETag
"9016354863c2896e70daab6e27775aa5:1684848967.582788"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000
Accept-Ranges
bytes
X-Cache-Hits
29, 343195
view
securepubads.g.doubleclick.net/pcs/ Frame 8258 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstISYFiMUVPpXJhE-S5HMT6Ssupp0K6s5QIr9KOSeBcexwYSWWAiesp-2ffWSnAcc5UHzRA3FZQlIAH8xA_IhespU4w6IIyp4eboVzDW_q7zAlMySfdl4t2ro95QP9GoQSPwE-HlE4VtNx_iQ5ciJO-3J0E778joozUQNOIuWDPBMhoyfbLh5QSb5giHYI15K7K0OMymeanza_VYn_ZJUSFd0W-3iQm0EjHFZXAlc7AfqeZpzEEHyYY4jNMATkDjMWSjWRsx89DFNR8O3b2574h1HwT43Dtxjik5KjIZKILMxIXZTMYOJP37xWeZF1DKKRuZAOroTKqF-EYeVFRdvpdpbye&sai=AMfl-YQNUgyU2vVwYqndk3VSxsItz70rShgnjmnri0y5M2h_2TqfgzhPKlXwHL4Qi3AMaUpKJ5mQshrWBZNJA3Q67IpzTvP9baE0fpC0ClMiweCnF8cgK5LtI1VbTK8Jpam5tJ_NexVFp186yFhi6oUE&sig=Cg0ArKJSzLsN74CMmkaVEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 02 Jun 2023 14:41:25 GMT
moatcore.js
z.moatads.com/torontostar63296366476/ Frame 8258 		317 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatcore.js
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/torontostar63296366476/moatad.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
96a09b113a717216a966d68981089e3ce552dae5cdf88683be3f046ae22665c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
XDFAE22KAA8540XT
etag
"189e340b2a02691abf61e68e1d971d72"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=42419
accept-ranges
bytes
content-length
110502
x-amz-id-2
P3SRwXjfv2Z7xxb5Vtrdv6HKR3srtmVUW2qc9DTe/sIgrzBspmx/92MJokWhccZRJ0bQadlGDUk=
truncated
/ Frame 8258 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ad7ddcbcd3e661c5091dfc398ef11e1e4c3003623b716d66f697134d757cb8c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/png
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=TORONTOSTAR1&hp=1&wf=1&ra=1&pxm=7&sgs=3&vb=11&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=0&j=https%3A%2F%2Fnews.google.com&t=1685716885077&de=701733859040&m=0&ar=fde231f50fe-clean&iw=075515e&q=2&cb=0&ym=0&cu=1685716885077&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=49123500%3A2966557918%3A5886863882%3A138378437674&zMoatSZ=2x1&zMoatMMV_MAX=na&zMoatCURL=thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&zMoatDev=Desktop&zMoatOrigSlicer1=57580740&zMoatOrigSlicer2=21736044855&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&id=1&ii=4&bo=57580740&bd=21736044855&dfp=0%2C1&la=21736044855&gw=torontostar63296366476&fd=1&it=500&ti=0&ih=2&pe=1%3A528%3A528%3A2796%3A530&iq=na&tt=na&tu=&tp=&fs=203695&na=1430074071&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:25 GMT
index.html
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/ Frame B19B 		15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/html5-lib/host/1.4.0/appnexus-html5-lib-host.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
a1dff843ee0fe6235e2a56c41d778c1cc93b5edee1dfd48dc2e7cec9704e3f4a

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=3888000
Connection
keep-alive
Content-Encoding
gzip
Content-Length
3870
Content-Type
text/html
Date
Fri, 02 Jun 2023 14:41:25 GMT
ETag
W/"14fee1f68ae1d2a821c93646a0e21d2c"
Expires
Mon, 17 Jul 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
Vary
Accept-Encoding
X-Clv-Request-Id
0dc154f7-afc7-46a9-a906-fb050100d769
X-Clv-S3-Version
2.5
x-amz-request-id
0dc154f7-afc7-46a9-a906-fb050100d769
async_usersync.html
acdn.adnxs.com/dmp/ Frame 3466 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
24186
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 02 Jun 2023 14:41:25 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 24 May 2023 07:58:00 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2011, 147609
X-Served-By
cache-lga13626-LGA, cache-yul12831-YUL
X-Timer
S1685716885.227762,VS0,VE0
async_usersync
ib.adnxs.com/ Frame 1CA2 		0
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9586&pub_id=1218883&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
b27e4793-8c65-44a2-a434-fdd0f94cfac5
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
1a
i.clean.gg/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.thespec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=utf-8
date
Fri, 02 Jun 2023 14:41:25 GMT
server
nginx/1.21.6
via
1.1 google
1a
i.clean.gg/ Frame 0FD6 		0
104 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://i.clean.gg/1a
Requested by
Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
49.69.95.34.bc.googleusercontent.com
Software
nginx/1.21.6 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
via
1.1 google
server
nginx/1.21.6
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
index.html
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/ Frame 05BD 		14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Requested by
Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
a4780f2e590ec2778aee8186f7f6cba60f73db668396afcbebffd6c24702b039

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=3888000
Connection
keep-alive
Content-Encoding
gzip
Content-Length
3784
Content-Type
text/html
Date
Fri, 02 Jun 2023 14:41:25 GMT
ETag
W/"e270fbe8afcdd9f062ee93a86697c36b"
Expires
Mon, 17 Jul 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
Vary
Accept-Encoding
X-Clv-Request-Id
cc902d0a-e25f-459a-8b6c-7fc40be7c573
X-Clv-S3-Version
2.5
x-amz-request-id
cc902d0a-e25f-459a-8b6c-7fc40be7c573
async_usersync.html
acdn.adnxs.com/dmp/ Frame D789 		52 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
24186
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 02 Jun 2023 14:41:25 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 24 May 2023 07:58:00 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
2011, 147610
X-Served-By
cache-lga13626-LGA, cache-yul12831-YUL
X-Timer
S1685716885.260930,VS0,VE0
view
securepubads.g.doubleclick.net/pcs/ Frame 0FD6 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvBIsqCcfxT7R_rvI-oOatk6s2sPaxfyuRX7RJT8yRVr9xmjvd9rnxNYXiRSVv8eezS0SBLgz2SbV7MP33MrsNc2gxKJ9FoWZVdonQSOdfY-obmOJ-E125oHsI5YBs1Gs8QMhuCnlwF4pCm5Hh9_kWCMFQYzUuJ0sY3BG9A50OlAB7x2XkT9KatEAsFeqFNU2Movp73HRCpmpwPJM7h_k9G6p2hlykw8zcr8SSvMuH3Lz60xY7uUgo2-8FMfMkuSZu2KJCAdm-4p4Gy_29K8TsPACy358_zrBNiIFLDWOwwnsaYzxR0kpsqeURp05s0v0ZnYUxlw1rRy_Wptc0QTtqrY-XB&sai=AMfl-YST-rxYDxu4-dJzb9vpDJqCTJ-APfjEw-NzOo7pThLbrxM2Dt8uVCYTYFnOjWNkn1OqcIGsdmlLnRssmDwlltujl0ljLv3zhfWnCVnUHkqCTQwJQ4z7jVCeMeqUn34ueuY1xC3LnhH_GEVN66EN&sig=Cg0ArKJSzEQoaeu1sy2cEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 02 Jun 2023 14:41:25 GMT
moatcore.js
z.moatads.com/torontostar63296366476/ Frame 0FD6 		317 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatcore.js
Requested by
Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
96a09b113a717216a966d68981089e3ce552dae5cdf88683be3f046ae22665c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
XDFAE22KAA8540XT
etag
"189e340b2a02691abf61e68e1d971d72"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=42419
accept-ranges
bytes
content-length
110502
x-amz-id-2
P3SRwXjfv2Z7xxb5Vtrdv6HKR3srtmVUW2qc9DTe/sIgrzBspmx/92MJokWhccZRJ0bQadlGDUk=
truncated
/ Frame 0FD6 		216 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f74f0154c63f844a9fd5e19d0a2fc8b8304fcc2158e52f43e6e496c464c38b3

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/png
main.39af1295.js
creative.sofiapulse.com/static/js/ Frame A244 		184 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/main.39af1295.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9e7e57b41ad230bfdd7f6f2ac59a84e8325261665d34269136965f554a53c53

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:46:00 GMT
server
cloudflare
age
186
cf-polished
origSize=188802
etag
W/"645a78c8-2e182"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u9QtuqHtuFvwLHATrTOnt7FqTDkizQKOUA5SPVIp32UrdE6zY1rZwcDUFLaN%2BfUTl2n%2B7S7gLa%2By5wHqhyl%2B9XmLye1Yz5FZ%2Bg7hwDiFiYmLWmAN9rXLGkrLtupfdf98L5Lz4sWAa549p5XKQI7TesUqAvEI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075059f5d5b17-IAD
main.ad18413b.css
creative.sofiapulse.com/static/css/ Frame A244 		59 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/css/main.ad18413b.css
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1894300144e968b81ffe49f390283a8ee44d3ba47e363760087ff954a44e6bd8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:35 GMT
server
cloudflare
age
186
cf-polished
origSize=60438
etag
W/"645a78af-ec16"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wY50LE%2BM1JSffkJGYYa9KRvx2fgEc2ued1mAzyx2%2FA3NUs%2F84ZTY3Ev6VpMSrx%2Fb4wWnmFWGGmfeTSWgkJmulaaHuPRZ2ACJyGPCqVIypaaNwqwjTzWDNIAjqOSq8%2BGmcPGSd%2BBAooFuTgP7QDNEGWgLUSjt"}],"group":"cf-nel","max_age":604800}
content-type
text/css
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075059f5b5b17-IAD
view
securepubads.g.doubleclick.net/pcs/ Frame D823 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvs1ypiZNQTIzL1YHHaLJs6xwkVVaCqu6fPXv3DljgrJgrf7LZ5HBJFjMIlAwo8yAV9PI0x2z3ku4mOzHfKl92vYRZkoTlmLMyj0mNXVW76MwJnPCTatMEdGStkpn_-PawCl8Dy-uroak1e7puw6HWugpxjpHAUvLEA_R6_ef6_kemGmVTAXAvUfiLZazs-VG8LJHZ1D3clcXTdIqXgrFFTaKFdVhwqzcA_dJuUwnuw05jiPqKfNZzLBGAwItGQcGa3bK2XoWqhVxZABvjBddvYc2kragsISulMFzOajkAoRaGXQIG4-bsTcZuT2M99_7Guwue7yqNiORJLdlSzPU10&sai=AMfl-YRnzhDptkkNx7A9gC47IkdknrA6HiWFlOSoYZao7Kcc09zHaihwXLnTb1YRrhLX-ytgpfUAV59mbW9G8XWLeoQKnrr9sR3p80_9lrzoAzNoQUW0qJJMzq0wDkMyRHbOlmDbNfh5MWyIImJzJTFM&sig=Cg0ArKJSzIyk-2bd3T2BEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 02 Jun 2023 14:41:25 GMT
d5c41c38be8a3788eb9977cddf07d48d.js
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/ Frame B19B 		88 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/d5c41c38be8a3788eb9977cddf07d48d.js
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
7484e674eae2f0ddb5666849889d09c337e2142c7f16c922057b362b8a6522db

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
9fb38d4b-3178-4665-80e2-d88e717ad4e1
ETag
W/"d5c41c38be8a3788eb9977cddf07d48d"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
X-Clv-Request-Id
9fb38d4b-3178-4665-80e2-d88e717ad4e1
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
26401
Expires
Mon, 17 Jul 2023 14:41:25 GMT
load-cookie.html
elb.the-ozone-project.com/static/ Frame 6770 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
322f32330a0ec9ad84886251d027a7bc919d8c0f88c65ee3e3db6d96d71de026

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7d107505d9d854b5-YYZ
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 02 Jun 2023 14:41:25 GMT
expires
0
last-modified
Wed, 31 May 2023 10:50:18 GMT
pragma
no-cache
server
cloudflare
vary
Origin, Accept-Encoding
load-cookie.html
elb.the-ozone-project.com/static/ Frame FD57 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
Requested by
Host: prebid.the-ozone-project.com
URL: https://prebid.the-ozone-project.com/hw/torstar/ozpb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
040011b9537699d58250f25ba79f098f851fa457fc68e51dc1836e71d9eecb8e

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7d107505d9dc54b5-YYZ
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 02 Jun 2023 14:41:25 GMT
expires
0
last-modified
Wed, 31 May 2023 10:50:18 GMT
pragma
no-cache
server
cloudflare
vary
Origin, Accept-Encoding
view
securepubads.g.doubleclick.net/pcs/ Frame 9C0D 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstijGonTP4kaXhL62ooSHqHf3utCqpVJjvw2sIMWhRU_czd90Qeya1B5Qg5gXkmmS3pYUX0QVe0QlU8W5lBlcBKHYdY0Yj4L2NQsUy0SUZpnXQkLUnRzagAYw1c84UKMmdS6z0-Z34WMc8ix1VKr8g4TEnQebGctXCgThs80gjg49Lb4XIDe5IRZUfgEMBqT1uVVEu7gLzoMzcHVp1NUq4kKosVCNPM7wkYnCP8C6P7c6oxmNIkIk0AFDTz_XxGv6vVyQfGemeDLtrew3nrSKVTYSf7CN4WOtZVWEMWiFBuvG5_nIrpUdaKm6LfW5hObbXnh8YBN2_9-RxYisNhzFGCwVkZ&sai=AMfl-YTLwmguiBmrD3RG77uIKhwoffTw8eLrqCxeBMRQX03S8qdN45X3mNAQNO2uqK0Usdine79SmYMOOK2M7ZJwu7Z1ETrzPQx1LQc-SWQ0gBABdSI1xbeRC0rRvODX1WSDaZiGakE6sX68GzN8PL5E&sig=Cg0ArKJSzK1PC8RQBrBMEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 02 Jun 2023 14:41:25 GMT
moatcore.js
z.moatads.com/torontostar63296366476/ Frame 9C0D 		317 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/torontostar63296366476/moatcore.js
Requested by
Host: z.moatads.com
URL: https://z.moatads.com/torontostar63296366476/moatad.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
96a09b113a717216a966d68981089e3ce552dae5cdf88683be3f046ae22665c6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:37 GMT
server
AmazonS3
x-amz-request-id
XDFAE22KAA8540XT
etag
"189e340b2a02691abf61e68e1d971d72"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=42419
accept-ranges
bytes
content-length
110502
x-amz-id-2
P3SRwXjfv2Z7xxb5Vtrdv6HKR3srtmVUW2qc9DTe/sIgrzBspmx/92MJokWhccZRJ0bQadlGDUk=
truncated
/ Frame 9C0D 		218 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b4b43b4ab2d0b7798ae8aacacf9821f635146c15dfa8722a52e798142f9fff5c

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Content-Type
image/png
d5c41c38be8a3788eb9977cddf07d48d.js
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/ Frame 05BD 		88 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/d5c41c38be8a3788eb9977cddf07d48d.js
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
7484e674eae2f0ddb5666849889d09c337e2142c7f16c922057b362b8a6522db

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
5ba02c12-1523-49ce-8b81-10f361cb3207
ETag
W/"d5c41c38be8a3788eb9977cddf07d48d"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
X-Clv-Request-Id
5ba02c12-1523-49ce-8b81-10f361cb3207
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
26401
Expires
Mon, 17 Jul 2023 14:41:25 GMT
vevent
nym1-ib.adnxs.com/ Frame 0FD6 		0
954 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QLiFfSXAuIKAAADANYABQEIkf_nowYQ15msqeu4851nGKyAvNuQhdjtYCo2CYxl7bxtmdE_EUktlExO7co_GQAAAOCjcAdAITa2MjxR7co_KdOHLqhvmdE_MQAAAIAUruc_MInWvgs48kpA9A5IAlCTmLu_AViL511gAGjWyXd4t9cDgAEBigEDVVNEkgEDVVNEmAGsAqAB2ASoAQGwAQC4AQLAAQXIAQLQAQnYAQDgAQDwAQCKAmh1ZignYScsIDI1NzM1OTcsIDApO3VmKCdpJywgNzgxMTIzOCwgMCk7dWYoJ2cnLCAxOTY4Mzc1NywgMCk7dWYoJ2MnLCA1NDY3OTk5MCwgMCk7dWYoJ3InLCA0MDE1MjU3NzksIDApO5ICpQ4hSm1QTlRRaTJzNGthRUpPWXU3OEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyTlREZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fX19fX19fX193RVlfX19fX19fX19fX19BU0RfX19fX18FFRQ4QktBZ3cFCw0BCEFUag0KAQEMOEJRUAEIDQEId0ZJDQoFAQhBVkQFCAkBCDhCVzYsAABnCRgJAQRBVzZYAABjNiwAADQhyAkqCQEIQVlnNhAABFpBOhAAIGdCM1pJa29BSAkxBQEIOEJxOhAAAHM6EAAAdToQAAB3OhAAAHk6EAAgMEFHSjFyNEwyOhgAADQ6EAAANjoQAAA4OhAAHC1BRzBCSUFDBacNAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAABFlBLjECIQA2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRS37BQEIQVlnNhAAAFo6IAAAWjogAABhOiAAAGE6IAAAYjogAABiOiAAAGM6IAAAYzogAABkOiAAAGQ6IAAAZTogAABlOiAAAGY6IAAAZjogAAhZQUYF-Q0BCEFZZzYQAABaOiAAAFo6IAAMY0VFQRUBCERKQhUMIEFBMkFRQThRURkSHElnRmtpeXBCERMUUEFfc1FVGSAITUVGGQ0EREouKAAAMC4oAAROaxUowDhEX2dCZXZXQWZBRnJiT3hDZmdGbllxZEFZSUdBME5CUklnR0FKQUdBWmdHQUtFR0ENYSxFRUNvQmdTeUJpUUoNEwEBAFIBBQ0BAFoNCAEBAGgBBQkBWEM0QmhRLpoCmQEhLUJQZGF3aTJzNGth9SkoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTFNRURYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YEEhnQWlRERDwW0R3UHcuLtgCAOACy7VI6gKTAWh0dHBzOi8vd3d3LnRoZXNwZWMuY29tL3RyL25ld3Mvd2F0ZXJsb28tcmVnaW9uLzIwMjMvMDYvMDEvdW5pdmVyc2l0eS1vZi13ESkwaW50ZXJydXB0cy1zdQFQ9D4BdGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1sgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY1MNoEAggB4AQA8ASTmLu_AYgFAZgFAKAF____________AaoFJGEyYjcyNmUwLWIwNDUtNDc1Ny05YTFjLWMzZDc2MzUzM2QwYsAFAMkFAAAAAAAA8D_SBQkJAAAAAAAAAADYBQHgBQHwBd2jVPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbhBtoGFgoQAAAAAAAAAAAAAAkKAcNg4AYB8gYCCACABwGIBwCgBwHIB7fXA9IHDRVkASYM2gcGCAUJaOAHAOoHAggA8AeRgAiKCAIQAJUIAACAP5gIAQ..&s=e5f54d649190bb0628e0b96d20f6c0044cac141b&type=nv&nvt=5&jm=1003&px=1050&py=2145&bw=300&bh=600&sid=3737296231346162262&vd=ct~0|rr~0&sv=233&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=24095497&cid=3&cr=nv&sw=1600&sh=1200&pw=1600&ph=6826&ww=1600&wh=1200&ft=2
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/233/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
b4db1f26-e10d-41c2-9343-f1592c750886
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.thespec.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vevent
nym1-ib.adnxs.com/ Frame 8258 		0
954 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QLTDPDeUwYAAAMA1gAFAQiR_-ejBhCk05qrudCM_XwYrIC825CF2O1gKjYJjGXtvG2Z0T8RSS2UTE7tyj8ZAAAA4KNwB0AhNrYyPFHtyj8p04cuqG-Z0T8xAAAAgBSu5z8wida-CzjySkD0DkgCUILNz8oBWIvnXWAAaNbJd3i31wOAAQGKAQNVU0SSAQNVU0SYAawCoAHYBKgBAbABALgBAsABBcgBAtABCdgBAOABAPABAIoCaXVmKCdhJywgMjU3MzU5NywgMCk7dWYoJ2knLCA4MDM4NTMzLCAwKTt1ZignZwEoIDAzOTkxODQsIA0pAHMBFRw4MzI0MDYzMxUWMHInLCA0MjQ5Mjg4OTgFFvSBAZIClQUhV29NSHZRamxscllhRUlMTno4b0JHQUFnaS1kZE1BRTRBRUFBU1BRT1VJbld2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCNExNQjc3akwxel9CQVV4ZmlldGdtZEVfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FZWFI2Z1AxQWMzTUxFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBeGNJOVlldkt4QUNHQUV0QUFBQUFESUhaR1ZtWVhWc2RLSUREZ2k5bklNc0VBUVlBUzBUM1I4Nm9nTVRDTzdKbXlzUUNoZ0JMWVZxZXo4eUEzVnVhNklERGdqTjhaOHBFQXNZQWkwQUFBQUF1Z01KVGxsTk1qbzFOalV3NEFQWFE0QUVqYzZrQ29nRWpzNmtDcEFFQUpnRUJNRUVBAYwFAQhESkIFCAkBGDJBUUE4UVEJDQEBRElnRmtpeVlCYm5SaDRjQnFRVQEWIEFBQUR3UDdFRgEKCQEIREJCHTcAeS4oAAA5MigAAFoVKPBDUEFfNEFYcjFnSHdCZENJM1FuNEJaMktuUUdDQmdORFFVU0lCZ0NRQmdHWUJnQ2hCcHFabVptWm1RVkFxQVlFc2dZa0MddABFHQwARx0MAEkdDKh1QVlReUFjQTRBY0Y2QWNBOFFjQUFBQ2dtWm01UHcuLpoCmQEhQmhpanp3OpkCMEl2blhTQUFLQUF4bXAFh5BaQlVBNkNVNVpUVEk2TlRZMU1FRFhRMG5ndmc2Y002TDFQMUVBKR0QQUFBRmsBBgkBAEcdGABHHRgASB0YEEhnQWlRERAERHcBnfBV2AIA4ALLtUjqApMBaHR0cHM6Ly93d3cudGhlc3BlYy5jb20vdHIvbmV3cy93YXRlcmxvby1yZWdpb24vMjAyMy8wNi8wMS91bml2ZXJzaXR5LW9mLXcRKTBpbnRlcnJ1cHRzLXN1AVD0PgF0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWyAAwCIAwGQAwCYAxSgAwGqAwDAA6wCyAMA2APdkiTgAwDoAwD4AwOABACSBAkvb3BlbnJ0YjKYBACiBA4xNDkuNTYuMTUzLjE4OagEALIEDAgAEAAYACAAMAA4ArgEAMAEAMgEANIEDjE5MDgjTllNMjo1NjUw2gQCCAHgBADwBILNz8oBiAUBmAUAoAX___________8BqgUkYTJiNzI2ZTAtYjA0NS00NzU3LTlhMWMtYzNkNzYzNTMzZDBiwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAF6OhY-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_QBuEG2gYWChAAAAAAAAAAAAAACQoBw2DgBgHyBgIIAIAHAYgHAKAHAcgHt9cD0gcNFWQBJgzaBwYIBQlo4AcA6gcCCADwB5GACIoIAhAAlQgAAIA_mAgB&s=4907753ec3ace2a052365230765143a0db4e6f18&type=nv&nvt=5&jm=1003&px=1050&py=1486&bw=300&bh=600&sid=3737296231346162262&vd=ct~0|rr~0&sv=233&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=24095497&cid=3&cr=nv&sw=1600&sh=1200&pw=1600&ph=6826&ww=1600&wh=1200&ft=2
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/233/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
6bb515e9-d06c-4195-b653-302940037ff5
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.thespec.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 3466 		0
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9586&pub_id=1218883&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
680687c3-2afe-4f3f-95f1-9dcfc47dcb8e
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vevent
nym1-ib.adnxs.com/ Frame 9C0D 		0
954 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QLhFfBM4QoAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8Rt7JEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPCwdGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1sgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8ATKDpQJIIgFAZgFAKAF_xEBuAGqBSQwZTNhZTgyZC1kYWJhLTQ0MDEtYWZlYy1iZjQwMWE3OGI3ZjXABQDJBQAAAQIU8D_SBQkJAQoBAXDYBQHgBQHwBd2jVPoFBAgAEACQBgCYBgC4BgDBBgEhMAAA8D_QBuEG2gYWChAJERkBAcNg4AYB8gYCCACABwGIBwCgBwHIB7zPBdIHDRVkASYI2gcGAV1wGADgBwDqBwIIAPAHkYAIiggCEACVCAAAgD-YCAE.&s=626566c012370bee092f508b2459413464b5ac43&type=nv&nvt=5&jm=1003&px=436&py=10&bw=728&bh=90&sid=3737296231346162262&vd=ct~0|rr~0&sv=233&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=24095488&cid=3&cr=nv&sw=1600&sh=1200&pw=1600&ph=6826&ww=1600&wh=1200&ft=2
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/233/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
62d77950-b169-4362-8382-a16c92ef66e2
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.thespec.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame D789 		0
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9586&pub_id=1218883&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
AN-X-Request-Uuid
20f7cfd3-8262-4415-9fba-f13ce4662bb1
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
p.gif
sb.freeskreen.com/ 		0
359 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/p.gif?fsk-px=UExBTiBJbnRlcm5hdGlvbm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
cache-control
no-cache, no-store
server
Apache/2.4.29 (Ubuntu)
expires
-1
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/ Frame FD57 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer
https://elb.the-ozone-project.com/
Origin
https://elb.the-ozone-project.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
last-modified
Mon, 17 Apr 2023 20:41:48 GMT
server
cloudflare
etag
W/2023.4.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7d10750709e94bca-YUL
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/ Frame 6770 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer
https://elb.the-ozone-project.com/
Origin
https://elb.the-ozone-project.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
last-modified
Mon, 17 Apr 2023 20:41:48 GMT
server
cloudflare
etag
W/2023.4.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7d10750709ec4bca-YUL
AdsenseBlockView.
fundingchoicesmessages.google.com/f/AGSKWxV8ChRlMyDaqynYScpiUc_vDQIGItw2YTX8D2GFO-YUgjZl6LzBxvN1BK9ogvz81b77Me05SjSdNBcjlwpf2_uLbYR4PaWfjpUaDoFBy0vAaf9hysxqa3nGkTSN4wtP_4P-EsTCs0e_uDhdJ3UOc15q1yW6g... 		54 B
109 B 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxV8ChRlMyDaqynYScpiUc_vDQIGItw2YTX8D2GFO-YUgjZl6LzBxvN1BK9ogvz81b77Me05SjSdNBcjlwpf2_uLbYR4PaWfjpUaDoFBy0vAaf9hysxqa3nGkTSN4wtP_4P-EsTCs0e_uDhdJ3UOc15q1yW6gUfdBRyglJ_ol8aa1tfmdRCkYRFCQpZh/__336x280s./Styles/Ad_/adsame1._html5/ads./AdsenseBlockView.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4c89acfa2eecebb2c3696f96f81436da61cbf6a8c12355108042c670b7da8c9f
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-IPspmpHZeQQ5ys7mBbzRXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-IPspmpHZeQQ5ys7mBbzRXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
show_companion_ad.js
pagead2.googlesyndication.com/pagead/ 		45 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/show_companion_ad.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e87ea3f39a0aa9666ab229df5ab7dee7b8672c53b705c8e6791716cc00ab2b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 13:50:38 GMT
content-encoding
br
x-content-type-options
nosniff
age
3047
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15534
x-xss-protection
0
server
cafe
etag
8365535037331017125
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Fri, 02 Jun 2023 14:50:38 GMT
AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xm_WAAeiLuCu3Z_62m7qtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-xm_WAAeiLuCu3Z_62m7qtw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.thespec.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305300101&jk=1993785869996969&bg=!_f6l_qrNAAY9J7QfHSc7ADkAdvg8WiBViXSZEj7jTSp6-HFbeaZ5cKmpZILqXZBevg7DKl0LcTYHvlmD8um78qwwcgxNJOuWlUQCAAAArVIAAAAEaAEHmQLmPhSGwNoPyVMXkG7pAcKS9OxzdxpAxwA6PtAXwWwfq6fAaNgYuec2eIGOfPBcVEiTT-aiPihSpp82Rdl9_f0C8SKEuC1ODc3wv3MVcXBW8sqqjzs6qY1NAtls7KxIF7c2h3kLW-UZjs4vn-ov91JrFZe_3GBlcV3MaYE33rUlPQnxwXK1oGxpbJX1itXhiyB2FhKiK9QIfBd9YxewT_gdrhkqddyZF5qGH1P7LhrwjBGIVTfYvIpllM8ojNu_uzObMTtKaZK6nRIP_SECs2fRy75tJm8CS8KD8NVvQc8YQyXoneqdAEt81fGae1fCFOelX5hAEJpKrbIioRkK3mKeR6CCE3bwUZ7JS6j1yCuTRm-FvYx0bqN66xOXYC-ou4QXr2lbXSFyOPFCY2avbnwvERK8Qy1ACRWF7OgPKaYZTXMaFCHzEykflX2rtSEtqCQ7sXNTKAucsfBrXBlD1u79pqrjEfudQGf_FHO6tqAhhm5ZBxZTAeN8VYa0_yhx-ghsjcIZzy1V2HzJOZfa0mXAfT-39WBEb907l3dgCAOZ7k_6X8VO5iXL_EWnpSyE8c5ux9MXJejb3eOswhVxOb5aOB8mlmvxXNC1PEGMR_IgIHxbAPsMNLJqTUO6e9AHGsYzezuANnWjxlT3iehqA2KIIEKL1sZxUQLOylqTRe6_Kg-qLlc4Ql74L5HNdZoKFfWFwFti-tCRmIoYnkOR6y9By6i6j5YtejEd93HFDW431ttS5i7zWubcX_vQDMKqOERYFofA4-JgZcwgZstmp0aIqTn7Ku8FrHdfPelWHaG4JHYtW6ROFJIhDxYgxayXUW_07EB6SPgsyGFQ5TTTVXJJxOOyKd9bqG1G1CKQb9JuS7z02yY45t1mSH23Le6reOn_Ri9YGNGaDbsRDTfs3fLpGeAc46C3E-91orRsbKwxWBdhixvNuVEi5mdlwZJU4zrVXquBal1WIAkfkE_8Vl6vwdnYXwWkCg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers
ac
ww1772.smartadserver.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ww1772.smartadserver.com/ac?pgid=662773&insid=7974420&tmstp=5906735474&out=js
Requested by
Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?bai=22&ut=&uts=&p_cust_params=amznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9&flc=other&slc=&windowlocation=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&usp=&gdpr=-1&cs=-1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.200 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
a5702526838a6eb12aeccef5256084709af4cdbe217bd3f7f405750ef1e64d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
transfer-encoding
chunked
vary
Accept-Encoding
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-type
application/javascript; charset=UTF-8
x-smrt-i
7974420
cache-control
no-cache,no-store
usync.html
eus.rubiconproject.com/ Frame ABF9
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=123456&endpoint=us-west
  • https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Requested by
Host: sb.freeskreen.com
URL: https://sb.freeskreen.com/publisher/script.js?bai=22&ut=&uts=&p_cust_params=amznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9&flc=other&slc=&windowlocation=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&usp=&gdpr=-1&cs=-1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-3-115-102.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 02 Jun 2023 14:41:25 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 02 Jun 2023 14:41:25 GMT
location
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
server
AkamaiGHost
um
sb.freeskreen.com/
Redirect Chain
  • https://sync.smartadserver.com/getuid?url=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fsa%3D%5Bsas_uid%5D
  • https://sync.smartadserver.com/getuid?url=https://sb.freeskreen.com/um?sa=[sas_uid]&cklb=1
  • https://sb.freeskreen.com/um?sa=4899499267815600390
43 B
513 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/um?sa=4899499267815600390
Protocol
H2
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1

Redirect headers

location
https://sb.freeskreen.com/um?sa=4899499267815600390
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:24 GMT
cache-control
no-cache,no-store
content-length
0
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
um
sb.freeskreen.com/
Redirect Chain
  • https://scm.publishers.tremorhub.com/pubsync?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
  • https://scm.publishers.tremorhub.com/pubsync/verify?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Ftlr%3D%5Btvid%5D
  • https://sb.freeskreen.com/um?tlr=b15466c1a4df42ea8ae7307ecce0928e
43 B
447 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/um?tlr=b15466c1a4df42ea8ae7307ecce0928e
Protocol
H2
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1

Redirect headers

location
https://sb.freeskreen.com/um?tlr=b15466c1a4df42ea8ae7307ecce0928e
date
Fri, 02 Jun 2023 14:41:25 GMT
server
nginx
content-length
0
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
um
sb.freeskreen.com/
Redirect Chain
  • https://cs.admanmedia.com/sync/smaato?redir=https%3A%2F%2Fsb.freeskreen.com%2Fum%3Fac%3D{$UID}
  • https://sb.freeskreen.com/um?ac=a509cb99-84c4-4273-928a-80cb4d2c48da
43 B
450 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/um?ac=a509cb99-84c4-4273-928a-80cb4d2c48da
Protocol
H2
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1

Redirect headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:25 GMT
Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Server
nginx
Transfer-Encoding
chunked
X-Frame-Options
DENY
Location
https://sb.freeskreen.com/um?ac=a509cb99-84c4-4273-928a-80cb4d2c48da
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
0
um
sb.freeskreen.com/
Redirect Chain
  • https://loadeu.exelator.com/load/?p=204&g=1300&j=0
  • https://loadeu.exelator.com/load/?p=204&g=1300&j=0&xl8blockcheck=1
  • https://sb.freeskreen.com/um?ni=fdaeb7bd12b38e35d3c03177ddb57261
43 B
470 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/um?ni=fdaeb7bd12b38e35d3c03177ddb57261
Protocol
H2
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1

Redirect headers

date
Fri, 02 Jun 2023 14:41:25 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://sb.freeskreen.com/um?ni=fdaeb7bd12b38e35d3c03177ddb57261
content-type
image/gif
cache-control
no-cache
access-control-allow-credentials
true
content-length
0
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ Frame 6CCA 		90 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Wed, 31 May 2023 15:56:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
168283
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33018
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 May 2024 15:56:42 GMT
fsk.css
static.freeskreen.com/css/20210107205009/default/ Frame 6CCA 		50 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.freeskreen.com/css/20210107205009/default/fsk.css
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-103.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 02:19:09 GMT
Content-Encoding
gzip
Via
1.1 6f9ef5ae165c9835aa6935d9fb7e2072.cloudfront.net (CloudFront)
x-amz-version-id
5DtU9pV9aPv90d5PMlXs6Og9O1cWT0Fu
X-Amz-Cf-Pop
EWR53-P1
Age
44537
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
28958
Last-Modified
Thu, 07 Jan 2021 20:54:53 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1610052891/ctime:1610052892/gid:497/gname:jenkins/md5:ba07184144408ada0c1691c69221a457/mode:33188/mtime:1610052892/uid:498/uname:jenkins
ETag
"ba07184144408ada0c1691c69221a457"
Content-Type
text/css
Accept-Ranges
bytes
X-Amz-Cf-Id
LyUglD8MgrBK9pCEKnTNj2q1QXYVO1z4aI1qigGw2YUk-tlnyzErOw==
t.gif
sb.freeskreen.com/ Frame 52A9 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716885&p=51&c=5175&ttm=1685716885045&s=&d=&v=&t=88bda384-1478-42f1-ad5f-928f7345d741&co=CA&pr=CA-QC&ci=Montreal&dm=GM&flc=other&slc=&e=AdOpened&m=2&x=null
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
cookie_sync
elb.the-ozone-project.com/ Frame FD57 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/cookie_sync
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb15acf8664551bb35fa66c11f3505770bca9ca021adc8bbb7d963ba2a908ab8

Request headers

Referer
https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://elb.the-ozone-project.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
7d1075079c5254b5-YYZ
expires
0
cookie_sync
elb.the-ozone-project.com/ Frame 6770 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/cookie_sync
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75ccdeee26a8564a51ce241d50bbd89b96f6290c71fad550e3b40862b1333812

Request headers

Referer
https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://elb.the-ozone-project.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
7d107507ac5854b5-YYZ
expires
0
1227
experience-api.sofiapulse.com/api/v1/serve/ Frame A244 		11 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://experience-api.sofiapulse.com/api/v1/serve/1227
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4775 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52ce4e88e775047f2dda9504da03d0ecb2c7d3020c83eee8bf2f13367ae5d9ff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qzZBII49TjNe0FoeSahq2%2BOa64cx3KKVVJU6g24FyasOPPpE%2FCw%2FYCXcgE356GvRa1%2FhfRrKB%2FDlIkmXs8RQF9%2Bkpu%2FXEESi58tCI%2BifXn%2FDtOIc9UFY01azA1Io5Nn7r6I8v7WWbOU0tZrAVM9y26IPzXOpLkYesqzX"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://creative.sofiapulse.com
access-control-expose-headers
content-range
cf-ray
7d10750848ed5a1c-IAD
2709b5442c4544f3b59b619cc5957714.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/2709b5442c4544f3b59b619cc5957714.jpg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
933a5026b7c285374462eab03154af744cd5e7e1cdde46c25984f5e944f598ca

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
a9b4939e-4eec-4540-87ea-075f6fcea863
ETag
"2709b5442c4544f3b59b619cc5957714"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
a9b4939e-4eec-4540-87ea-075f6fcea863
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25057
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:25 GMT
9ae4173fd8b054fe974f31c547fa3089.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/9ae4173fd8b054fe974f31c547fa3089.jpg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
6bc91c9f5be45ff817c94a258337d80f9294adaaaaf25fc398ade94c1fede77a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
45372916-33c6-4c98-9bb4-313538b08931
ETag
"9ae4173fd8b054fe974f31c547fa3089"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
45372916-33c6-4c98-9bb4-313538b08931
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21374
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:25 GMT
2e677d32f06b9a87a95b8f293e3d20a2.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		23 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/2e677d32f06b9a87a95b8f293e3d20a2.jpg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
24a49691a5fcf930fbb9f1433e0c14f0b99e173fbb81d7b604481b1ef2fae01d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
91aa64c6-39cd-4bd6-a458-1ccb9436e1f6
ETag
"2e677d32f06b9a87a95b8f293e3d20a2"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
91aa64c6-39cd-4bd6-a458-1ccb9436e1f6
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24059
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:25 GMT
7cd99337a832fa15a7e02a9b4a7d1e3d.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/7cd99337a832fa15a7e02a9b4a7d1e3d.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
0644c32180e603548fb16e195d88c0d4674b4c55151d125b9c3b7b7eae66936b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
ff8eb10d-b58c-4ba8-a40c-a5cd7b028a35
ETag
W/"7cd99337a832fa15a7e02a9b4a7d1e3d"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
ff8eb10d-b58c-4ba8-a40c-a5cd7b028a35
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
1140
Expires
Mon, 17 Jul 2023 14:41:25 GMT
3320ad190b36df52101287e6935f0e7b.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/3320ad190b36df52101287e6935f0e7b.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
f9514e6a79cc322c76d9e9690db3258d12c189493210efc272e064ec4d7b41c1

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
ecc4e6ed-5478-43bb-b26a-8d98af57f62f
ETag
W/"3320ad190b36df52101287e6935f0e7b"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
ecc4e6ed-5478-43bb-b26a-8d98af57f62f
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
1917
Expires
Mon, 17 Jul 2023 14:41:25 GMT
1123b787f0590184718088c4a36b48f0.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		9 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/1123b787f0590184718088c4a36b48f0.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
584bcd74aa62107dc290e6de5d5cc3f0bb939205b05110660b78458c45374cc5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
9d3437a2-7322-4c57-b489-38161e579335
ETag
W/"1123b787f0590184718088c4a36b48f0"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
9d3437a2-7322-4c57-b489-38161e579335
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
2637
Expires
Mon, 17 Jul 2023 14:41:25 GMT
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26...
  • https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
0
737 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107508be1254b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
date
Fri, 02 Jun 2023 14:41:25 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
cookie
cm.adform.net/ Frame 6770 		43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.133 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
server
nginx
content-length
43
content-type
image/gif
4b36d169fd830d278327f27a4b07622e.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/4b36d169fd830d278327f27a4b07622e.jpg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
41b6651b577e89020ffd1463fd5b0bc83bacd1f42eb24a47d8f334cd016d91ed

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
58af8fe6-0497-4b51-bb32-87de8b745da5
ETag
"4b36d169fd830d278327f27a4b07622e"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
58af8fe6-0497-4b51-bb32-87de8b745da5
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31070
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:25 GMT
a99cda983a8f061ba9520b7a5eb19926.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/a99cda983a8f061ba9520b7a5eb19926.jpg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
b4790478ab91a0e87ed9f99695a63759965be84c2a275bae7ba98ec5ddb2ef8a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
ae91d02f-7b40-4d48-92d5-86366d598d27
ETag
"a99cda983a8f061ba9520b7a5eb19926"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
ae91d02f-7b40-4d48-92d5-86366d598d27
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22237
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:25 GMT
d57314b06a730ba193e2bb310268f5f8.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/d57314b06a730ba193e2bb310268f5f8.jpg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
4daa42737db10de9d5295b04f962e97bc9d31c86d6ed1ceac99b883f7f89b780

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
ee53377d-521a-4e8b-aa7f-12d470b449bb
ETag
"d57314b06a730ba193e2bb310268f5f8"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
ee53377d-521a-4e8b-aa7f-12d470b449bb
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
26813
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:25 GMT
84017edb238ae0162d304e72913cc0bc.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		8 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/84017edb238ae0162d304e72913cc0bc.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
a37b2b0d2c0bb535df01f28a974fef976dd94862c81188134dd5dace2e94b73b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
2b3e4682-26d1-405a-8c82-53684870807d
ETag
W/"84017edb238ae0162d304e72913cc0bc"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
2b3e4682-26d1-405a-8c82-53684870807d
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
2262
Expires
Mon, 17 Jul 2023 14:41:25 GMT
7cd99337a832fa15a7e02a9b4a7d1e3d.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/7cd99337a832fa15a7e02a9b4a7d1e3d.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
0644c32180e603548fb16e195d88c0d4674b4c55151d125b9c3b7b7eae66936b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
4480d705-a3ec-4db4-95fe-d34b83cc731a
ETag
W/"7cd99337a832fa15a7e02a9b4a7d1e3d"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
4480d705-a3ec-4db4-95fe-d34b83cc731a
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
1148
Expires
Mon, 17 Jul 2023 14:41:25 GMT
94647215ff03b637e7b1d764e389f026.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/94647215ff03b637e7b1d764e389f026.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
2f4b2c82c058c5607049981652cf61e27e46e2afb00047baa36529ade3e1d8a8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
5fa251b6-d3ac-4b58-aa30-175a759a52d2
ETag
W/"94647215ff03b637e7b1d764e389f026"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
5fa251b6-d3ac-4b58-aa30-175a759a52d2
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
1818
Expires
Mon, 17 Jul 2023 14:41:25 GMT
usync.js
eus.rubiconproject.com/ Frame ABF9 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-3-115-102.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
0b6d1e665ed037683597a779c1d367c8d58c182bf7fd76c8ed651ce6e43f5cb8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Fri, 02 Jun 2023 02:13:43 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=41594
Connection
keep-alive
Content-Length
10112
Expires
Sat, 03 Jun 2023 02:14:39 GMT
AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EJVgBqWRSWT9-_Q6JcSxAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-EJVgBqWRSWT9-_Q6JcSxAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.thespec.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
rum
elb.the-ozone-project.com/cdn-cgi/ Frame FD57 		0
137 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
application/json

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://elb.the-ozone-project.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7d107508adfe54b5-YYZ
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&kq=1&lo=0&qs=1&ak=-&i=TORONTOSTARCONTENT1&ud=false&qm=0&qn=6OZw%3DoHB%2CEF%3FKC1I%3Cq.bWoCSV2W0Su*TDXlCfX2iR2%25(GyHN%3DI(%2C%3Ba15lK1t!9ZpAH..4iwM%25z4mc4djG%3D_11%5Dz(m3%7CuK9~P%5DDohjO%7BcEKHD%40%404KrD(KA.E%24C%23I%3BC%2FVKw(%24Y4%5D%2B)%60K%3A%3A%2FAwJ_%5B%259%5BHhUKF%5EhRZ8!v%5ETm_h%7CR%22%3Ba%3CgeMBC.F%5BNVfBB2%2B%7BLTaU%40%5BG%2BQVxtRF%3BmXB7I%22u%25B_QIx)%2CaqRBXED%3Fd%5BvP%25l7g(ksGBGN35*mUx!f%2Bwb%7B!wJu4DmSUw%3ClE8kJBdSX%5EZFKC%2C)Ib%3BA8%2266%3CBl%3F%24b%3AameaUc%5EKu%3BUDXp%2B3W%60R2zA.Nt%7CQjtoDxpwoFKR*emgSuR)%2Cea*X%3Dy%3E%5B%25B7k.%3ETy%25.8e%40GW*_)9L%2CzVx)rOS2z.%5BOCDTWRe%2Ba%2Fke%3BR30982iYBgDzb%23Ls1(u0EnUa%3Fwb%26k!C%24%26J%3BBcJVrwLy%3Aaq%24StZzTm!ja8V%22%3BU%5DDTg%7Df%2FH%40%26%2Bc%5B5IUOG(%2CWV%7BGrV~1HmDkP8D4rUDtmxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BC%24%3D!!t%3C%2C%5BhKjmfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BlTr1W*d%5BOCF%259%3CUYoo813_xB%2CN22Ib%40aFB&qp=00000&qq=000001000000&qr=0&gz=0&hh=0&hn=0&qt=0&bq=0&g=3&vc=2&pl=1&fl=1&sr=0&sb=0&sq=0&sa=0&sn=0&sj=0&sm=0&si=0&md=28&mc=28&lb=6826&la=1200&ld=1200&lc=1200&cw=1600&cx=1200&sh=6014&xa=0&xb=0&xc=0&h=4&w=4&dnt=0&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&cm=7&f=0&j=https%3A%2F%2Fnews.google.com&o=3&t=1685716880420&de=95314933683&cu=1685716880644&m=5451&ar=5072747-clean&cb=0&ll=2&ln=0&gh=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1285&lk=undefined&le=1&gm=1&io=1&ch=0&as=0&ag=0&an=0&gf=0&gg=0&aj=0&pg=0&pf=0&cc=0&bw=0&bx=0&dj=0&aa=0&ad=0&cn=0&gk=0&gl=0&cq=0&em=0&en=0&bu=5080&cd=1337&ah=5080&am=1337&re=1&wb=1&ai=541&cl=0&at=0&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&gw=torontocontentstarcontent37863992&ab=1&ac=1&fd=1&kt=strict&it=500&fs=98876&na=1406356847&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:25 GMT
player-hb.js
static.freeskreen.com/scm/player/20220512a/ Frame 6CCA 		265 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.freeskreen.com/scm/player/20220512a/player-hb.js
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-103.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7593edef4fac359caa7af33a6dd858bb61d55dc94cba56a7b8cd60b4ad91901a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-amz-version-id
B.pU59iOZ7vch5pl8Poi2lP75a4Wmjof
Content-Encoding
gzip
Via
1.1 6f9ef5ae165c9835aa6935d9fb7e2072.cloudfront.net (CloudFront)
Date
Fri, 02 Jun 2023 14:34:35 GMT
X-Amz-Cf-Pop
EWR53-P1
Age
412
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
69075
Last-Modified
Thu, 12 May 2022 07:43:21 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1652341392/ctime:1652341398/gid:20/gname:staff/md5:77b47af586c42f73ef56d7917f4cc5a7/mode:33188/mtime:1652341392/uid:501/uname:mickael
ETag
"77b47af586c42f73ef56d7917f4cc5a7"
Content-Type
text/javascript
Accept-Ranges
bytes
X-Amz-Cf-Id
1LslcpCspuqdxcu237bSQmyiAksUZMm3BzsJLkQaIr0DK5nbg5gRXA==
a368038dd4aae9eae81cd2b1eea04d64.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/a368038dd4aae9eae81cd2b1eea04d64.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
7c0807123881f2bb1ae740878a47b117ba2c4916493771566d1c541c1af72b14

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
eabe24a1-1a9c-4e7b-b229-a7613f22501a
ETag
W/"a368038dd4aae9eae81cd2b1eea04d64"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
eabe24a1-1a9c-4e7b-b229-a7613f22501a
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
1064
Expires
Mon, 17 Jul 2023 14:41:25 GMT
AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-NUCOKya_S_zBiJIYqktWoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-NUCOKya_S_zBiJIYqktWoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.thespec.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxWscRy9FvIye584XtRLjlQFA8akJiRDQ2a9WV5TIIZvSabcDSPDzkYYWOR07LMVuHyU6zFOALrtSJGAttnEWOB32w09DGbU2NbHenyVZDXQu_XVVjrAJw8l2ixKUz-632PBp3pGrQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-JxV_YM0btQJaMEYdjCanRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-JxV_YM0btQJaMEYdjCanRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://www.thespec.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxUjUyamQ7LUoBFwxPQK_-Zh446Ayifdotuq5pXreabmgNoTWyePym1aFHdDr4YWcKM12JXZgeRF_dRCFykicdfizVAki26e0GyrgO33wOCNQmiRhKSDDSQNFzG92XrhBxc147Tx4A==
fundingchoicesmessages.google.com/f/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxUjUyamQ7LUoBFwxPQK_-Zh446Ayifdotuq5pXreabmgNoTWyePym1aFHdDr4YWcKM12JXZgeRF_dRCFykicdfizVAki26e0GyrgO33wOCNQmiRhKSDDSQNFzG92XrhBxc147Tx4A==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjg1NzE2ODg1LDkwNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3LnRoZXNwZWMuY29tL3RyL25ld3Mvd2F0ZXJsb28tcmVnaW9uLzIwMjMvMDYvMDEvdW5pdmVyc2l0eS1vZi13YXRlcmxvby1pbnRlcnJ1cHRzLXN1c3BlY3RlZC1yYW5zb213YXJlLWF0dGFjay1vbi1pdHMtb25saW5lLXN5c3RlbXMuaHRtbCIsbnVsbCxbWzgsInpmMVVkS1VZTU1jIl0sWzksImVuLVVTIl0sWzE2LCJbMSwxLDFdIl0sWzE3LCJbMF0iXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
778fc1b6d4ae51a0299f25884e1725aa448ce7ef85b62deb6d57a5c475fd976c
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-iGWdypfCmghpD5fhRr6XAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-security-policy
script-src 'report-sample' 'nonce-iGWdypfCmghpD5fhRr6XAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
69c85124c99f68941ea8cdb8cafe8e28.svg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/69c85124c99f68941ea8cdb8cafe8e28.svg
Requested by
Host: crcdn01.adnxs-simple.com
URL: https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
7ed26f64b9349be7a581f317b073385996f0bc320ba48384b6dcffc4c2a27f38

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:25 GMT
Content-Encoding
gzip
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
0c4ff266-38a6-4039-a40a-af74045a46b0
ETag
W/"69c85124c99f68941ea8cdb8cafe8e28"
Vary
Accept-Encoding
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
X-Clv-Request-Id
0c4ff266-38a6-4039-a40a-af74045a46b0
Cache-Control
max-age=3888000
Connection
keep-alive
X-Clv-S3-Version
2.5
Content-Length
1134
Expires
Mon, 17 Jul 2023 14:41:25 GMT
um
sb.freeskreen.com/ Frame ABF9
Redirect Chain
  • https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=123456&khaos=LIEOB497-C-4XP5
  • https://sb.freeskreen.com/um?mg=LIEOB497-C-4XP5
43 B
528 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/um?mg=LIEOB497-C-4XP5
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=123456&endpoint=us-west
Protocol
H2
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://sb.freeskreen.com/um?mg=LIEOB497-C-4XP5
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
e8ee3bea2ab086361542c3b52b688813
Expires
0
1029.7f700bc9.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		104 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/1029.7f700bc9.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68cbd98efce174f2bb086fdd54dfbfd750810b267d0f0d6b218ac879ec16066b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:58 GMT
server
cloudflare
age
183
cf-polished
origSize=106478
etag
W/"645a78c6-19fee"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yVeP9whPonc8yYnT0gAnKzHhcY2qV7sMBe%2BFZ8s%2FXlsFa%2BKJHi%2FEWMK%2BT593yD0YpkQyQwjT4nfLGdgZndzqyNQ%2FTgQi%2BCJYZ2TJtL7budCoh5KlGljtgkCBk5RhhS4OeXGO0Fsxt10QOsk9mni5Ch2OzOlR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075095a135b17-IAD
9446.d7b1a725.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		55 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/9446.d7b1a725.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf495f35900eede4a1b3c50f090fa5f350c4ba063b418e0b0aaf666ef92b8426

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:46:02 GMT
server
cloudflare
age
183
cf-polished
origSize=55974
etag
W/"645a78ca-daa6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emw9IyPYxzjscIakYMA2fomqtpcTlEnlR%2BSAFeQ51T6wBmb4BxDGv95cxiR%2F2Xka7tmX4QNKYlzrdti9LGiFrEUhxBpMggHURBFo4FlFhdY4KPedrlDArMhrhocZOJaY1xCtEr3XimqjnlatGlMw7C9cHHGJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075095a145b17-IAD
9962.37d1ce62.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		26 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/9962.37d1ce62.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d67b9ab178f9e1240ce38ef9a9f1fc812749f76988dfade5f82642535eefbff5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:46:03 GMT
server
cloudflare
age
183
cf-polished
origSize=26577
etag
W/"645a78cb-67d1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YABgQ9hx4W9UwrbLvlmZLpZ6DL1AV%2FVZpSweouIV7%2FxevWRbWX7Q0KxitFtaqttqCVr6hUsLG8X8cUAhU5VNL8%2FyRgu8Hx5KmpZoWo4FLU%2FE2UNSHeQwz9GirGJ%2FKsqbB6rnhVd6wAq1u7zLKC0kYEZmCj5C"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075095a155b17-IAD
8512.ad351c7f.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/8512.ad351c7f.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd65d9dfe9b33154a8cad2984b5af82ed36694f3a7e1b9e5ac14300569de7ed3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:40 GMT
server
cloudflare
age
182
cf-polished
origSize=10407
etag
W/"645a78b4-28a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHv1%2FbybnBckg1NKQmu%2B40V6UcYerQkhM%2BgXo%2FeV4XzfqGQ6H5FwGfEcv9i0m%2FZTCOkTQtBogwFFVu04SXJHzJGT9aXycaF9v03mFQEbGpWxe3CkpjCCZxy%2BgkxfVMVCU0GT%2F77n6ANRJtURNQNKFNQZagET"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075095a175b17-IAD
1852.22290b4b.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		50 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/1852.22290b4b.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2db8e30047815010ad310b23e7812789cda1be619862ae76e505c8fc1795dc83

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:47 GMT
server
cloudflare
age
182
cf-polished
origSize=51698
etag
W/"645a78bb-c9f2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIn%2BUCF3SBTYAIv8zWooZM%2Fp%2FGMfAjUZPqLZo%2FKWMgZMAaFqu4p%2BzprguZdc%2Bcay9hOrgNbEeLyticFy%2BID8D8aX7n4rkr2fV7X7aS8KDcu50f1CZHCwD3l3auLmnVqXQB5x27eGOvbe2J2bBNtbpp3HUNjF"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075095a195b17-IAD
2953.09331fa1.chunk.css
creative.sofiapulse.com/static/css/ Frame A244 		2 KB
1008 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/css/2953.09331fa1.chunk.css
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86b970715982c67383219d957ad8f76315420dd79e66c2d8377bc995e3f872e3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:34 GMT
server
cloudflare
age
182
cf-polished
origSize=1740
etag
W/"645a78ae-6cc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x7lCVcQaxGE%2BdETFTbj9qyZuowKkxjdgTMGjohUjaKJFmUzfs6r2dBOQPe7LJPiGvDruCHnhcNJN6o8lwKNfNQfip%2Bezg3%2Bts%2F4sJLhDqRl79vi3pY3eWmZw2zOwdfXtcBUOHVjdCHn2o4GZIFfxRg1%2BgBGA"}],"group":"cf-nel","max_age":604800}
content-type
text/css
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075095a1a5b17-IAD
2953.8c918ff1.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/2953.8c918ff1.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ee89ce6941fb1e9eb99d7d7fd1682b40838cc53953c45af6da2e84052e734dd

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:25 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:46 GMT
server
cloudflare
age
182
cf-polished
origSize=13772
etag
W/"645a78ba-35cc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Eb%2BMwKzfNDq10n3lzeLXaciKPY%2F9%2BazmVbvlDbn%2BUqNM7SvZ%2B8RG3tngxQCI0fWlezOxmCIOXtLRPW3QpORe7lWJHZX4ldcH%2Bsc72wduHBhxHLMYqMrrCzpTAE%2BdpiP6tDUwm2VBaigcjgCWCiXkyQuuMVD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d1075095a1b5b17-IAD
usync.html
eus.rubiconproject.com/ Frame A16A
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=smartadserver&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
Requested by
Host: ww1772.smartadserver.com
URL: https://ww1772.smartadserver.com/ac?pgid=662773&insid=7974420&tmstp=5906735474&out=js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-3-115-102.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 02 Jun 2023 14:41:26 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 02 Jun 2023 14:41:25 GMT
location
https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
server
AkamaiGHost
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=u40cpuw&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
0
926 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107509af8054b5-YYZ
content-length
0
expires
0

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
215
F44630BFF8F3C6CE4CE115B339AF014D.cache.js
static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/ Frame 6CCA 		98 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.freeskreen.com/gwt/20210107205009/advertisement/freeskreen_splitbox_client/F44630BFF8F3C6CE4CE115B339AF014D.cache.js
Requested by
Host: news.google.com
URL: https://news.google.com/rss/articles/CBMikwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2Ytd2F0ZXJsb28taW50ZXJydXB0cy1zdXNwZWN0ZWQtcmFuc29td2FyZS1hdHRhY2stb24taXRzLW9ubGluZS1zeXN0ZW1zLmh0bWzSAQA?oc=5&hl=en-CA&gl=CA&ceid=CA:en
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-103.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
19ac7f7f03270e923c602d544845da674a088cbb610a4c76a6445f0d075b7d0f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

x-amz-version-id
jP3BhKySKcISIxarwq4cPXWHxkq.8vAk
Content-Encoding
gzip
Via
1.1 6f9ef5ae165c9835aa6935d9fb7e2072.cloudfront.net (CloudFront)
Date
Fri, 02 Jun 2023 03:44:03 GMT
X-Amz-Cf-Pop
EWR53-P1
Age
39444
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
34110
Last-Modified
Thu, 07 Jan 2021 20:54:06 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1610052721/ctime:1610052845/gid:497/gname:jenkins/md5:ffc2c23e98e50d5acfafe8ccfc4dc585/mode:33188/mtime:1610052721/uid:498/uname:jenkins
ETag
"ffc2c23e98e50d5acfafe8ccfc4dc585"
Content-Type
application/javascript
Accept-Ranges
bytes
X-Amz-Cf-Id
F5AEjWmcMEBGQ4BRvNxqMtScc-d2vUlcoCMw1oFXKDRSoT0I_zPzYw==
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716885&p=51&c=2886&s=undefined&d=&v=&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=AdOpened&m=2&x=null
Requested by
Host: www.thespec.com
URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
css2
fonts.googleapis.com/ Frame A244 		2 KB
590 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@400;500&display=swap
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/css/2953.09331fa1.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:805::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
492584db86b05db92e84082fb80ac2d2944bc4c7c8d9ef82cdf8c880b7cee02d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 02 Jun 2023 14:39:09 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 02 Jun 2023 14:41:26 GMT
AGSKWxUU57Ks8mkVFivlh5OoOOG9myr_t1XH1Eoha3DoUplzUnOIrO98DyOLcRWNz4jxagoP-7YH55lmjwfrMcRl_aTjipdWlN0JO2S-ril3SoC4OIqmxzkD9VZFey8c5Q1mA4J61odGJQ==
fundingchoicesmessages.google.com/el/ 		0
28 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUU57Ks8mkVFivlh5OoOOG9myr_t1XH1Eoha3DoUplzUnOIrO98DyOLcRWNz4jxagoP-7YH55lmjwfrMcRl_aTjipdWlN0JO2S-ril3SoC4OIqmxzkD9VZFey8c5Q1mA4J61odGJQ==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.zf1UdKUYMMc.es5.O/d=1/rs=AJlcJMwVc_l9vdSpYgOvLRhE0vzBxKUWVA/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::200e Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Su6m-zdFbQY7GLofs6fJrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Su6m-zdFbQY7GLofs6fJrQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.thespec.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame A16A 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.3.115.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-3-115-102.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
0b6d1e665ed037683597a779c1d367c8d58c182bf7fd76c8ed651ce6e43f5cb8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:26 GMT
Content-Encoding
gzip
Last-Modified
Fri, 02 Jun 2023 02:13:43 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=41593
Connection
keep-alive
Content-Length
10112
Expires
Sat, 03 Jun 2023 02:14:39 GMT
creative
track.sofiapulse.com/ Frame A244 		0
187 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://track.sofiapulse.com/creative?event=view&frameId=leo7ujvc&flowId=1227&campaignId=357&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&domain=thespec.com&path=%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&userId=ltskee2dw&sessionId=hetaki8gc&time=1685716886152
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.18.203.134 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-18-203-134.us-east-2.compute.amazonaws.com
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

access-control-allow-origin
https://creative.sofiapulse.com
date
Fri, 02 Jun 2023 14:41:26 GMT
cache-control
no-cache, private
access-control-expose-headers
link
server
nginx/1.10.3 (Ubuntu)
content-type
text/html; charset=UTF-8
esolhciycdebkybwkwub.png
s3.us-east-2.amazonaws.com/content.sofia/ Frame A244 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.us-east-2.amazonaws.com/content.sofia/esolhciycdebkybwkwub.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.107.9 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
0a9eb8fb1f1adc5c521abe5636479140a4bad2c57658cdb304695e0610b8aaf2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
Last-Modified
Tue, 28 Feb 2023 12:21:52 GMT
Server
AmazonS3
x-amz-request-id
X226PMAVJ3XPBQQT
ETag
"e9cd08cb7958bce42a16c9d8733018cb"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
19893
x-amz-id-2
cihtRTZK4j0XxVZ+QNJNjQc3U13BdXhgSe5WmEy9QYUE/TNokj7PWwteNJPYrlIXvxXyGpEOWZU=
pesanmezllnjidebpsxe.png
s3.us-east-2.amazonaws.com/content.sofia/ Frame A244 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.us-east-2.amazonaws.com/content.sofia/pesanmezllnjidebpsxe.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.107.9 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
94be855965ff490c48ad636198f79f54888f1af352f2f6929f06eea2e42461b2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
Last-Modified
Tue, 28 Feb 2023 12:26:56 GMT
Server
AmazonS3
x-amz-request-id
X221AFBE4XRFQ93S
ETag
"93fb28308f0ba5aaf7855af838b823b3"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
3543
x-amz-id-2
CE3qBQ+2z+48AV1amQszou2O0QsUSIg0RYpHRI0naPFxlyAeP1LdmgMxLIcieYeRKaK6+CNIt3g=
chkzwuwckozwgzohegjk.png
s3.us-east-2.amazonaws.com/content.sofia/ Frame A244 		380 KB
381 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.us-east-2.amazonaws.com/content.sofia/chkzwuwckozwgzohegjk.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.107.9 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
6c40bae72381e15e1961ef1088a508e05474b5f2a6c3656873454a310bc5a8a9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
Last-Modified
Tue, 28 Feb 2023 12:29:28 GMT
Server
AmazonS3
x-amz-request-id
X22F7Z780AE3FCYT
ETag
"7b8f10f761e9674219deb8bbd47bbaad"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
389367
x-amz-id-2
yfRRixeNKrvZnGHnBeKtTwE2aX/JqKN2IXDSascW2X63qQsYb0+o8hHf/6sQ4Vj85h4MvAEnnoo=
nwlsepbzgtcvokzvwtoi.png
s3.us-east-2.amazonaws.com/content.sofia/ Frame A244 		497 KB
497 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.us-east-2.amazonaws.com/content.sofia/nwlsepbzgtcvokzvwtoi.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.107.9 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
33000d6e4cc873115b00d2548f25df7878521d20150242d336409c04782f0484

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
Last-Modified
Tue, 28 Feb 2023 12:29:45 GMT
Server
AmazonS3
x-amz-request-id
X222VWTNA4DP2BF7
ETag
"7b8ef06d25571980a019c0eeac5a2185"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
508672
x-amz-id-2
+QQi7Our8MQ5r/6mNO6G0NRaHlTg+4K/rMMJ4IAaIaNnEI2pjTe1/k3Aj5s+R51aChuSN0bK0Zc=
jbpyxivajdsyignhcdju.png
s3.us-east-2.amazonaws.com/content.sofia/ Frame A244 		339 KB
340 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3.us-east-2.amazonaws.com/content.sofia/jbpyxivajdsyignhcdju.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.219.107.9 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3.us-east-2.amazonaws.com
Software
AmazonS3 /
Resource Hash
b3936c1c4ae0fadf9f39ed209319744448d770f253bb59ac3ff6a3137a50ebed

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
Last-Modified
Tue, 28 Feb 2023 12:30:05 GMT
Server
AmazonS3
x-amz-request-id
X229SRPX90AXCJMF
ETag
"5f255a17acfcf127b16007f0b247d31e"
x-amz-server-side-encryption
AES256
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
347333
x-amz-id-2
dti6dRg8seB1xTltPOixxGNUl+CGNPEXiLQg2Pmx3xa4uZqgMzRHqEhLA3aSKM83CZF3ChPu0do=
cookie
cm.adform.net/ Frame FD57 		43 B
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.5.133 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
server
nginx
content-length
43
content-type
image/gif
ThespecDFPBannerkeyvalue_1642054788.xml
video.freeskreen.com/18839/ Frame 6CCA 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.freeskreen.com/18839/ThespecDFPBannerkeyvalue_1642054788.xml?_cb=1685716886
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.34.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-34-68.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
688be45e0c758d6d89d8d9b00d376a34005e317ace40e1b89a981081db3c1d36

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 09:15:40 GMT
Content-Encoding
gzip
Via
1.1 6377b6d44129cf483b7fc47ee1f9b05c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
EWR53-C2
Age
19597
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
626
Last-Modified
Thu, 13 Jan 2022 06:19:49 GMT
Server
AmazonS3
ETag
"994cd376d00eaf8e0bb689e9764eea32"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Vary
Origin
Accept-Ranges
bytes
X-Amz-Cf-Id
ogozdPQXCuKtaCC751KbpIOHFMCbStQF-gG6SR_YGxAdC68fT8Ussg==
ima3vpaid
tpc.googlesyndication.com/ Frame 6CCA 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/ima3vpaid?vad_format=linear&correlator=1685716886&adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F58580620%2Fthe_spec%26description_url%3Dhttps%253A%252F%252Fwww.thespec.com%252Ftr%252Fnews%252Fwaterloo-region%252F2023%252F06%252F01%252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%26tfcd%3D0%26npa%3D0%26sz%3D640x480%26cust_params%3Damznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9%26max_ad_duration%3D30000%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D&type=js
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9fbfcca0a93c880396177a22dd132eab33ab43c63693935024dda40db6b93cba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://www.thespec.com
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1039
x-xss-protection
0
MagniteOutstreamLBB_1622229288.xml
video.freeskreen.com/26049/ Frame 6CCA 		997 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.freeskreen.com/26049/MagniteOutstreamLBB_1622229288.xml?_cb=1685716886
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.34.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-34-68.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
914225799176fb82d48ad192578a1e92a9e5b54157ffebe91b69d6bbdd1c1096

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:34:28 GMT
Content-Encoding
gzip
Via
1.1 ba636ce43f1cebcb0c172b8070a33b14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
EWR53-C2
Age
1198
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
622
Last-Modified
Fri, 28 May 2021 19:14:49 GMT
Server
AmazonS3
ETag
"ce0788086ebe7b59a934c49cf5412afc"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Vary
Origin
Accept-Ranges
bytes
X-Amz-Cf-Id
myUflZK66b-WOTvyYIeEpM4t-o_LQ0KRH9aRsB6WOIgbQywETJO3sg==
xpub
bid.g.doubleclick.net/xbbe/bid/ Frame 6CCA 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/xbbe/bid/xpub?deal_id=17108519_134511&max_duration=15&ord=1685716886&dc_sdk_apis=[APIFRAMEWORKS]&dc_omid_p=[OMIDPARTNER]&dc_vast=3&dc_rdid=
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f155.1e100.net
Software
cafe /
Resource Hash
5efbf37161ccf1f5079844a185c44c279d158b790972ab12a3cce258f3ca0384
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://www.thespec.com
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4064
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tag
pc022-cybt2.ads.tremorhub.com/ad/ Frame 6CCA 		55 B
565 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pc022-cybt2.ads.tremorhub.com/ad/tag?adCode=pc022-14nrj&playerWidth=603&playerHeight=338&playerPosition=3&srcPageUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&gdpr=0&gdpr_consent=&custom=2886&c2=en-ca&floor=USD:5&us_privacy=&fmt=json
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:612b:4264:fdb4:174:60b1:9ea2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
nginx /
Resource Hash
81da4cc843429a9adfc0c56c51cf32de8ee5879e2cb5e832bea0aeed1b07b97a

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
server
nginx
p3p
CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin
https://www.thespec.com
content-type
application/json;charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-tremorvideo-status
NO_AD
bid
ads.freeskreen.com/ Frame 6CCA 		0
197 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.freeskreen.com/bid?pid=51&tid=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&w=603&h=338&u=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&ip=149.56.153.189&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F114.0.5735.90%20Safari%2F537.36&g_co=CA&g_p=QC&g_ci=Montreal&g_d=GM&s_1=other&s_2=&cid=2886&sid=undefined&vid=298&did=19640&pf=500&ttm=1685716885133&eu_c=&eu_g=0&eu_ggl=0
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.17.44.206 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-17-44-206.compute-1.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache-Coyote/1.1
access-control-allow-methods
GET
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
expires
-1
/
rtb-csync.smartadserver.com/redir/ Frame A16A
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=smartadserver&khaos=LIEOB497-C-4XP5
  • https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LIEOB497-C-4XP5
43 B
405 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LIEOB497-C-4XP5
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=smartadserver&endpoint=us-east
Protocol
HTTP/1.1
Server
199.187.193.177 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://rtb-csync.smartadserver.com/redir/?partnerid=104&partneruserid=LIEOB497-C-4XP5
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
368ba1c92c09ff88b641150fbbf94341
Expires
0
7606.05ab0428.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		80 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/7606.05ab0428.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0e4f8cd4b1d94161ffc981f473c126aec81f2e8c7ad2cf4ebf72e2bc4537102

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:42 GMT
server
cloudflare
age
7176
cf-polished
origSize=82127
etag
W/"645a78b6-140cf"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4kKtJGfay8oRfCUbCjxxuxuOFerxzjNyeNTbDAOpVjOGfohoQUxLrHPiKbtyNxVnf1jKrkePPMv5HKlpBV8ecB2vo7Mf78WkpHc%2FjcSlwfI4%2Bp5Z3Tp0Rlnjr3%2Bl0v9Ul3bp0sMSVDc5MbloH%2B9kCIg3WFYc"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d10750abb0e5b17-IAD
794.f3d731e4.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/794.f3d731e4.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b45e54f6eb098d7cc9c09013051774e3773e0aa8a08dbda32e1508d814d64d7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:46:01 GMT
server
cloudflare
age
7176
cf-polished
origSize=14210
etag
W/"645a78c9-3782"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P5MhUvazet%2FeHUI5%2FNcM71qtxBL1Gn4xd3kU4%2FWpuBwIl%2FT2cP%2FTB%2FbPf2kMulGdgPi%2FcT8XtIsn00pOEGWlIPPCAvkqK8Yoj1wtkcbIEs3DL8MfhpNkHQ9zW96zaZO7Roi9BrgBQ1o9jQpKyo3sbWFW5sKR"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d10750abb115b17-IAD
9683.648b592a.chunk.css
creative.sofiapulse.com/static/css/ Frame A244 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/css/9683.648b592a.chunk.css
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c31624894ba6758871eec6194cec1fc1fd045f875c5b07a7fac312c8c3eae85

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:45:35 GMT
server
cloudflare
age
12
cf-polished
origSize=19786
etag
W/"645a78af-4d4a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jKlwYJNXhNUPBr5YcQj%2BYCAJdZDOAhV8nzDWB8WwF%2Bc24cl%2BpVyRjRzNDmy1HeTVjahHKLQU0Pz3H3Td%2FICnmruYyW3dwM5zHC57p%2FRSrRh31ZLxGtyqUgoU4BdVn1Lfa5oTf6On4u8q8yZTMOndM6iKX47F"}],"group":"cf-nel","max_age":604800}
content-type
text/css
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d10750abb125b17-IAD
1344.50aaca9e.chunk.js
creative.sofiapulse.com/static/js/ Frame A244 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://creative.sofiapulse.com/static/js/1344.50aaca9e.chunk.js
Requested by
Host: creative.sofiapulse.com
URL: https://creative.sofiapulse.com/static/js/main.39af1295.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3c56baac767b8d93df8119afcc3ff93bdf501db25b27f27a6bd586069ad1c7f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://creative.sofiapulse.com/flow/1227?clickUrl=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP6SpZpWDMvp8LABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAACC5lMZi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoAtiUOMwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521BhijzwjllrYaEILNz8oBGIvnXSAAKAAxmpmZmZmZBUA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3D&parentUrl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=ltskee2dw&sid=hetaki8gc
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
last-modified
Tue, 09 May 2023 16:46:00 GMT
server
cloudflare
age
7175
cf-polished
origSize=4365
etag
W/"645a78c8-110d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a77ufL24GCANz7xRyEz89mqE3812TDB320A5v3XD70P2%2FVTJTSesahiSDueQq%2B6ILOLCJ1vUleCjthhsXfoNyNTilsMKLVZKWIec2Q7CpAts%2FAp2T9J%2FTtJjD3h%2FiNNvJ4yH8QRfeoA7Gi76F8Iqjj9xcgGi"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
7d10750abb135b17-IAD
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
  • https://ads.avct.cloud/getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%...
  • https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
0
971 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750bda5e54b5-YYZ
content-length
0
expires
0

Redirect headers

Location
https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
Date
Fri, 02 Jun 2023 14:41:26 GMT
P3p
policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
Content-Length
151
Content-Type
text/html; charset=utf-8
vpaid_adapter.js
imasdk.googleapis.com/js/sdkloader/ Frame 0183 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/58580620/the_spec%26description_url%3Dhttps%253A%252F%252Fwww.thespec.com%252Ftr%252Fnews%252Fwaterloo-region%252F2023%252F06%252F01%252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%26tfcd%3D0%26npa%3D0%26sz%3D640x480%26cust_params%3Damznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9%26max_ad_duration%3D30000%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D%26channel%3Dvastadp&correlator=1685716886
Requested by
Host: static.freeskreen.com
URL: https://static.freeskreen.com/scm/player/20220512a/player-hb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
739486c9886037bb0606d58ebe345e35bb53da69643d5eceeb6ce255f68e6e4d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16093
x-xss-protection
0
last-modified
Thu, 01 Jun 2023 20:20:10 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
public, max-age=900
accept-ranges
bytes
expires
Fri, 02 Jun 2023 14:56:26 GMT
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=238737&v=17589&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Ftpc.googlesyndication.com%2Fima3vpaid%3Fvad_format%3Dlinear%26correlator%3D1685716886%26adtagurl%3Dhttps%253A%252F%252Fpubads.g.doubleclick.net%252Fgampad%252Fads%253Fiu%253D%252F58580620%252Fthe_spec%2526description_url%253Dhttps%25253A%25252F%25252Fwww.thespec.com%25252Ftr%25252Fnews%25252Fwaterloo-region%25252F2023%25252F06%25252F01%25252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%2526tfcd%253D0%2526npa%253D0%2526sz%253D640x480%2526cust_params%253Damznbid%25253D2%252526amznp%25253D2%252526article_b%25253Dtrue%252526assetid%25253D0f479f22-152f-4458-8510-6b3d72ba8d54%252526author%25253Drobertwilliams%252526cutpoint%25253Dlarge%252526env%25253Dbeta%252526environment%25253Dproduction%252526gs_channels%25253Dgs_tech%25252Cgs_tech_computing%25252Cgb_spam_high_med_low%25252Cgs_law%25252Cgv_crime%25252Cgb_spam_high_med%25252Cgs_education%25252Cts_dctn_dgr_bchlrs_dgr%25252Cts_dctn_lvl_trtry_dctn%25252Cts_dctn_styl_dlt%25252Cts_dctn_styl_gnrl%25252Cts_fmly_prntng_gnrl%25252Cts_fmly_prntng_tns%25252Cgs_law_misc%25252Cgs_education_university%25252Cgt_negative%25252Cgv_death_injury%252526key%25253D%252526kvcalais%25253Duniversity_of_waterloo%25252Ccomputer_security%25252Cpassword%25252Cwaterloo%25252Cransomware%25252Ccybercrime%25252Csecurity%25252Cprevention%25252Cemail%25252Cnational_security%25252Crebecca_elming%252526kvng%25253Dmyregion%25252Cmyrecord%25252Cmyneedtoknow%25252Cuniversity_of_waterloo%25252Ccyber_attack%25252Cransomware_attack%25252Ccloud%25252Conline_systems%25252Csmg_wrr%25252Csmg_waterloo_region%25252Csmg2_news%25252CInHouseArticle_therecord%252526permutive%25253D79992%25252C79993%25252C79994%25252Crts%252526pos%25253D1%252526prmtvsdk%25253Dweb%252526referrer%25253Dgoogle%252526refresh%25253Dfalse%252526registered%25253Dno%252526subscribed%25253Dno%252526tkspo%25253D9%2526max_ad_duration%253D30000%2526gdfp_req%253D1%2526output%253Dvast%2526unviewed_position_start%253D1%2526env%253Dvp%2526impl%253Ds%2526correlator%253D%26type%3Djs
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
async_usersync
ib.adnxs.com/ Frame 1CA2 		0
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9586&pub_id=1218883&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:26 GMT
AN-X-Request-Uuid
97b73af7-8b55-4e89-bb5b-2a7149a634fd
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vast.xml
optimized-by.rubiconproject.com/a/api/ Frame 6CCA 		28 B
342 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://optimized-by.rubiconproject.com/a/api/vast.xml?account_id=18488&site_id=373846&zone_id=2046650&size_id=203&p_aso.video.minduration=5&p_aso.video.maxduration=300&p_aso.video.api=2&p_aso.video.mimes=application/javascript,video/mp4,video/webm&rp_secure=1&tg_c.language=en&width=603&height=338&rf=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&p_aso.video.protocols=2,3,5,6&rp_floor=5.0&p_aso.video.playbackmethod=2&p_pos=0&tg_i.other=other
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.251.255 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-251-255.compute-1.amazonaws.com
Software
nginx/1.21.4 /
Resource Hash
71a904ba726ae38a8aa08425bae824e9850452b5c41a182bdc526a139ba3a9bc

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/xml
access-control-allow-origin
https://www.thespec.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
28
expires
Wed, 17 Sep 1975 21:32:10 GMT
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=1430630&v=26049&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Fvideo.freeskreen.com%2F26049%2FMagniteOutstreamLBB_1622229288.xml%3F_cb%3D1685716886
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
ads
pubads.g.doubleclick.net/gampad/ Frame 6CCA 		156 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=/58580620/the_spec&description_url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&tfcd=0&npa=0&sz=640x480&cust_params=Telaria%3Dleavebehind&ciu_szs=320x50%2C300x250%2C728x90&gdfp_req=1&output=vast&unviewed_position_start=1&env=vp&correlator=21848067&vpmute=0&vpa=0&vpos=preroll&cust_params=amznbid%3D2%26amznp%3D2%26article_b%3Dtrue%26assetid%3D0f479f22-152f-4458-8510-6b3d72ba8d54%26author%3Drobertwilliams%26cutpoint%3Dlarge%26env%3Dbeta%26environment%3Dproduction%26gs_channels%3Dgs_tech%2Cgs_tech_computing%2Cgb_spam_high_med_low%2Cgs_law%2Cgv_crime%2Cgb_spam_high_med%2Cgs_education%2Cts_dctn_dgr_bchlrs_dgr%2Cts_dctn_lvl_trtry_dctn%2Cts_dctn_styl_dlt%2Cts_dctn_styl_gnrl%2Cts_fmly_prntng_gnrl%2Cts_fmly_prntng_tns%2Cgs_law_misc%2Cgs_education_university%2Cgt_negative%2Cgv_death_injury%26key%3D%26kvcalais%3Duniversity_of_waterloo%2Ccomputer_security%2Cpassword%2Cwaterloo%2Cransomware%2Ccybercrime%2Csecurity%2Cprevention%2Cemail%2Cnational_security%2Crebecca_elming%26kvng%3Dmyregion%2Cmyrecord%2Cmyneedtoknow%2Cuniversity_of_waterloo%2Ccyber_attack%2Cransomware_attack%2Ccloud%2Conline_systems%2Csmg_wrr%2Csmg_waterloo_region%2Csmg2_news%2CInHouseArticle_therecord%26permutive%3D79992%2C79993%2C79994%2Crts%26pos%3D1%26prmtvsdk%3Dweb%26referrer%3Dgoogle%26refresh%3Dfalse%26registered%3Dno%26subscribed%3Dno%26tkspo%3D9
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a7694405d22e2ce17d95152b5eca83fc18f2c119984d85438bf7e5d213e90df5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=1113284&v=18839&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Fvideo.freeskreen.com%2F18839%2FThespecDFPBannerkeyvalue_1642054788.xml%3F_cb%3D1685716886
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
0
954 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750c0aa754b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
date
Fri, 02 Jun 2023 14:41:26 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 0183 		358 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/58580620/the_spec%26description_url%3Dhttps%253A%252F%252Fwww.thespec.com%252Ftr%252Fnews%252Fwaterloo-region%252F2023%252F06%252F01%252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%26tfcd%3D0%26npa%3D0%26sz%3D640x480%26cust_params%3Damznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9%26max_ad_duration%3D30000%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D%26channel%3Dvastadp&correlator=1685716886
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d15f3719d41beb79decc738b38bb574064dc1fce387dbfbc1928d7977844d01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
122262
x-xss-protection
0
expires
Fri, 02 Jun 2023 14:41:26 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 0183 		0
20 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=vpaid_adapter_js&event=init-dv3&vps=0.7848521519764997&wt=1685716886320&sdkv=h.3.576.0&xai=undefined&url=2,https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html$0
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/58580620/the_spec%26description_url%3Dhttps%253A%252F%252Fwww.thespec.com%252Ftr%252Fnews%252Fwaterloo-region%252F2023%252F06%252F01%252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%26tfcd%3D0%26npa%3D0%26sz%3D640x480%26cust_params%3Damznbid%253D2%2526amznp%253D2%2526article_b%253Dtrue%2526assetid%253D0f479f22-152f-4458-8510-6b3d72ba8d54%2526author%253Drobertwilliams%2526cutpoint%253Dlarge%2526env%253Dbeta%2526environment%253Dproduction%2526gs_channels%253Dgs_tech%252Cgs_tech_computing%252Cgb_spam_high_med_low%252Cgs_law%252Cgv_crime%252Cgb_spam_high_med%252Cgs_education%252Cts_dctn_dgr_bchlrs_dgr%252Cts_dctn_lvl_trtry_dctn%252Cts_dctn_styl_dlt%252Cts_dctn_styl_gnrl%252Cts_fmly_prntng_gnrl%252Cts_fmly_prntng_tns%252Cgs_law_misc%252Cgs_education_university%252Cgt_negative%252Cgv_death_injury%2526key%253D%2526kvcalais%253Duniversity_of_waterloo%252Ccomputer_security%252Cpassword%252Cwaterloo%252Cransomware%252Ccybercrime%252Csecurity%252Cprevention%252Cemail%252Cnational_security%252Crebecca_elming%2526kvng%253Dmyregion%252Cmyrecord%252Cmyneedtoknow%252Cuniversity_of_waterloo%252Ccyber_attack%252Cransomware_attack%252Ccloud%252Conline_systems%252Csmg_wrr%252Csmg_waterloo_region%252Csmg2_news%252CInHouseArticle_therecord%2526permutive%253D79992%252C79993%252C79994%252Crts%2526pos%253D1%2526prmtvsdk%253Dweb%2526referrer%253Dgoogle%2526refresh%253Dfalse%2526registered%253Dno%2526subscribed%253Dno%2526tkspo%253D9%26max_ad_duration%3D30000%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26impl%3Ds%26correlator%3D%26channel%3Dvastadp&correlator=1685716886
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=19640&v=298&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Fads.freeskreen.com%2Fbid%3Fpid%3D51%26tid%3D30e7f1cd-c1c3-43eb-844d-5f142ed2db91%26w%3D603%26h%3D338%26u%3Dhttps%253A%252F%252Fwww.thespec.com%252Ftr%252Fnews%252Fwaterloo-region%252F2023%252F06%252F01%252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%26ip%3D149.56.153.189%26ua%3DMozilla%252F5.0%2520(Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64)%2520AppleWebKit%252F537.36%2520(KHTML%252C%2520like%2520Gecko)%2520Chrome%252F114.0.5735.90%2520Safari%252F537.36%26g_co%3DCA%26g_p%3DQC%26g_ci%3DMontreal%26g_d%3DGM%26s_1%3Dother%26s_2%3D%26cid%3D2886%26sid%3Dundefined%26vid%3D298%26did%3D19640%26pf%3D500%26ttm%3D1685716885133%26eu_c%3D%26eu_g%3D0%26eu_ggl%3D0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=19640&v=298&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastEmpty&m=1&x=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
vast
bid.g.doubleclick.net/dbm/ Frame 6CCA 		8 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-A6kgOmzzLqlkjTRxZjF8e--RUWVNXqAni_qwCMmMjAzwoDd_C0bKiuTQjPgR3JQAxmiJ3v_9wICb6R4qzRC4h--zbncQ&dbm_d=AKAmf-B9dBsqb4utbRehFjc4CJ1HAJ26MxSj-tQOBRgOPskypMwMcDO7kRZc1xaORmDmjHBuPNrqcphp6GRIpvkHX2YtxoovmCJC0bfRDH6BiPM1ceDbbAynakLsW2QrdaI2z5wargOUQ44-VN3vCDH_uMrP71LuFE501A8K9-5sstUCpaVUaeoJBZ2ZUhHEdHsnwkduuZQ2bsC3VLd3naoQLhOzv0HO4rSGRDFCzFjXc7SemSMU_-17veERGwP74JmRF8LfBo7znZ91ZeOh5nyPDbK7GHFOpgmDMIOhfkJ4wUZjAlSZYKquNYmq90aAq0iO999q_yEm8zOXrg3efKxiqCrhCqOpMkzLG7UHvl9dx3oVQxID35udNihaD6R27BkCHoYjsnzuh0bhgCNNWzyNimdSx83NxVCEkbYWLxqBZMu9LKq4ZuRZFPeibNyhrX0ioVotwXGMUo6D94BvCvxQte9tWhwdpWdHzWW4VqpVDlw7yX0HPjbnMEIvTX9QeRyrX--s5Z-XHcm_w4XW_dUF_geuHr_qdcWEqbKf04AbQDqucpuCRNg4LkrIAGSmh8k6MI7fMigrbVFEc7P8rxNhtYBoWOHljz20FaQPTRRPo3ihCHFSpcPuGb0gYBSwf0j7uwiyYvpFmQkVsoDTARlwv7m1sadp_mYDFosv94wIaZWkxI1O86mnK0FjEKStW3-s_8xR0gR6CBL2CqLLcymwwLnLU2V3figYAKnnBNy_3MZxNU0WJYgOS57gGF3V7Z_dw1NKFxroDt7GCg8wj83ZPu8H0FOshhWLyZggsDZsbvBWOQtFlGYxfOYD51x4n9EI62jQwX5J-XLQhCtg6zUS1-vXYblHiWejl-Jm6UzH2ic5nZSoE7AP5uuOf_TtmaAvPS-SrwUNmh1O8s9lOKfnkR1bdcet76H6WNrS7P5Y2Mh0Jq7lZgqyficIROLlR2s2zRSHYfUlEg8pSf2r1R71jENQUpHfd2YZRBb1pr22mrocQXt-eIBeZfpimMIRIbwkYxgWifzY324PoAoUZm8XDWxIQu3DF8G9eGnOODHtx2EPyg_aan6JNdcLPDbzvr-q5WdS1TQfXktaacZ6eSrUbPg5edFqQQtWiT9EU5ziegY1VyQYeYf_22RzrjNqMVvvExLVcYULCnIU0kbSGH_VY4OJTeYby-NMoV9-x1YjlkGg_XJPJI6mhdMU7mWJD26ZjBNJmv5o5vxXIr1FeFrT_hsDhuXKiX08V1gu8uIv5kWngfqucU_LciSNkqhTgg9i_m0HC0jyxJwf7tbLyKvy9IBpdT3WjI6JUktSOiRWLOmj-ACsWl40RTk_i4_CsC8Kr2YOT6I7ZNbfMgfwvteX77l7jopR0nMFkFQPO7ESD88zWHiA4O71tWF0Wy_rvRAxnJcv4Z5k-NiUSmxDCRlvUaGAbyeUp_GcFE7W6HaFpYtyrs0UymdLCnrfF8HXeVDFrErDrmBDsrWIysbMRwmEmOOh9f_y6lmJ8cw6GaE66lL3zn1ukupaeBOCTvBJJTTQHmTb-y_Z54eu5snv0dPx9kHd7o4mgRHG73T3Bxv0s9gP-4DhfkHA3qiSZpUM5_qj1zgohkoyhrppTcRgyhMsoL9iuN91OZkT7TiTl2ye0higHiQrbdRJ5DWqTjSINbMqx4RHTd64FAhhjqeI2n9-PuZ8rpW3NjsG_z-vyhUDppsA49lG-CAeOHFZKG-Xjls45d-Lm5Z1jR2cNd_XKvPlikMIRMlqvWpuzl_ksU4lPyy9CjBODT59AxRbKtzi33ScgHzZy2H1T0fc6T0Bk0g6PZQTLQzAb37vf6jsEydXyn1j2G3O5_3p2yULlcz7jDJBohlO4JPKPay6QUE6DNu7fHJkVgfVLxg_VPu-OYJCKTuLjzX2-pJPCGAnajT2jCaBGeF_UREYBuVN0Kj6pcsTu1H4cQQL27HlzcmPYEzymrjKR_pgskObs3g6dAHL2ZnqE-ESZw1AL1lv_VHjQ1ipvMOzHp-pxykE1jYqqtUL8KJv6GoA-URNnOxtFl9jSxtS9SRJqYQljvU-1A5N9odmmmT8NB3wlC-p2PYgu_3YRBXYbT9B6t-5RzqxzyyDwu4q1-nWQbz5dWeZAQbMOc2_UVvDeNpUd8-r6t4WJRgPgZ-QDyVsS9s5d5WULB7EVHKZ4Jn2rVP-uuwoXlPMSByRZxn8Sz1BHZcmq19Nw7l_9CuUwgjoQCHrDuZTWOq948cBSn_T3wikZRfsEf1wvSSqUYKJzUpxfl6hbmrVuxdSlg9hT67FO5HBc2-sVDnW4vrMNbEAjDf7MmgNsrIQfYHQEWlRRccszqTXLG-GwxmCTgr5jVkacYR2jvk3ru21PC7QWapDHTaVrZD9_7VprB5rJVSDw9vFnw1GCnhz881Tu2yk8heCtyfYFQRaAb1NegMGM_YxzkfxT4ccXH19yx_EDPWoBhIYi6wsA8YaGJvh_GSyil-SpERcjad7kT3WUHKUJn78zlZ0gYHrlt1LyX4KcUANW_ynJ4qnjj2uxt3ZsC4TEPf_M-mEDfJKWd-7Ijsc9PcU70wXel4CYGT9Iv3F4xLpMqmgDOQyYkMFPmhRpiZH8gSeKfWMjGf593slfuxv7xjO0kCUHOCGr5T6OEjDnhMYfYoo-4HnfyEC25LS-FAiK-nnwbcdzuaXFYWg3Bk9cL53Ye9oi77tLxeItSmrv5CSFUKoj8XB1wpwEwfqZw8mQNK5tKV3hWEA8SWaOP8E57Poyeh9MOUCVXckSTeALUbCrD-t7WprEmnDs1dT-n4yBme0KfQeJZc_AJht3KtjHpBrHIFTfmL-oMtd8nQw57HKVR2bb2Lx9fD2SnqEaQbumEMpZeBydyZBTdZLqQMAKyZMZ7stMjZtQOSrkEKzLC4JNBGdgza5VoTfN5CktyJJye4S-nl2M7-v2_92-LgJOP_TQyoDMxb9tMnAHY6Q4k5cMhQ8enbqtOQoCTwqc2wmk1M7MbUe9IU6-vetpCtByTi7W5NJmGsS9U-6kgcHx_x_pfReYslg5hoUKS0G-jsjEQPd3tjqV0siaf6bgrY4YEuocolYANZqNNLbKuLXNqE8g7LxWSwUA_L5tmaCseQnJN7aBTpoikYlFmme0QFvdhcNGJXzNy5tJNkLsLfmPZ5vkKQeXHwByzaqiXmRZgCNjyyyRCqsysKt5Uua5LuO2-cumbKnwf011BM01kCetkOAfkl9n8e7M6RLmTXfZn3D5f6_JrRXM1LQk2V_Vm1R5Y64pfacu6A7K5O5xDnxd8j91BaODQGxCnhhP7exNvgfrLcL-1GVLNmY-iwgqpLwu27XByn5q96xur_Lq7CcyV-bhr65GCOCyVJXjd7jvuA3XijwIRV8GSuwBIn_pfQOHFmFegpFm6QvrUG9IYT477dlcy1Sng&cid=CAQSKQBygQiDOs9mSAmEofrGAqjpLyuohP2pJSSTUjjSF2TQWRVKdLRpGhOIGAE&pr=39:AAAAAAAAAAAAAAAAAAAAAOsnHIIpaw9d0eSoEg
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.31.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bj-in-f155.1e100.net
Software
cafe /
Resource Hash
877250f6dfd3aa4180b43c1ac5001c788dd9804fd399ee24cfe11f2bd9ea62d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4430
x-xss-protection
0
pragma
no-cache
server
cafe
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=2122139&v=39927&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Fbid.g.doubleclick.net%2Fxbbe%2Fbid%2Fxpub%3Fdeal_id%3D17108519_134511%26max_duration%3D15%26ord%3D1685716886%26dc_sdk_apis%3D%5BAPIFRAMEWORKS%5D%26dc_omid_p%3D%5BOMIDPARTNER%5D%26dc_vast%3D3%26dc_rdid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=321648&v=9316&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastRequest&m=1&x=https%3A%2F%2Fpc022-cybt2.ads.tremorhub.com%2Fad%2Ftag%3FadCode%3Dpc022-14nrj%26playerWidth%3D603%26playerHeight%3D338%26playerPosition%3D3%26srcPageUrl%3Dhttps%253A%252F%252Fwww.thespec.com%252Ftr%252Fnews%252Fwaterloo-region%252F2023%252F06%252F01%252Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%26gdpr%3D0%26gdpr_consent%3D%26custom%3D2886%26c2%3Den-ca%26floor%3DUSD%3A5%26us_privacy%3D%26fmt%3Djson
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true
  • https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750dbd3854b5-YYZ
content-length
0
expires
0

Redirect headers

Date
Fri, 02 Jun 2023 14:41:26 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2dca1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
events
api.permutive.com/v2.0/batch/ 		101 B
130 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
aaed3d3926d949754c711f3a90512f2c02b75141d03548bddb52e2233d384542

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
vast
vast.doubleverify.com/v3/ Frame 6CCA 		33 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vast.doubleverify.com/v3/vast?_media=3&ctx=20988482&cmp=29594503&sid=8736701&plc=363704748&adsrv=166&blk=1&psf=1&_vast=https://ad.doubleclick.net/ddm/pfadx/N491202.279382DBMV7M-TOYOTA17472/B29594503.363704748%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_ref%3Dhttps://www.thespec.com/%3Bdc_vpaid%3D0%3Bdc_vast%3D3%3Fves%3DdGltZXN0YW1wOiAxNjg1NzE2ODg2NDMzCmNsaWNrX3Rocm91Z2hfdXJsOiAiaHR0cHM6Ly9hZGNsaWNrLmcuZG91YmxlY2xpY2submV0L3Bjcy9jbGljaz94YWk9QUtBT2pzdnItakl4R1BvTFhGbW1HZ1psZm42VkprVkRId0pudGRadXZ5ZmxLN1Y1RVBmYm1MT1JoaDhaUndCaWNYNEh0QU0ydVdBSWJPdWgwR2wzcEdISjRRc0ZxN1A4Uk5wZk9sT3RjY0xFeThoMkFENE9WMUZwdW50dzhPZER1LWM2VTBzclZMSnZDWTh5OXpDUlNzTFpGaXNiaEE4OENvc1BhYzNWLXBhNEJlazVaMFk2M2g5cXBDVmw0LXM1aktIbC01NERkQXItSzNCMGlleDNJYjBadFVXZGczX3V3cUYzQjRuMnc4bU9SZmZKZjYyYW9ENElzTXFxU3FQZEQteHdUel9JcElXUVpvM21QUkV4TUtQOHpKMkNTcjlHbUdfOUpXRUxkYkVtRGFKLVV0bE5LRW1GWlI0dU1MaGRrY2Z5WnZuZ0p3Ui1ndTR1TkRYRjVHV2dKcFlYYVBzZ3kyUE1id3dISWxzNTAxZVdlLUotRm1QbVZFdzFnZlZFMVhRRDlPVEJidmRfMnlYSktEWDRhNk9TM1RlRllLU3hJRXk5N3prUEtQQjlJaHV6LTNkZ0JtTjkyZFVvcFhmbzFUQXBlRUo0OEU2NzJ1UmRLRHJEV1B3TTFGdnBFRWVHNFVfZmo5UmpQWDFXcFNDWlFaVTh3YVM5Uzl3ZDBwTlE0YWdFVGdIaUFXc0FTMkVSeWZjTmprMWdTZXZmWXVIX1VYNVBsX2NPQ0RmamFpUFl4S05jZi0yMHdUaXA1WExFVnNhaWF5RnRDRVQ4eGljWWxkVl9hbVNjVUNNY0paNVJjVk42TUFDRXZmcDdqYUZWU2RMT0gxTmRsTTVVYzVOb1ZNTDR3TlA0bHhjUzVHVTF5ZXk2ZWJJVDRjSkVpbVUzRmpoejlRMU9VN2xkUFdvbE1jRHRLRHFER0RaT0gtaEJTTVcwWlZCQk1Fc2c2U1VEWElfTlVvVGdyNElPLW1lZ3AwTGFaS0pHTHZxTmdjdjhINjJfNTdqSVZJaU4yakhMVUhmZ3owWVVRRlUxd01XZ0JFalhCa0dBOV80dklyaVYxWnBycUhQazRXNmc3dGt4MkJNelB3XzdFRDEya2M0Z3RCc3NXRERPclFVZWxxeHpWdFZVUkdvbXdDQzhxQWdGeVF1cm5EWm5CMXYycjdBNEI3dkNqZ1NuNGQxVXBueFVDUHljMWd1bm8waWlCMVY5TC1MOVczYVZpQUZXQkFtMmgtZVAxb3ZYaDVhaXdDMkxrRFZ2cVl3S19fb1Nma1ZoeEliaVNVa1RtRXBhc3pHblQ1aWhyZnVaQWdqZExmd2pDUlpWT01YektHdHVnUDhaQm9yYm9QZnBhSGlWak1NN2VyOWg0eVhQWlRmdC1ZLWg2NjJ4eXF0OFN1N3dUODZMRkxpcVlNeWdWaTUzb1lXZnRLeDA2bTVONktZV0h6YnNaOXFrUkRXSVFJWUluSzlsQ0Z3V3k0TldGZTVRNmE2bW5oWGdUVC1waW5sTUZGSGc1ZlY4cG93X3RTYXZQM2VObEl5MU5YMnhUekdGY0dmejBzNk1ZQk5uWFdKOGZvWTE4OUZDWDRPMnlrQ3BUNUltRWhiUXJScS1icGtjX1lhei02ZElfSy1XNmVQOVMxSzRJRVBLbm1vbUpLZVRoQjRNQTFtenByeWg2alhkX2RiciZzYWk9QU1mbC1ZU291NHlWTVVldkhiVU1QYWlFZkh0WnZ0anlsM0JPLUZacXM4SWE2NEJNbTAyTVNWeTJTeEw4bVpLTkgtVVpRZXpPV25kcVVueWRnZnpiSjN6U01FY0MzN0xFZWNQV1E2NzF5VkUzaFc3LUtOckxqSHNyZjk4NWpqZ2xrNUU1UDdKQnRBX3lQV0JRa3RlOHBtTkluc3JpcFpXR3otQkFBUEd5X0hGNVJqdUxDemJJelNWM09fZ3hZNU5pR2lvQXQ1QktoTTdGdnB6a25ESE93X191cDVBJnNpZz1DZzBBcktKU3pBWER5cFdGd3V5VUVBRSZwcj0zOTpBQUFBQUFBQUFBQUFBQUFBQUFBQUFPc25ISUlwYXc5ZDBlU29FZyZjcnk9MSZmYnNfYWVpZD1bZ3dfZmJzYWVpZF0mdXJsZml4PTEmYWR1cmw9aHR0cHM6Ly93d3cuc2hvcHRveW90YS5jYS8lM0ZkY2xpZCUzRCUyNWVkY2xpZCEiCg%26dc_cid%3D189732345%26dc_adid%3D554436820&_api=[APIFRAMEWORKS]&_ssm=[SERVERSIDE]&_tsm=2023-06-02T14:41:26.460Z&gdpr=&gdpr_consent=&_abm=[APPBUNDLE]&_pum=[PAGEURL]
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.177.190 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
c87ccf18fa9e39015629a1ef3e7e28a1ecaa5b43a3e5b2c468f8f66ef7c3213d

Request headers

Accept
application/xml, text/xml, */*; q=0.01
Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:20 GMT
content-encoding
br
vary
origin, accept-encoding
content-type
text/xml; charset=utf-8
access-control-allow-origin
https://www.thespec.com
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
none
timing-allow-origin
https://vpaid.doubleverify.com
link
<https://vpaid.doubleverify.com>; rel=preconnect, <https://gcdn.2mdn.net>; rel=preconnect, <https://cdn.doubleverify.com>; rel=preconnect, <https://s0.2mdn.net>; rel=preconnect, <https://tpsc-video-ue.doubleverify.com>; rel=preconnect, <https://vtrk.doubleverify.com>; rel=preconnect, <https://rtb0.doubleverify.com>; rel=preconnect, <https://tps.doubleverify.com>; rel=preconnect
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&sovrn_retry=true
  • https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750dbd3b54b5-YYZ
content-length
0
expires
0

Redirect headers

Date
Fri, 02 Jun 2023 14:41:26 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://elb.the-ozone-project.com/setuid?bidder=sovrn&gdpr=0&gdpr_consent=&uid=Gv7xiLZH1yAL8MW-S5i-Dov6
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2dca1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
bridge3.576.0_en.html
imasdk.googleapis.com/js/core/ Frame 14B9 		708 KB
226 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.576.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::200a Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f161e73721cccda56a706dae6426e48b11dfb742f60a9246d97e9786c535f16f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.thespec.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
126384
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
231454
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Thu, 01 Jun 2023 03:35:02 GMT
expires
Fri, 31 May 2024 03:35:02 GMT
last-modified
Thu, 01 Jun 2023 03:29:17 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 0183 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:807::2006 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 02 Jun 2023 14:41:26 GMT
integrator.js
adservice.google.com/adsid/ Frame 0183 		107 B
122 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.thespec.com
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
moatvideo.js
z.moatads.com/slimcutmediavideo73182107408/ Frame 6CCA 		325 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/slimcutmediavideo73182107408/moatvideo.js
Requested by
Host: static.freeskreen.com
URL: https://static.freeskreen.com/scm/player/20220512a/player-hb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
b77646e33dbe48df43870e5d1b9aa29dae157e3f1bfc07f90e35348cc6b01871

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:26 GMT
content-encoding
gzip
last-modified
Tue, 16 May 2023 18:22:42 GMT
server
AmazonS3
x-amz-request-id
M5P2ZZ1YEZ0GXZGZ
etag
"36c87fc1e5ba6c89bd1b6bdfaa7390bc"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=36086
accept-ranges
bytes
content-length
112119
x-amz-id-2
NY8SwccKdZDX0cixdo4QR2/DXvaKE7i2UKOcp5Uxos1w51NNSyGO/GYbYPUKtLSgxD5ByJMDgVs=
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=1113284&v=18839&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastEmpty&m=1&x=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=238737&v=17589&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=LoaderStartHB&m=1&x=%3B%3Bvpaidloader%3B1685716886526
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
activeview
pagead2.googlesyndication.com/pcs/ Frame 9C0D 		42 B
174 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu1ikOOfSS-BsMaFcCmoDHNe6qzoMa44aXJVubHjp5FIAx6z7XIRqFvVeADN4yXcRwSzehIubZ7XCHBM28z9m9cL4ClLGPjxMEJwhwRQCJ9qrtDch31&sig=Cg0ArKJSzPFx0SY_qqSoEAE&id=lidar2&mcvt=1050&p=10,436,104,1164&mtos=0,1050,1050,1050,1050&tos=0,1050,0,0,0&v=20230531&bin=7&avms=nio&bs=1600,1200&mc=0.96&vu=1&app=0&itpl=19&adk=925884987&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1685716884847&rpt=592&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
attention-event
sr.studiostack.com/track/ 		0
396 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sr.studiostack.com/track/attention-event
Requested by
Host: sr.studiostack.com
URL: https://sr.studiostack.com/v3/services
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.104.19 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Expires
0
Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:26 GMT
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
0
request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
attention-event
sr.studiostack.com/track/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sr.studiostack.com/track/attention-event
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.49.104.19 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.thespec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods
GET, POST, OPTIONS, HEAD, PUT
Access-Control-Allow-Origin
*
Allow
POST
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
4
Content-Type
text/html; charset=utf-8
Date
Fri, 02 Jun 2023 14:41:26 GMT
ETag
W/"4-Yf+Bwwqjx254r+pisuO9HfpJ6FQ"
Expires
0
Pragma
no-cache
request-context
appId=cid-v1:c374023b-8354-459d-b51b-039919730c2c
async_usersync
ib.adnxs.com/ Frame 3466 		0
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9586&pub_id=1218883&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:26 GMT
AN-X-Request-Uuid
8a71468a-24cb-4c82-bbe5-75da7b7ebb71
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716886&p=51&c=2886&s=undefined&d=1430630&v=26049&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=VastEmpty&m=1&x=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
async_usersync
ib.adnxs.com/ Frame D789 		0
860 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=9586&pub_id=1218883&gdpr=0
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=9586&pub_id=1218883
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 New York, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:26 GMT
AN-X-Request-Uuid
2496cebd-f768-49a9-85f3-0d0a201db654
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vevent
nym1-ib.adnxs.com/ Frame 9C0D 		0
954 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&e=wqT_3QLhFfBM4QoAAAMA1gAFAQiR_-ejBhCGlaSOyYKD_QIY3aPRmayMmMx9KjYJNYC3QILixz8Rt7JEZ5lFwj8ZAAAAgOtRCkAhuLJEZ5lFwj8pNYAJJAAxARu4wvXgPzCA1r4LOPJKQPQOSAJQytjJvwFYi-ddYABo1sl3eLzPBYABAYoBA1VTRJIFBuCYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEJ2AEA4AEA8AEAigJodWYoJ2EnLCAyNTczNTk3LCAwKTsBFCxpJywgNzgxMTIzOCwRFChnJywgMTk2ODM3NRkpLGMnLCA1NDY3OTk5MBUqMHInLCA0MDE3NjM0MDIFFvReAZICpQ4hS21KLUtBaTJzNGthRU1yWXliOEJHQUFnaS1kZE1BRTRBRUFBU1BRT1VJRFd2Z3RZQUdEX19fX19EMmdBY0FGNEFZQUJBWWdCQVpBQkFaZ0JBYUFCQXFnQkFyQUJBTGtCSVlIcUw2c2wwRF9CQWJRbTdEaHg0c2NfeVFFQUFBQ2dVRzN2UDlrQjRMNE9uRE9pOVRfZ0FhYmgzQVAxQVFBQWdFQ1lBZ0NnQWdLMUFnQUFBQUM5QWdBQUFBREFBZ0hJQWdIUUFnSFlBZ0hnQWdEb0FnRDRBZ0NBQXdHWUF3R2lBdzRJd3YtQ0xCQUVHQUV0ZmM5Zk9xSURFd2p1eVpzckVBb1lBUzJGYW5zX01nTjFibXU2QXdsT1dVMHlPalUyT1RMZ0E5ZERnQVNvd2QwSmlBVEt3dDBKa0FRQW1BUUVxZ1N1QndqX19fX19fX19fX184QkVQX19fXyEmFF9fX3dFWQEHEQEEQVMpQAkBFDhCS0FndwkMCQEIQVRqCQkFAQw4QlFQBQkJAQh3RkkJCQkBBEFWNkwAAFc2LAAAZwkmCQEEQVc2WAAAYzYsACXICSoJAQhBWWc2EAAEWkE6EAAgZ0IzWklrb0FICTEFAQg4QnE6EAAAczoQAAB1OhAAAHc6EAAAeToQACAwQUdBMXI0TDI6GAAANDoQAAA2OhAAADg6EAAcLUFHMEJJQUMFpw0BCEFZZzYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAEWUEuMQIhADYQAABaOiAAAFo6IAAAYTogAABhOiAAAGI6IAAAYjogAABjOiAAAGM6IAAAZDogAABkOiAAAGU6IAAAZTogAABmOiAAAGY6IAAIWUFFLfsFAQhBWWc2EAAAWjogAABaOiAAAGE6IAAAYTogAABiOiAAAGI6IAAAYzogAABjOiAAAGQ6IAAAZDogAABlOiAAAGU6IAAAZjogAABmOiAACFlBRgX5DQEIQVlnNhAAAFo6IAAAWjogAAxjRUVBFQEIREpCFQwgQUEyQVFBOFFRGRIcSWdGdkN5cEIRExRQQV9zUVUZIAhNRUYZDQRESi4oAAAwLigABE5rFSjAOERfZ0JlU1JBZkFGcmJPeENmZ0ZuWXFkQVlJR0EwTkJSSWdHQUpBR0FaZ0dBS0VHQQ1hLEVFQ29CZ1N5QmlRSg0TAQEAUgEFDQEAWg0IAQEAaAEFCQFAQzRCaFEumgKZASFneFFub2c6KQcoSXZuWFNBQUtBQXgJMZBBQUVFQTZDVTVaVFRJNk5UWTVNa0RYUTBuZ3ZnNmNNNkwxUDFFESsMQUFGaxkMAEc9XABHHRgASB0YDEhnQWnlOQEB8FtEd1B3Li7YAgDgAsu1SOoCkwFodHRwczovL3d3dy50aGVzcGVjLmNvbS90ci9uZXdzL3dhdGVybG9vLXJlZ2lvbi8yMDIzLzA2LzAxL3VuaXZlcnNpdHktb2YtdxEpMGludGVycnVwdHMtc3UBUPCwdGVkLXJhbnNvbXdhcmUtYXR0YWNrLW9uLWl0cy1vbmxpbmUtc3lzdGVtcy5odG1sgAMAiAMBkAMAmAMUoAMBqgMAwAOsAsgDANgD3ZIk4AMA6AMA-AMDgAQAkgQJL29wZW5ydGIymAQAogQOMTQ5LjU2LjE1My4xODmoBACyBAwIABAAGAAgADAAOAK4BADABADIBADSBA4xOTA4I05ZTTI6NTY5MtoEAggB4AQA8ATKDpQJIIgFAZgFAKAF_xEBuAGqBSQwZTNhZTgyZC1kYWJhLTQ0MDEtYWZlYy1iZjQwMWE3OGI3ZjXABQDJBQAAAQIU8D_SBQkJAQoBAXDYBQHgBQHwBd2jVPoFBAgAEACQBgCYBgC4BgDBBgEhMAAA8D_QBuEG2gYWChAJERkBAcNg4AYB8gYCCACABwGIBwCgBwHIB7zPBdIHDRVkASYI2gcGAV1wGADgBwDqBwIIAPAHkYAIiggCEACVCAAAgD-YCAE.&s=626566c012370bee092f508b2459413464b5ac43&type=pv&jm=1003&px=436&py=10&bw=728&bh=90&sf=1&sid=3737296231346162262&vd=ct~0|rr~6&sv=233&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=24095488&cid=3&cr=pv&ft=2
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/233/trk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.178.10 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:26 GMT
AN-X-Request-Uuid
248c0f9e-9491-4c1b-b5ac-b830a540b2ad
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.thespec.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 634.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=17&i=SLIMCUTMEDIAVIDEOJS1&hp=1&wf=1&ra=2&pxm=7&vz=-&zp=0&sgs=2&vb=11&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=8&f=0&j=https%3A%2F%2Fnews.google.com&t=1685716886717&de=957341078752&m=0&ar=fde231f50fe-clean&iw=bdf04f9&q=14&cb=0&ym=0&cu=1685716886717&ll=2&lm=0&ln=1&r=0&em=0&en=0&d=SCM%3A8547%3A238737%3A17589&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&id=1&ii=4&bo=51&bd=2886&zMoatOrigSlicer1=51&zMoatOrigSlicer2=2886&gw=slimcutmediavideo73182107408&fd=1&it=500&ti=0&ih=2&pe=1%3A528%3A528%3A2796%3A530&fs=203695&na=2080092975&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:26 GMT
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-ozone&gdpr=0&gdpr_consent=
  • https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750e8e4154b5-YYZ
content-length
0
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
Expires
0
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&_bee_ppp=1
  • https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AABgsU7I8_8AACGjSTRTIA
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AABgsU7I8_8AACGjSTRTIA
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750f5f6c54b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AABgsU7I8_8AACGjSTRTIA
Date
Fri, 02 Jun 2023 14:41:26 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
ads
pubads.g.doubleclick.net/gampad/ Frame 14B9 		156 B
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pubads.g.doubleclick.net/gampad/ads?iu=%2F58580620%2Fthe_spec&description_url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&tfcd=0&npa=0&sz=640x480&cust_params=amznbid%3D2%26amznp%3D2%26article_b%3Dtrue%26assetid%3D0f479f22-152f-4458-8510-6b3d72ba8d54%26author%3Drobertwilliams%26cutpoint%3Dlarge%26env%3Dbeta%26environment%3Dproduction%26gs_channels%3Dgs_tech%2Cgs_tech_computing%2Cgb_spam_high_med_low%2Cgs_law%2Cgv_crime%2Cgb_spam_high_med%2Cgs_education%2Cts_dctn_dgr_bchlrs_dgr%2Cts_dctn_lvl_trtry_dctn%2Cts_dctn_styl_dlt%2Cts_dctn_styl_gnrl%2Cts_fmly_prntng_gnrl%2Cts_fmly_prntng_tns%2Cgs_law_misc%2Cgs_education_university%2Cgt_negative%2Cgv_death_injury%26key%3D%26kvcalais%3Duniversity_of_waterloo%2Ccomputer_security%2Cpassword%2Cwaterloo%2Cransomware%2Ccybercrime%2Csecurity%2Cprevention%2Cemail%2Cnational_security%2Crebecca_elming%26kvng%3Dmyregion%2Cmyrecord%2Cmyneedtoknow%2Cuniversity_of_waterloo%2Ccyber_attack%2Cransomware_attack%2Ccloud%2Conline_systems%2Csmg_wrr%2Csmg_waterloo_region%2Csmg2_news%2CInHouseArticle_therecord%26permutive%3D79992%2C79993%2C79994%2Crts%26pos%3D1%26prmtvsdk%3Dweb%26referrer%3Dgoogle%26refresh%3Dfalse%26registered%3Dno%26subscribed%3Dno%26tkspo%3D9&max_ad_duration=30000&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=1685716886&channel=vastadp%2Bvpaidadp_html5&sdkv=h.3.576.0%2Fvpaid_adapter&osd=2&frm=0&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C450x50%2C468x60%2C480x70&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&sdki=445&ptt=20&adk=3877972111&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.576.0&sid=3D5CF468-F941-4102-B2C7-B9232D8D3175&nel=0&eid=44752052%2C44765701%2C44772139%2C44773378%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275&ref=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&dlt=1685716886226&idt=458&dt=1685716886778&cookie=ID%3D008ca6d33d90749a%3AT%3D1685716884%3ART%3D1685716884%3AS%3DALNI_MbltG5F8z7zwzUHwx3LxwvtdD6xtg&gpic=UID%3D00000c430b63ef75%3AT%3D1685716884%3ART%3D1685716884%3AS%3DALNI_MYXX3wVa11BiB3uliRmakKeCIGytA&scor=3336010251722928&ged=ve4_td1_tt0_pd1_la1000_er1882.366.1882.366_vi0.0.1200.1600_vp0_eb16619
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.576.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:27 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
113
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/xml; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://match.prod.bidr.io/cookie-sync/ozo?url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dbeeswax%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID&_bee_ppp=1
  • https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADqCE7I8_8AACCSN2aINQ
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADqCE7I8_8AACCSN2aINQ
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750f6f9854b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=beeswax&uid=AADqCE7I8_8AACCSN2aINQ
Date
Fri, 02 Jun 2023 14:41:26 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&url=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
  • https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10750fe84554b5-YYZ
content-length
0
expires
0

Redirect headers

Location
https://elb.the-ozone-project.com/setuid?bidder=avocet&gdpr=0&gdpr_consent=&uid=571224c4-5734-4dbe-a205-67706346cf01
Date
Fri, 02 Jun 2023 14:41:27 GMT
P3p
policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
Content-Length
151
Content-Type
text/html; charset=utf-8
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58737/occ?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dyahoossp%26gdpr%3D0%26gdpr_consent%3D%26...
  • https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107510188e54b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=yahoossp&uid=y-W35SSHJE2uH8Rsrmswi8rnHhcFbacjDxYjLoguo-~A&gdpr=0
date
Fri, 02 Jun 2023 14:41:27 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D
  • https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107510894d54b5-YYZ
content-length
0
expires
0

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
via
1.1 google
content-type
text/html; charset=utf-8
location
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
121
PrebidServer
crb.kargo.com/api/v1/dsync/ Frame 6770 		43 B
504 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crb.kargo.com/api/v1/dsync/PrebidServer?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dkargo%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.233.243 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-233-243.compute-1.amazonaws.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:27 GMT
X-Accel-Expires
0
Vary
Origin
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 UTC
csi
csi.gstatic.com/ Frame 14B9 		0
0
csi
csi.gstatic.com/ Frame 14B9 		0
0
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716887&p=51&c=2886&s=undefined&d=238737&v=17589&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=optout&m=1&x=%3B%3Bvpaidloader%3B%22AdError%201009%20(The%20VAST%20response%20document%20is%20empty.)%3A%20AdError%201009%3A%20The%20VAST%20response%20document%20is%20empty.%5CnError%5Cnat%20new%20bD%20(https%3A%2F%2Fimasdk.googleapis.com%2Fjs%2Fsdkloader%2Fima3.js%3A539%3A285)%5Cnat%20CH.O%20(ima3.js%3A638%3A292)%5Cnat%20Jq%20(ima3.js%3A253%3A200)%5Cnat%20l.dispatchEvent%20(ima3.js%3A251%3A365)%5Cnat%20OA.D%20(ima3.js%3A453%3A170)%5Cnat%20Fq%20(ima3.js%3A250%3A150)%5Cnat%20b%20(ima3.js%3A248%3A292)%22
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075110a0154b5-YYZ
content-length
0
expires
0

Redirect headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
9dfb525a-d341-4b6c-9466-ca0bc344e810
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=u40cpuw&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075115a6b54b5-YYZ
content-length
0
expires
0

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://elb.the-ozone-project.com/setuid?bidder=ttd&uid=3d00bbd1-a351-4b32-9846-4011acf3c022
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
215
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://crb.kargo.com/api/v1/dsync/PrebidServer?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dkargo%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%2...
  • https://elb.the-ozone-project.com/setuid?bidder=kargo&uid=630f2ccb-b9e5-bc32-2d2f-4231b7d30960&us_privacy=pbs-ozone
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=kargo&uid=630f2ccb-b9e5-bc32-2d2f-4231b7d30960&us_privacy=pbs-ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107511fb3454b5-YYZ
content-length
0
expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:27 GMT
Content-Encoding
gzip
X-Accel-Expires
0
Vary
Origin
Content-Type
text/html; charset=utf-8
Location
https://elb.the-ozone-project.com/setuid?bidder=kargo&uid=630f2ccb-b9e5-bc32-2d2f-4231b7d30960&us_privacy=pbs-ozone
Cache-Control
no-cache, no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Length
153
Expires
Thu, 01 Jan 1970 00:00:00 UTC
t.gif
sb.freeskreen.com/ Frame 6CCA 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.freeskreen.com/t.gif?tm=1685716887&p=51&c=2886&s=undefined&d=2122139&v=39927&t=30e7f1cd-c1c3-43eb-844d-5f142ed2db91&co=CA&pr=QC&ci=Montreal&dm=GM&flc=other&slc=&ttm=1685716885133&gdpr=0&gdpr_consent=&e=LoaderStartHB&m=1&x=%3B%3Bvideoloader%3B
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.136.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-136-170.compute-1.amazonaws.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
server
Apache/2.4.29 (Ubuntu)
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI INT DEM STA PRE COM NAV NOI DSP COR"
content-type
image/gif
cache-control
no-cache, no-store
content-length
43
expires
-1
file.mp4
r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/d433423ad34790ab/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3824552805/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 6CCA
Redirect Chain
  • https://gcdn.2mdn.net/videoplayback/id/d433423ad34790ab/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3824552805/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signat...
  • https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/d433423ad34790ab/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3824552805/sparams/acao,ctier,expire,id,ip,ipbits,itag...
1 MB
1 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/d433423ad34790ab/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3824552805/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/232CE399BEE6D967D03E9D03D9FF5F8F01647C4B.0209BD9C6BC66D7A6F62E15FECB4FFBDEBC017A3/key/cms1/cms_redirect/yes/mh/Jo/mip/2607:5300:60:7867::10/mm/42/mn/sn-t0a7ln7d/ms/onc/mt/1685716620/mv/m/mvi/4/pl/32/file/file.mp4
Protocol
HTTP/1.1
Server
2607:f8b0:4020:1::9 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gvs 1.0 /
Resource Hash
1ad7d6da68483b3c8590f50ad2cbb504afdaf9c5db1c849715caf85fe682ecb0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
X-Content-Type-Options
nosniff
Content-Range
bytes 0-1122232/1122233
Connection
close
Alt-Svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length
1122233
Last-Modified
Wed, 29 Mar 2023 15:42:58 GMT
Server
gvs 1.0
Vary
Origin
Content-Type
video/mp4
Access-Control-Allow-Origin
null
Access-Control-Expose-Headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control
private, max-age=86400
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Timing-Allow-Origin
null
Expires
Fri, 02 Jun 2023 14:41:27 GMT

Redirect headers

date
Fri, 02 Jun 2023 14:41:27 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
650
x-xss-protection
0
pragma
no-cache
server
ClientMapServer
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://www.thespec.com
location
https://r4---sn-t0a7ln7d.c.2mdn.net/videoplayback/id/d433423ad34790ab/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3824552805/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/232CE399BEE6D967D03E9D03D9FF5F8F01647C4B.0209BD9C6BC66D7A6F62E15FECB4FFBDEBC017A3/key/cms1/cms_redirect/yes/mh/Jo/mip/2607:5300:60:7867::10/mm/42/mn/sn-t0a7ln7d/ms/onc/mt/1685716620/mv/m/mvi/4/pl/32/file/file.mp4
access-control-expose-headers
Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
https://www.thespec.com
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D
  • https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
0
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075123ba454b5-YYZ
content-length
0
expires
0

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
via
1.1 google
content-type
text/html; charset=utf-8
location
https://elb.the-ozone-project.com/setuid?bidder=openx&uid=fbe55117-0502-0e45-383e-aceae1ad7103
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
121
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
  • https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-...
  • https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075135d3c54b5-YYZ
content-length
0
expires
0

Redirect headers

Location
https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
Date
Fri, 02 Jun 2023 14:41:27 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://ad2.360yield.com/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
  • https://ad2.360yield.com/ul_cb/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
  • https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075136d5454b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:27 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107513edfc54b5-YYZ
content-length
0
expires
0

Redirect headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
5f3b2fc3-9ac5-4021-933e-2d67ef945350
Server
nginx/1.23.2
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://elb.the-ozone-project.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=561783506929456550
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
101995
dmx.districtm.io/s/v1/img/s/ Frame FD57 		0
0
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-ozone&gdpr=0&gdpr_consent=
  • https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075142e6054b5-YYZ
content-length
0
expires
0

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://elb.the-ozone-project.com/setuid?bidder=rubicon&uid=LIEOB497-C-4XP5&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a414d61fde5a538d1bc5c621aec59518
Expires
0
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdp...
  • https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107515c8c154b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
date
Fri, 02 Jun 2023 14:41:27 GMT
content-length
0
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsmart%26gdpr%3D0%26gdp...
  • https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107516292d54b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=smart&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=4899499267815600390
date
Fri, 02 Jun 2023 14:41:27 GMT
content-length
0
9ae4173fd8b054fe974f31c547fa3089.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/9ae4173fd8b054fe974f31c547fa3089.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
6bc91c9f5be45ff817c94a258337d80f9294adaaaaf25fc398ade94c1fede77a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:27 GMT
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
45372916-33c6-4c98-9bb4-313538b08931
ETag
"9ae4173fd8b054fe974f31c547fa3089"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
45372916-33c6-4c98-9bb4-313538b08931
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21374
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:27 GMT
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://x.bidswitch.net/check_uuid/https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
  • https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10751699c254b5-YYZ
content-length
0
expires
0

Redirect headers

Location
https://elb.the-ozone-project.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=6762202c-14af-476a-9137-b24ec0393eda
Date
Fri, 02 Jun 2023 14:41:28 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107516a9ec54b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
date
Fri, 02 Jun 2023 14:41:28 GMT
content-length
0
101995
dmx.districtm.io/s/v1/img/s/ Frame 6770 		0
0
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075173abb54b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=sharethrough&gdpr=0&gdpr_consent=&uid=fdb0baa9-3fb0-4a86-a520-d53416904644
date
Fri, 02 Jun 2023 14:41:28 GMT
content-length
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E56B 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882230&bidder=ozone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.202 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer
https://elb.the-ozone-project.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=28380
content-encoding
gzip
content-length
5554
content-type
text/html
date
Fri, 02 Jun 2023 14:41:28 GMT
expires
Fri, 02 Jun 2023 22:34:28 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
a99cda983a8f061ba9520b7a5eb19926.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/a99cda983a8f061ba9520b7a5eb19926.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
b4790478ab91a0e87ed9f99695a63759965be84c2a275bae7ba98ec5ddb2ef8a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:28 GMT
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
ae91d02f-7b40-4d48-92d5-86366d598d27
ETag
"a99cda983a8f061ba9520b7a5eb19926"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
ae91d02f-7b40-4d48-92d5-86366d598d27
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
22237
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:28 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame F8E7 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.202 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer
https://elb.the-ozone-project.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=28380
content-encoding
gzip
content-length
5554
content-type
text/html
date
Fri, 02 Jun 2023 14:41:28 GMT
expires
Fri, 02 Jun 2023 22:34:28 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
PugMaster
image6.pubmatic.com/AdServer/ Frame E56B 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=85702954&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
ec55e6d1b9700b4ecaf0d34658a54a9960a468bebe0e7d2ef622124ec9ec6d9e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Fri, 02 Jun 2023 14:41:26 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-ozone&redir=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
  • https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d1075180c0654b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=4591607287954369028797
date
Fri, 02 Jun 2023 14:41:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
b9pj45k4
sync-tm.everesttech.net/upi/pid/ Frame 66E2 		85 B
419 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
cache-control
no-cache
content-length
85
content-type
image/png
date
Fri, 02 Jun 2023 14:41:28 GMT
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma
no-cache
server
Jetty(9.4.35.v20201120)
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yul12830-YUL
x-timer
S1685716888.402567,VS0,VE17
Pug
image2.pubmatic.com/AdServer/ Frame DC13
Redirect Chain
  • https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336240446516715
42 B
273 B 		Document
General
Check archive.org
Download Go to
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336240446516715
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Fri, 02 Jun 2023 13:40:06 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Content-Length
0
Date
Fri, 02 Jun 2023 14:41:28 GMT
Location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=997336240446516715
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.4.51.v20230217)
dcm
s.amazon-adsystem.com/ Frame 78D5 		43 B
855 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/dcm?pid=3b882453-6770-4785-baf8-a598533c054a&id=E61AF9CD-E437-4EEB-867B-7A205C8A055E&redir=true&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Fri, 02 Jun 2023 14:41:28 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
FSJF7TEMXGEWH3Y7BF7G
setuid
elb.the-ozone-project.com/ Frame 2239 		0
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=E61AF9CD-E437-4EEB-867B-7A205C8A055E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7d1075185c6c54b5-YYZ
content-length
0
date
Fri, 02 Jun 2023 14:41:28 GMT
expires
0
pragma
no-cache
server
cloudflare
vary
Origin, Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E56B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=5hr5zeQ3TuuGe3ogXIoFXg%3D%3D&gdpr=0&gdpr_consent=
  • https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
23.41.168.202 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-202.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:28 GMT
content-encoding
gzip
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
server
Apache
vary
Accept-Encoding
content-type
text/html
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=28380
accept-ranges
bytes
content-length
5554
expires
Fri, 02 Jun 2023 22:34:28 GMT

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
301
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
receive
pixel.tapad.com/idsync/ex/ Frame E56B
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=E61AF9CD-E437-4EEB-867B-7A205C8A055E
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3371&partner_device_id=E61AF9CD-E437-4EEB-867B-7A205C8A055E
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=bc0dceb8-94ef-4f0d-8172-4b9b9f1e22a9%252C%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d00bbd1-a351-4b32-9846-4011acf3c022&ttd_puid=bc0dceb8-94ef-4f0d-8172-4b9b9f1e22a9%2C%2C
95 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d00bbd1-a351-4b32-9846-4011acf3c022&ttd_puid=bc0dceb8-94ef-4f0d-8172-4b9b9f1e22a9%2C%2C
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:28 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=3d00bbd1-a351-4b32-9846-4011acf3c022&ttd_puid=bc0dceb8-94ef-4f0d-8172-4b9b9f1e22a9%2C%2C
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
359
xuid
eb2.3lift.com/ Frame E56B 		37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7976&xuid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&dongle=u6nf&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/gif
date
Fri, 02 Jun 2023 14:41:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
insync
thrtle.com/ Frame E56B
Redirect Chain
  • https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&gdpr=0&gdpr_consent=
  • https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=f2811310-021c-4423-8a37-29a74147091d
43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=f2811310-021c-4423-8a37-29a74147091d
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
54.221.183.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-183-221.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

p3p
CP="NOI OUR BUS UNI COM NAV"
date
Fri, 02 Jun 2023 14:41:28 GMT
content-length
43
content-type
image/gif

Redirect headers

location
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&vxii_pid=12&vxii_pid1=10067&vxii_rcid=f2811310-021c-4423-8a37-29a74147091d
date
Fri, 02 Jun 2023 14:41:28 GMT
content-type
text/html; charset=utf-8
content-length
211
p3p
CP="NOI OUR BUS UNI COM NAV"
Pug
image2.pubmatic.com/AdServer/ Frame E56B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=RTYxQUY5Q0QtRTQzNy00RUVCLTg2N0ItN0EyMDVDOEEwNTVF&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
42 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Fri, 02 Jun 2023 13:40:04 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame E56B
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFfL1eUNLOciwdv1tMl2_3M&google_cver=1
42 B
376 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFfL1eUNLOciwdv1tMl2_3M&google_cver=1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Fri, 02 Jun 2023 14:41:28 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEFfL1eUNLOciwdv1tMl2_3M&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
379
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
image2.pubmatic.com/AdServer/ Frame E56B
Redirect Chain
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3EF4FE32E0B4BEF816C87B9CEE22D68
42 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3EF4FE32E0B4BEF816C87B9CEE22D68
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Fri, 02 Jun 2023 14:41:27 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

date
Fri, 02 Jun 2023 14:41:28 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
server
openresty
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:E3EF4FE32E0B4BEF816C87B9CEE22D68
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
142
expires
Thu, 01 Jun 2023 14:41:28 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame E56B
Redirect Chain
  • https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7316393258246457499&gdpr=0&gdpr_consent=&us_privacy=
1 B
195 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7316393258246457499&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Fri, 02 Jun 2023 14:41:28 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=7316393258246457499&gdpr=0&gdpr_consent=&us_privacy=
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:27 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pug
simage2.pubmatic.com/AdServer/ Frame E56B
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
42 B
507 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Fri, 02 Jun 2023 14:41:28 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=3d00bbd1-a351-4b32-9846-4011acf3c022&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
355
SPug
image4.pubmatic.com/AdServer/ Frame E56B
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&redir=true&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-nNLJg11E2uXmdYwIqa3wKqXdeTvetp0-~A&gdpr=0
0
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-nNLJg11E2uXmdYwIqa3wKqXdeTvetp0-~A&gdpr=0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Server
162.248.18.34 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:28 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-nNLJg11E2uXmdYwIqa3wKqXdeTvetp0-~A&gdpr=0
date
Fri, 02 Jun 2023 14:41:28 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.57
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
E61AF9CD-E437-4EEB-867B-7A205C8A055E
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame E56B 		43 B
601 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/pubmatic/E61AF9CD-E437-4EEB-867B-7A205C8A055E?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a07:1d29:9fda:71f8:ef93 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
setuid
elb.the-ozone-project.com/ Frame 6770
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_pr...
  • https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Requested by
Host: elb.the-ozone-project.com
URL: https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d107518ed3f54b5-YYZ
content-length
0
expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:28 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
0
Expires
0
rum
elb.the-ozone-project.com/cdn-cgi/ Frame 6770 		0
213 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://elb.the-ozone-project.com/static/load-cookie.html?gdpr=0&gdpr_consent=&usp_consent=&pubcid=59ce4bf9-4d94-4824-ae48-bac26e530cfc&publisherId=TKN100000001&siteId=4204204312&cb=1685716882240&bidder=ozone
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
application/json

Response headers

date
Fri, 02 Jun 2023 14:41:28 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://elb.the-ozone-project.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7d1075195ddf54b5-YYZ
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-ozone&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_pr...
  • https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10751a2ef454b5-YYZ
content-length
0
expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:28 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://elb.the-ozone-project.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=ZHn-lBXjuUmY8xg0DrXNuAAA%261453
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
0
Expires
0
setuid
elb.the-ozone-project.com/ Frame FD57
Redirect Chain
  • https://ad2.360yield.com/server_match?r=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
  • https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
0
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
Protocol
H2
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://elb.the-ozone-project.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin, Accept-Encoding
cache-control
no-cache, no-store, must-revalidate
cf-ray
7d10751aafaa54b5-YYZ
content-length
0
expires
0

Redirect headers

location
https://elb.the-ozone-project.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=591ef048-ef70-4c2f-a3db-bb4eaed56d04
access-control-allow-origin
*
date
Fri, 02 Jun 2023 14:41:28 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
SPug
simage4.pubmatic.com/AdServer/ Frame E56B 		0
261 B 		Script
General
Check archive.org
Download Go to
Full URL
https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.84 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 13:39:59 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
events
api.permutive.com/v2.0/batch/ 		101 B
130 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=025ad678-bf0a-4fe2-b383-8487592159bc
Requested by
Host: be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
URL: https://be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app/be54a597-6b6d-4e2d-9d31-642310a8db25-web.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
252.254.107.34.bc.googleusercontent.com
Software
Permutive /
Resource Hash
02a0170c9b831567d5d219f0e53bb63c1a81be075141503aeedc429bb55da1ec

Request headers

Referer
https://www.thespec.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
content-type
text/plain

Response headers

date
Fri, 02 Jun 2023 14:41:30 GMT
content-encoding
gzip
via
1.1 google
server
Permutive
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.thespec.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
112
2709b5442c4544f3b59b619cc5957714.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/ Frame B19B 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/media/2709b5442c4544f3b59b619cc5957714.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
933a5026b7c285374462eab03154af744cd5e7e1cdde46c25984f5e944f598ca

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42258402/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FNYC3QILixz-3skRnmUXCPwAAAIDrUQpAuLJEZ5lFwj81gLdAguLHP4YKyZEUDPoC3VE0w2JgmH2R_3lkAAAAAACrbwFyJQAAdAcAAAIAAABKbPIXi3MXAAAAAABVU0QAVVNEANgCWgDW5AAAAAABAgUCAAAAALoAFiYAGwAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521gxQnogi2s4kaEMrYyb8BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY5MkDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2OTI%3D%2Fbn%3D92092%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D728x90
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:30 GMT
Last-Modified
Thu, 22 Dec 2022 21:17:38 GMT
Server
nginx/1.21.3
x-amz-request-id
a9b4939e-4eec-4540-87ea-075f6fcea863
ETag
"2709b5442c4544f3b59b619cc5957714"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
a9b4939e-4eec-4540-87ea-075f6fcea863
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25057
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:30 GMT
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1685716890516&plid=8314968&idsite=thespec.com&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&urlref=https%3A%2F%2Fnews.google.com%2F&screen=1600x1200%7C1600x1200%7C24&data=%7B%22adobe_mcid%22%3A%2214704239918408065180314003276415442791%22%2C%22_scrollIncrement%22%3A2%2C%22_scrollMethod%22%3A%22setinterval%22%2C%22_y%22%3A0%2C%22_bodyHeight%22%3A6826%2C%22_trustBar%22%3A2969%7D&sid=1&surl=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&sref=https%3A%2F%2Fnews.google.com%2F&sts=1685716881619&slts=0&title=%E2%80%98Our+on-premises+email+server+was+compromised%E2%80%99+%E2%80%94+University+of+Waterloo+interrupts+suspected+ransomware+attack+%7C+TheSpec.com&date=Fri+Jun+02+2023+14%3A41%3A30+GMT%2B0000+(GMT)&action=_scroll&pvid=75415471&u=pid%3D0e34022597b1ccc177efc0bab7eda828
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.205.167.202 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-205-167-202.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:30 GMT
Cache-Control
no-cache
Last-Modified
Friday, 02-Jun-2023 14:41:30 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
pixel.gif
px.moatads.com/ 		43 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.moatads.com/pixel.gif?e=31&q=1&hp=1&kq=1&lo=0&qs=1&ak=-&i=TORONTOSTARCONTENT1&ud=false&qm=0&qn=6OZw%3DoHB%2CEF%3FKC1I%3Cq.bWoCSV2W0Su*TDXlCfX2iR2%25(GyHN%3DI(%2C%3Ba15lK1t!9ZpAH..4iwM%25z4mc4djG%3D_11%5Dz(m3%7CuK9~P%5DDohjO%7BcEKHD%40%404KrD(KA.E%24C%23I%3BC%2FVKw(%24Y4%5D%2B)%60K%3A%3A%2FAwJ_%5B%259%5BHhUKF%5EhRZ8!v%5ETm_h%7CR%22%3Ba%3CgeMBC.F%5BNVfBB2%2B%7BLTaU%40%5BG%2BQVxtRF%3BmXB7I%22u%25B_QIx)%2CaqRBXED%3Fd%5BvP%25l7g(ksGBGN35*mUx!f%2Bwb%7B!wJu4DmSUw%3ClE8kJBdSX%5EZFKC%2C)Ib%3BA8%2266%3CBl%3F%24b%3AameaUc%5EKu%3BUDXp%2B3W%60R2zA.Nt%7CQjtoDxpwoFKR*emgSuR)%2Cea*X%3Dy%3E%5B%25B7k.%3ETy%25.8e%40GW*_)9L%2CzVx)rOS2z.%5BOCDTWRe%2Ba%2Fke%3BR30982iYBgDzb%23Ls1(u0EnUa%3Fwb%26k!C%24%26J%3BBcJVrwLy%3Aaq%24StZzTm!ja8V%22%3BU%5DDTg%7Df%2FH%40%26%2Bc%5B5IUOG(%2CWV%7BGrV~1HmDkP8D4rUDtmxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K3%2BC%24%3D!!t%3C%2C%5BhKjmfxECSR23_hFAkD%3Dv%3CN%5B.%22%24b_o%3FtVD%5D%5BpN%7CQF%40Sy7%7BlTr1W*d%5BOCF%259%3CUYoo813_xB%2CN22Ib%40aFB&qp=00000&qq=000001000000&qr=0&gz=0&hh=0&hn=0&qt=0&bq=0&g=4&vc=2&pl=1&fl=1&sr=0&sb=0&sq=0&sa=0&sn=0&sj=0&sm=0&si=0&md=28&mc=28&lb=6826&la=1200&ld=1200&lc=1200&cw=1600&cx=1200&sh=6826&xa=0&xb=0&xc=0&h=4&w=4&dnt=0&gu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&cm=7&f=0&j=https%3A%2F%2Fnews.google.com&o=3&t=1685716880420&de=95314933683&cu=1685716880644&m=10581&ar=5072747-clean&cb=0&ll=2&ln=0&gh=1&qa=1600&qb=1200&qi=1600&qj=1200&qf=1600&qe=1200&qh=1600&qg=1285&lk=undefined&le=1&gm=1&io=1&ch=0&as=0&ag=0&an=0&gf=0&gg=0&aj=0&pg=0&pf=0&cc=0&bw=0&bx=0&dj=0&aa=0&ad=0&cn=0&gk=0&gl=0&cq=0&em=0&en=0&bu=10066&cd=5080&ah=10066&am=5080&re=1&wb=1&ai=541&cl=0&at=0&d=thespec.com%3A%E2%80%98Our%20on-premises%20email%20server%20was%20compromised%E2%80%99%20%E2%80%94%20University%20of%20Waterloo%20interrupts%20suspected%20ransomware%20attack%3A__page__%3A-&gw=torontocontentstarcontent37863992&ab=1&ac=1&fd=1&kt=strict&it=500&fs=98876&na=991812845&cs=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-149.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.thespec.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

unused62
8096267
pragma
no-cache
date
Fri, 02 Jun 2023 14:41:31 GMT
last-modified
Fri, 20 May 2016 15:16:00 GMT
server
AkamaiNetStorage
etag
"ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
accept-ranges
bytes
content-length
43
expires
Fri, 02 Jun 2023 14:41:31 GMT
4b36d169fd830d278327f27a4b07622e.jpg
crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/ Frame 05BD 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/media/4b36d169fd830d278327f27a4b07622e.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.41.168.189 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-168-189.deploy.static.akamaitechnologies.com
Software
nginx/1.21.3 /
Resource Hash
41b6651b577e89020ffd1463fd5b0bc83bacd1f42eb24a47d8f334cd016d91ed

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://crcdn01.adnxs-simple.com/creative/p/1908/2022/12/22/42259375/index.html?clickTag=https%3A%2F%2Fnym1-ib.adnxs.com%2Fclick%3FjGXtvG2Z0T9JLZRMTu3KPwAAAOCjcAdANrYyPFHtyj_Thy6ob5nRP9cMK7XGzTtnLABvCylg22CR_3lkAAAAAAmrbwFyJQAAdAcAAAIAAAATzO4Xi3MXAAAAAABVU0QAVVNEACwBWALW5AAAAAABAgUCAAAAALoASyVdDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521-BPdawi2s4kaEJOYu78BGIvnXSAAKAAxAAAAAAAAEEA6CU5ZTTI6NTY1MEDXQ0ngvg6cM6L1P1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTkwOCNOWU0yOjU2NTA%3D%2Fbn%3D60343%2Fclickenc%3Dhttps%253A%252F%252Fwww.lecartier.ca%252F%253Futm_source%253Dsharethrough%2526utm_medium%253Dbanners%2526utm_campaign%253Dcampagne_annuel-2022%2526utm_term%253D%2526utm_content%253D300x600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Date
Fri, 02 Jun 2023 14:41:31 GMT
Last-Modified
Thu, 22 Dec 2022 21:40:39 GMT
Server
nginx/1.21.3
x-amz-request-id
58af8fe6-0497-4b51-bb32-87de8b745da5
ETag
"4b36d169fd830d278327f27a4b07622e"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
X-Clv-Request-Id
58af8fe6-0497-4b51-bb32-87de8b745da5
Cache-Control
max-age=3888000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31070
X-Clv-S3-Version
2.5
Expires
Mon, 17 Jul 2023 14:41:31 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame F8E7 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=35743221&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
ef636bc2de313ca1e48c80144caebd6c341f38f16165323586d9f4f84000e56d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
date
Fri, 02 Jun 2023 14:41:29 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
services
sync.technoratimedia.com/ Frame 9BF8
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEcUNFN0k4XzhBQUNDU04yYUlOUQ&gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&b...
  • https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Cpp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
  • https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AADqCE7I8_8AACCSN2aINQ&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_cu...
0
0
Pug
simage2.pubmatic.com/AdServer/ Frame D4FF
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:377f6479-ff9b-4700-ad6e-a539fafb1d23&gdpr=0&gdpr_consent=
42 B
327 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:377f6479-ff9b-4700-ad6e-a539fafb1d23&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Fri, 02 Jun 2023 14:41:31 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache
Connection
keep-alive
Content-Length
0
Content-Type
image/gif
Date
Fri, 02 Jun 2023 14:41:31 GMT
Expires
Fri, 02 Jun 2023 14:41:30 GMT
Keep-Alive
timeout=360
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server
MT3 851 9bd98ae master ord-pixel-x22 config_version:"unknown"
location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:377f6479-ff9b-4700-ad6e-a539fafb1d23&gdpr=0&gdpr_consent=
bridge
cm.adgrx.com/ Frame 7129 		0
0
Pug
simage2.pubmatic.com/AdServer/ Frame 5F69
Redirect Chain
  • https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=561783506929456550&gdpr=0&gdpr_consent=
42 B
296 B 		Document
General
Check archive.org
Download Go to
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=561783506929456550&gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, private
content-length
42
content-type
image/gif; charset=utf-8
date
Fri, 02 Jun 2023 14:41:31 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
nginx

Redirect headers

AN-X-Request-Uuid
202211e7-afb7-429b-95fc-83321a6dd56f
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Fri, 02 Jun 2023 14:41:31 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=561783506929456550&gdpr=0&gdpr_consent=
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.23.2
X-Proxy-Origin
149.56.153.189; 149.56.153.189; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
141
match.deepintent.com/usersync/ Frame 7799 		0
223 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
38.91.45.7 -, , ASN (),
Reverse DNS
Software
a /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-length
0
content-type
image/gif
date
Fri, 02 Jun 2023 14:41:31 GMT
p3p
policyref='http://cdn.deepintent.com/p3p.xml', CP='NON CUR DEV TAI'
server
a
usersync.aspx
dis.criteo.com/dis/ Frame 14B8 		43 B
363 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.119.150 -, , ASN (),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache
content-type
image/gif
cross-origin-resource-policy
cross-origin
date
Fri, 02 Jun 2023 14:41:30 GMT
expires
Fri, 02 Jun 2023 00:00:00 GMT
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
636808
strict-transport-security
max-age=31536000; preload;
x-errorlevel
0
setuid
elb.the-ozone-project.com/ Frame A5C1 		0
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://elb.the-ozone-project.com/setuid?bidder=pubmatic&gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&uid=E61AF9CD-E437-4EEB-867B-7A205C8A055E
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=pbs-ozone&predirect=https%3A%2F%2Felb.the-ozone-project.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-ozone%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.43.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ads.pubmatic.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7d10752b282254b5-YYZ
content-length
0
date
Fri, 02 Jun 2023 14:41:31 GMT
expires
0
pragma
no-cache
server
cloudflare
vary
Origin, Accept-Encoding
sd
us-u.openx.net/w/1.0/ Frame F8E7 		43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=540245193&val=E61AF9CD-E437-4EEB-867B-7A205C8A055E&gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 02 Jun 2023 14:41:31 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
Martin
crb.kargo.com/api/v1/dsync/ Frame F8E7 		43 B
504 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crb.kargo.com/api/v1/dsync/Martin?exid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.233.243 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-233-243.compute-1.amazonaws.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 02 Jun 2023 14:41:31 GMT
X-Accel-Expires
0
Vary
Origin
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 UTC
sync
sync.bfmio.com/ Frame F8E7 		0
0
syncMe
synchroscript.deliveryengine.adswizz.com/ Frame F8E7 		0
0
current
pubmatic-match.dotomi.com/match/bounce/ Frame F8E7 		0
0
generic
sync.ipredictive.com/d/sync/cookie/ Frame F8E7 		0
0
sync
dsp.nrich.ai/bidswitch/ Frame F8E7
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
  • https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=6762202c-14af-476a-9137-b24ec0393eda&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
0
0
CookieSyncPubMatic&gdpr=0&gdpr_consent=
rtb.adentifi.com/ Frame F8E7 		0
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb.adentifi.com/CookieSyncPubMatic&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.165.35.122 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.90 Safari/537.36

Response headers

date
Fri, 02 Jun 2023 14:41:31 GMT
__activity.gif
query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
csi.gstatic.com
URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~lieob69e&c=7075237532566&slotId=3537618766283&eee=missing-element&bi=missing-id&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Domain
csi.gstatic.com
URL
https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~lieob6o3&c=7075237532566&slotId=3537618766283&uet=2&ghmsh_eids=44752052%2C44765701%2C44772139%2C44773378%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275
Domain
dmx.districtm.io
URL
https://dmx.districtm.io/s/v1/img/s/101995
Domain
dmx.districtm.io
URL
https://dmx.districtm.io/s/v1/img/s/101995
Domain
sync.technoratimedia.com
URL
https://sync.technoratimedia.com/services?srv=cs&pid=73&uid=AADqCE7I8_8AACCSN2aINQ&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Csas%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0
Domain
cm.adgrx.com
URL
https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Domain
sync.bfmio.com
URL
https://sync.bfmio.com/sync?pid=187&uid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&gdpr=0&gdpr_consent=
Domain
synchroscript.deliveryengine.adswizz.com
URL
https://synchroscript.deliveryengine.adswizz.com/syncMe?partnerDomain=mrtnsvr.com&idType=cookie&partnerUserId=E61AF9CD-E437-4EEB-867B-7A205C8A055E&gdpr=0&gdpr_consent=
Domain
pubmatic-match.dotomi.com
URL
https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=E61AF9CD-E437-4EEB-867B-7A205C8A055E&gdpr=0&gdpr_consent=
Domain
sync.ipredictive.com
URL
https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent=
Domain
dsp.nrich.ai
URL
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=6762202c-14af-476a-9137-b24ec0393eda&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Domain
query.petametrics.com
URL
https://query.petametrics.com/v3/uhup2d5upsj28vf1/f511a889-02fd-4f77-d5f9-19560506f6bd/__activity.gif?e=stuck_10s&ct=%E2%80%98Our+on-premises+email+server+was+compromised%E2%80%99+%E2%80%94+University+of+Waterloo+interrupts+suspected+ransomware+attack&ccu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&tspl=11434&blst=481&ist=1427&iet=1432&bdst=481&bdet=1004&bcttt=31&jsfv=nbc&ts=1685716891468&jsk=uhup2d5upsj28vf1&jsv=20230329&cu=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&uid=f511a889-02fd-4f77-d5f9-19560506f6bd&sid=1bfea41f-76e1-40a3-c00d-2ac8cf744662&pvid=993d3ac9-4e3e-4083-8704-0a1cf731c5df&ua=Mozilla%2F5.0+(Windows+NT+10.0%3B+Win64%3B+x64)+AppleWebKit%2F537.36+(KHTML%2C+like+Gecko)+Chrome%2F114.0.5735.90+Safari%2F537.36&l=en-US&os=Win32&cet=4g&crtt=-1&cdl=9.1&saveData=false&ctyp=unknown&ref=https%3A%2F%2Fnews.google.com%2F&tzo=0&w=null&source=null&sdk=bc-pixel

Verdicts & Comments Add Verdict or Comment

239 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 boolean| credentialless object| onbeforetoggle object| onscrollend object| ozonePrebidAdunits function| ozoneLog function| ozoneError object| pbjsFile object| integrationFile object| permutive object| googletag object| __PRELOADED_CONFIG_DATA__ object| __PRELOADED_STATE__ object| __APOLLO_STATE__ object| gs_channels function| receiveMessage object| dataLayer undefined| url undefined| meta number| _vis_opt_account_id string| _vis_opt_protocol string| _vwo_mt string| _vwo_tm string| g object| vwo_iehack_queue boolean| adBlock string| theStarSAccount object| _comscore boolean| comScoreFirstLoad number| scrollIncrement object| PARSELY function| trackScroll object| referrerHistory function| initTrackingBeacon string| $igniter_var function| $p object| apstag object| blueConicPreListeners function| BCClass object| blueConicClient object| vfQ undefined| ct undefined| et undefined| hourElapsed undefined| msg undefined| pixelDomain undefined| pxSrc undefined| px object| Moat#G23 object| MoatSuperV23 boolean| _lastFocusState string| a object| Moat#PML#23#1.2 boolean| Moat#EVA object| MoatContent boolean| canRunAds object| pbjs object| adunitCodesProcessed function| auctionRetryer function| getUnrequestedSlots object| __bt_tag_d object| __bt_tag_am object| __bt_intrnl object| __bt function| pbjsChunk object| _pbjsGlobals object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| __LOADABLE_LOADED_CHUNKS__ object| ggeac object| google_js_reporting_queue string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady function| pbq object| COMSCORE object| ns_p function| Buffer function| setImmediate function| clearImmediate object| AWS object| regeneratorRuntime number| 2f1acc6c3a606b082e5eef5e54414ffb object| smg number| curY number| curDepthRatio object| adobeTokens object| bc_json299 boolean| apstagLOADED object| apscustom object| _aps function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s string| keyLinkTrackVars object| webpackChunkli_browser_client object| gaplugins object| gaGlobal object| gaData object| pbProcessor undefined| google_measure_js_timing function| _typeof boolean| msgData function| InteractionTypeImpl object| _bcp object| mdc function| $ object| Mustache function| BlueConicMetaDataService function| RuleService object| justDetectAdblock object| bcConnectionUtil function| md5 function| BlueConicDataLayerUtil object| JSONPath function| BlueConicDataLayerUtility string| _this_intIDs string| _page_title string| _this_href string| _this_referrer string| _this_paywallType boolean| bcUrlListenerActive object| bc boolean| bcFancyboxLoading object| bc_datalayer function| fbq function| _fbq object| bc_json300 object| interactions object| dialog object| shopButton function| theStarLinkClick string| _this_variant string| _this_dialogue string| _this_dialogueId string| host object| campaignData object| TheStar number| auth number| x number| ati number| ki function| __d3lUW8vwsKlB__ function| trackFB string| fbPixelId string| pageType string| template string| twitterPixelId undefined| SiteDomain string| bingPixelId object| default_ContributorServingResponseClientJs object| __googlefc string| __fcInvoked string| __fcexpdef object| OWQ5ZWM4NmRjNTBkYzJlM2xvYWRlcl9qcw== string| OWQ5ZWM4NmRjNTBkYzJlM2NhY2hlZF9qcw== object| googlefc object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady string| linkedInPixelId object| GooglebQhCsO string| redditPixelId undefined| transactionId object| googleToken object| googleIMState function| processGoogleToken number| m boolean| pvOccured boolean| pageViewOccured number| google_unique_id object| s_i_torontodnnlocal object| GoogleGcLKhOms function| Sizzle function| fskLib function| FskGetSections function| FSK_parseDFPKV function| FSK_getExtraParameters boolean| FskHasLoaded object| _fskparameters object| _FskKeyValues object| Moat#G26 object| MoatSuperV26 number| lnt_z function| FskAds function| _FskGetCmpId boolean| _FskHasGgl object| _fskadsparameters object| _fskadunits object| _fskgeo function| _fskAddListener object| _FskAds function| FskRequestAnimationFrame object| google_image_requests boolean| isAllowed object| _fskconf boolean| a4b0f9ff-cd37-48f3-8cab-1d3186a35fd8 number| google_srt function| googleCompanionsServicePresent function| googleGetCompanionAdSlots function| googleSetCompanionAdContents function| google_companion_error object| sas object| sas_snippets function| _FskDebounce function| _FskElementIsInView function| _FskUpdateElementViewabilityMessage boolean| isVisible number| google_global_correlator object| closure_lm_919803

128 Cookies

Domain/Path Name / Value
bc.thespec.com/DG/DEFAULT Name: BCSessionID
Value: 36bdb71a-3844-486b-b1b8-35dac4ea5e8e
torstar.blueconic.net/DG/DEFAULT Name: BCSessionID
Value: 36bdb71a-3844-486b-b1b8-35dac4ea5e8e
.google.com/ Name: NID
Value: 511=qbAqy9ZHY7_Ag0BYfixbkk_HiRNP87sOErdxqyKEQXtXUruLz_W35PD473qv4x5zm8fwBhpaEC5NXuIhsK8uG2BaGnj8FzD0L6n36xsKVYY08H5A5XL_J8hu1mN285xhV8L6NoRUC4RU0OgPxIezZ6OHLDV_6Af5lmq5H-cqfHg
news.google.com/ Name: GN_PREF
Value: W251bGwsIkNBSVNEQWlQXy1lakJoQ3dvdU9PQVEiXQ__
.news.google.com/ Name: _ga_SYGF1G18MM
Value: GS1.1.1685716879.1.0.1685716879.0.0.0
.news.google.com/ Name: _ga
Value: GA1.1.351361838.1685716880
news.google.com/ Name: OTZ
Value: 7056881_56_56__56_
.thespec.com/ Name: _vwo_uuid_v2
Value: D9C94040452069421B27815296C3054D2|fdc6fbf59112a275dccd52c6f961e273
www.thespec.com/ Name: last_visit_bc
Value: 1685716880556
.thespec.com/ Name: bc_tstgrp
Value: 8
www.thespec.com/ Name: userSegmentLogin
Value: false
.viafoura.co/ Name: VfSess
Value: qnvncrb84v3pj2lu84kskmkakl
.viafoura.co/ Name: vfThirdpartyCookiesEnabled
Value: true
.demdex.net/ Name: demdex
Value: 14712650147332947160312601295629075821
.thespec.com/ Name: permutive-id
Value: 070253c5-dcf9-4f5f-845b-51bec7b81603
.be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co/ Name: pxid
Value: c97da1c3-8324-475b-908a-54f8643b1330
www.thespec.com/ Name: AccessToken
Value: idv2lieob1z55onarhm9nbtov2qhpz5ns
.scorecardresearch.com/ Name: UID
Value: 1D6be33dfb1627b7376d59f1685716881
.thespec.com/ Name: AMCVS_19A568F454F72DAF0A4C98A6%40AdobeOrg
Value: 1
www.thespec.com/ Name: _vfa
Value: www%2Ethespec%2Ecom.00000000-0000-4000-8000-eff92f57b54d.d8aef348-1ff9-4aa5-ae12-3632274ce1b7.1685716881.1685716881.1685716881.1
www.thespec.com/ Name: _vfz
Value: www%2Ethespec%2Ecom.00000000-0000-4000-8000-eff92f57b54d.1685716881.1.medium=referral|source=https%3A%2F%2Fnews%2Egoogle%2Ecom%2F|sharer_uuid=|terms=
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZHn-kQAAAB7tkANw
.thespec.com/ Name: s_ecid
Value: MCMID%7C14704239918408065180314003276415442791
.thespec.com/ Name: _igt
Value: 1bfea41f-76e1-40a3-c00d-2ac8cf744662
.thespec.com/ Name: _ig
Value: f511a889-02fd-4f77-d5f9-19560506f6bd
.dpm.demdex.net/ Name: dpm
Value: 14712650147332947160312601295629075821
.thespec.com/ Name: _ga
Value: GA1.2.27418797.1685716881
.thespec.com/ Name: _gid
Value: GA1.2.210198880.1685716881
.thespec.com/ Name: _gat_UA-30417358-1
Value: 1
.thespec.com/ Name: _gat_UA-73335503-1
Value: 1
.thespec.com/ Name: __psid
Value: 1685716881516
.thespec.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html%22%2C%22sref%22:%22https://news.google.com/%22%2C%22sts%22:1685716881619%2C%22slts%22:0}
.thespec.com/ Name: AMCV_19A568F454F72DAF0A4C98A6%40AdobeOrg
Value: 179643557%7CMCIDTS%7C19511%7CMCMID%7C14704239918408065180314003276415442791%7CMCAAMLH-1686321681%7C7%7CMCAAMB-1686321681%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1685724081s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19518%7CvVersion%7C5.5.0
www.thespec.com/ Name: _vfb
Value: www%2Ethespec%2Ecom.00000000-0000-4000-8000-eff92f57b54d.3.10.1685716881....
www.thespec.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.viafoura.co/ Name: vfDeviceId
Value: 2fd4d878-5a49-4ac0-929a-88f2054124e8
www.thespec.com/ Name: BCSessionID
Value: 36bdb71a-3844-486b-b1b8-35dac4ea5e8e
torstar.blueconic.net/ Name: AWSALBCORS
Value: GOqHBCBq4VhV5RS5HNTxBTPuDXZ5Cci2tiJLLzsyfIkrdY7ME/lmrqtnITXTL56S2ezWlhS/BbNoI7Y0fagiL/z352nn5xd11+6q/6lA3xXyUHzu0pFye9jsHAcP
.the-ozone-project.com/ Name: __cf_bm
Value: aaLKq803DAnTkoD6wlnme3lWAyUQ2U8pXnzjfgg1XKA-1685716882-0-AX0FtNdttvG+TkL/QR9FiN5DfGYgGKpgokC+aR9wpVCXirOTMLEO544ozlZMzrMvvHOm7uUvB3IQOkEKI3UCUSg=
www.thespec.com/ Name: selectedPersonalizedCategories
Value: []
www.thespec.com/ Name: personalizedListModeEnabled
Value: true
www.thespec.com/ Name: latestContentTier
Value: 0
.thespec.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=0e34022597b1ccc177efc0bab7eda828%22%2C%22session_count%22:1%2C%22last_session_ts%22:1685716881619}
www.thespec.com/ Name: rememberMeML
Value: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html
.thespec.com/ Name: _fbp
Value: fb.1.1685716882912.1095007794
bc.thespec.com/ Name: AWSALB
Value: 2olZavj3tbLUc8OHFeHFdTWegs2wAPrID59fPoMtZJwSAzO0tERYZXUOSncF02NTmlaAWVXoiJWhJz3F+zIo9QaxJ+JTS+Kd6XwsAcVkD/qt+HH6uQIYcEe8JAuy
bc.thespec.com/ Name: AWSALBCORS
Value: 2olZavj3tbLUc8OHFeHFdTWegs2wAPrID59fPoMtZJwSAzO0tERYZXUOSncF02NTmlaAWVXoiJWhJz3F+zIo9QaxJ+JTS+Kd6XwsAcVkD/qt+HH6uQIYcEe8JAuy
.thespec.com/ Name: _gcl_au
Value: 1.1.1430835873.1685716883
.adsrvr.org/ Name: TDID
Value: 3d00bbd1-a351-4b32-9846-4011acf3c022
.doubleclick.net/ Name: IDE
Value: AHWqTUmNSjH2lGZjwT0qcs0iJ8JL--r4szoLk3AsnWqn679svZPATn-_JzFw6kscfjE
.yahoo.com/ Name: A3
Value: d=AQABBJP_eWQCEJdOrAFGxXEIvV3D3XcaMy4FEgEBAQFRe2SDZCXcxyMA_eMAAA&S=AQAAArjAm_CKglFCUuueU-Umo1A
.adnxs.com/ Name: uuid2
Value: 561783506929456550
.rubiconproject.com/ Name: khaos
Value: LIEOB497-C-4XP5
.casalemedia.com/ Name: CMID
Value: ZHn-lBXjuUmY8xg0DrXNuAAA
.casalemedia.com/ Name: CMPS
Value: 1453
.casalemedia.com/ Name: CMPRO
Value: 1453
.thespec.com/ Name: s_nr
Value: 1685716884249-New
.thespec.com/ Name: s_nr2
Value: 1685716884249-New
.thespec.com/ Name: s_cc
Value: true
.amazon-adsystem.com/ Name: ad-id
Value: A8ErBmha6k8gueLmw4Mj3Bs
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.openx.net/ Name: i
Value: 1197e181-151a-025b-0964-a41704d18073|1685716884
.openx.net/ Name: pd
Value: v2|1685716884|vMgavPkWgy
.sharethrough.com/ Name: stx_user_id
Value: fdb0baa9-3fb0-4a86-a520-d53416904644
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnX3rDZOV9AXcEpyqBc3E4nQnJJkMIRj1viPbGqM7IwuIpHWsbW7jHZSLTlbM1
.thespec.com/ Name: __gads
Value: ID=008ca6d33d90749a:T=1685716884:RT=1685716884:S=ALNI_MbltG5F8z7zwzUHwx3LxwvtdD6xtg
.thespec.com/ Name: __gpi
Value: UID=00000c430b63ef75:T=1685716884:RT=1685716884:S=ALNI_MYXX3wVa11BiB3uliRmakKeCIGytA
.linkedin.com/ Name: bcookie
Value: "v=2&9a14dba2-cba8-4138-80bf-dc5e9518b6e3"
.linkedin.com/ Name: lidc
Value: "b=OGST03:s=O:r=O:a=O:p=O:g=2930:u=1:x=1:i=1685716884:t=1685803284:v=2:sig=AQEPeTuOB2iXwrCrv3mAnmVmioTX1nW0"
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2GVImyh>u!]tbP6j2F-XstGt!@Dux$xaMo
.freeskreen.com/ Name: a
Value: NTE3NT0xfHw7Mjg4Nj0xfHw7
.freeskreen.com/ Name: fsk_retargeting
Value: "UFQyMExRS3g1dEdJSjFjNHBhOHA3TFlXNkZ5c2lQS3V8VUV4QlRpQkpiblJsY201aGRHbHZibQ=="
.tremorhub.com/ Name: tvid
Value: b15466c1a4df42ea8ae7307ecce0928e
.exelator.com/ Name: EE
Value: "fdaeb7bd12b38e35d3c03177ddb57261"
.the-ozone-project.com/ Name: ozone_uid
Value: 2QebEqwjStuqKnzrQJ8DM0e69xn
.admanmedia.com/ Name: admtr
Value: a509cb99-84c4-4273-928a-80cb4d2c48da
.admanmedia.com/ Name: ac_r
Value: CS89
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pbw
Value: %24b%3d16999%3b%24o%3d11100
.tremorhub.com/ Name: tvssa
Value: 1685716885834
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQSEtJTE1yTwpxdAoydgi1dg0xTjZwNjQ3DwlJcnU3MjMcHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQZEl%252BUWb6ImfHxUUpaQyLSopPBR%252BxcwcAyfEqLg%253D%253D"
.smartadserver.com/ Name: vs
Value: 104685=5478641
.smartadserver.com/ Name: TestIfCookie
Value: ok
.smartadserver.com/ Name: sasd2
Value: q=%24qc%3D1308948106%3B%24ql%3DHigh%3B%24qpc%3D28700%3B%24qt%3D124_1509_77271t%3B%24dma%3D0&c=1&l=1501522464&lo=384595258&lt=638213136858573579&o=1
.smartadserver.com/ Name: sasd
Value: %24qc%3D1308948106%3B%24ql%3DHigh%3B%24qpc%3D28700%3B%24qt%3D124_1509_77271t%3B%24dma%3D0
.smartadserver.com/ Name: pid
Value: 4899499267815600390
.thespec.com/ Name: FCNEC
Value: %5B%5B%22AKsRol_6W0PDktwlXKTJ7-imV9IjQpWBkp8Hj6bFDjLkSpfzinKvUDls86ZecoiQfa4MMiIzWvVLwFfrjcw2EkEQ7KuR2vUO5YTAdGacElQbUHptKoCFkVVejrafPCliZTaUW_hqITrQTekcREZsN4qiO_b44iG0Dw%3D%3D%22%5D%2Cnull%2C%5B%5D%5D
.freeskreen.com/ Name: scmtid
Value: c2FpZD00ODk5NDk5MjY3ODE1NjAwMzkwfDE2ODU3MTY4ODU5ODImc2NtaWQ9Y2JhZmlpZ2JoZmlnYm5hdDRSZHp0bmJ8MTY4NTcxNjg4NTAxMiZtZ2lkPUxJRU9CNDk3LUMtNFhQNXwxNjg1NzE2ODg2Mjk1Jm5pZD1mZGFlYjdiZDEyYjM4ZTM1ZDNjMDMxNzdkZGI1NzI2MXwxNjg1NzE2ODg1ODc5
ads.avct.cloud/ Name: uuid
Value: 571224c4-5734-4dbe-a205-67706346cf01
.3lift.com/ Name: tluid
Value: 4591607287954369028797
.smartadserver.com/ Name: csync
Value: 104:LIEOB497-C-4XP5
.tremorhub.com/ Name: tvv
Value: 1
.lijit.com/ Name: ljt_reader
Value: Gv7xiLZH1yAL8MW-S5i-Dov6
.bidr.io/ Name: bitoIsSecure
Value: ok
.bidr.io/ Name: bito
Value: AADqCE7I8_8AACCSN2aINQ
.kargo.com/ Name: ktcid
Value: 404c5904-52df-0877-5151-03b38636b5b0
.bidswitch.net/ Name: tuuid
Value: 6762202c-14af-476a-9137-b24ec0393eda
.bidswitch.net/ Name: c
Value: 1685716887
.bidswitch.net/ Name: tuuid_lu
Value: 1685716887
.360yield.com/ Name: tuuid
Value: 591ef048-ef70-4c2f-a3db-bb4eaed56d04
.360yield.com/ Name: tuuid_lu
Value: 1685716887
.rubiconproject.com/ Name: audit
Value: 1|HBj70Fr5uEnbiG1tOI3q7J//PQ8mTtbNDng8oDhGue3WaDs14xzbSPQA7dtuBFef2bVHDBdX0VOM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLtRJr4OweyjaZPC3/GnZmLCZe7QSNjO9QO9MSKpG+J8n346Zt4X7uQOvqAH+LZKodtbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
match.sharethrough.com/ Name: AWSALBCORS
Value: +LAMwV5I6DwQtxLbPZCfZ83+S0DY1Y0vwk0dQd8HrtP7MgiT74JLKGdqhHB8XoXCxTtuDmbz5tMCQoZ02Hl5MVRQgsP1LD9Fw0qh2eHLriG25REA9pATvMwiTc4h
.pubmatic.com/ Name: KADUSERCOOKIE
Value: E61AF9CD-E437-4EEB-867B-7A205C8A055E
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 1
.pubmatic.com/ Name: pi
Value: 0:2
.pubmatic.com/ Name: DPSync3
Value: 1686873600%3A263_262_201%7C1686268800%3A248
.pubmatic.com/ Name: SyncRTB3
Value: 1686268800%3A2_223%7C1686873600%3A54_71_220_21_13_22_46_250
.analytics.yahoo.com/ Name: IDSYNC
Value: "1769~2bzq:19bl~2bzq:18z8~2bzq"
.tapad.com/ Name: TapAd_TS
Value: 1685716888420
.tapad.com/ Name: TapAd_DID
Value: bc0dceb8-94ef-4f0d-8172-4b9b9f1e22a9
.simpli.fi/ Name: suid
Value: E3EF4FE32E0B4BEF816C87B9CEE22D68
.thrtle.com/ Name: mc
Value: eyJpZCI6ImYyODExMzEwLTAyMWMtNDQyMy04YTM3LTI5YTc0MTQ3MDkxZCIsImwiOjE2ODU3MTY4ODg0NTUsInQiOjF9
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:E3EF4FE32E0B4BEF816C87B9CEE22D68&KRTB&23489-uid:E3EF4FE32E0B4BEF816C87B9CEE22D68
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEFfL1eUNLOciwdv1tMl2_3M&KRTB&16514-CAESEFfL1eUNLOciwdv1tMl2_3M&KRTB&23025-CAESEFfL1eUNLOciwdv1tMl2_3M&KRTB&23386-CAESEFfL1eUNLOciwdv1tMl2_3M
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-3d00bbd1-a351-4b32-9846-4011acf3c022&KRTB&22918-3d00bbd1-a351-4b32-9846-4011acf3c022&KRTB&23031-3d00bbd1-a351-4b32-9846-4011acf3c022
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGZ29vZ2xlEgsI5Pnqhq_g8TsQBRIZCgpyaWdodG1lZGlhEgsI5Pnqhq_g8TsQBRIXCghhcHBuZXh1cxILCOKp_4iv4PE7EAUSFgoHcnViaWNvbhILCP7_-I-v4PE7EAUSFQoGY2FzYWxlEgsIrrK6iq_g8TsQBRIbCgxzaGFyZXRocm91Z2gSCwj6-5aPr-DxOxAFEhcKCHB1Ym1hdGljEgsI3ubKs6_g8TsQBRIUCgV0YXBhZBILCPCZ67Sv4PE7EAUYASABKAIyCwjwke7hxeDxOxAFOAFaBXRhcGFkYAI.
.turn.com/ Name: uid
Value: 7316393258246457499
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-7316393258246457499&KRTB&23150-7316393258246457499
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!3686
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSsrQ0NzY2MzIxMDExMzU0Mzc0FeIz1DVM1Y1MNi6sMDUPTgcAOM5mxSQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSsrQ0NzY2MzIxMDExMzU0Mzc0FeIz1DVM1Y1MNi6sMDUPTgcAOM5mxSQAAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_9vEyGtoZmFqDiQsLEwtLQD_8zJ1EAAAAA
.pubmatic.com/ Name: KRTBCOOKIE_18
Value: 22947-997336240446516715
.pubmatic.com/ Name: PugT
Value: 1685713206
elb.the-ozone-project.com/ Name: AWSALBTGCORS
Value: W9Xqv8678WdEa7aVxAdWBR8tYoya/MHl0llqIejad+nzW7FEM0JP2K2CjqVAitcNWLapzTRtY43YJ0RvUrpP+gcjkuFNgBvGdB15SK1HSLg+MJgoZEyl0LxcGFdCH/2aYQP8bd5+XxHiAh7+svmSGRDZZGRkdD/AtoaEMs7FFa4s9TlsAE8=
.the-ozone-project.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJiZWVzd2F4Ijp7InVpZCI6IkFBRHFDRTdJOF84QUFDQ1NOMmFJTlEiLCJleHBpcmVzIjoiMjAyMy0wNi0xNlQxNDo0MToyNi45NzU2Nzc1MDVaIiwic291cmNlIjoiY29va2llIn0sImdyaWQiOnsidWlkIjoiNjc2MjIwMmMtMTRhZi00NzZhLTkxMzctYjI0ZWMwMzkzZWRhIiwiZXhwaXJlcyI6IjIwMjMtMDYtMTZUMTQ6NDE6MjcuNjI5MzU5MjYzWiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJpbXByb3ZlZGlnaXRhbCI6eyJ1aWQiOiI1OTFlZjA0OC1lZjcwLTRjMmYtYTNkYi1iYjRlYWVkNTZkMDQiLCJleHBpcmVzIjoiMjAyMy0wNi0xNlQxNDo0MToyOC43NzgwNTgzNzNaIiwic291cmNlIjoiY29va2llIn0sIml4Ijp7InVpZCI6IlpIbi1sQlhqdVVtWTh4ZzBEclhOdUFBQVx1MDAyNjE0NTMiLCJleHBpcmVzIjoiMjAyMy0wNi0xNlQxNDo0MToyOC42OTMxNzA3NDdaIiwic291cmNlIjoiY29va2llIn0sIm9wZW54Ijp7InVpZCI6ImZiZTU1MTE3LTA1MDItMGU0NS0zODNlLWFjZWFlMWFkNzEwMyIsImV4cGlyZXMiOiIyMDIzLTA2LTE2VDE0OjQxOjI3LjQxOTYyNjk3OFoiLCJzb3VyY2UiOiJjb29raWUifSwicnViaWNvbiI6eyJ1aWQiOiJMSUVPQjQ5Ny1DLTRYUDUiLCJleHBpcmVzIjoiMjAyMy0wNi0xNlQxNDo0MToyNy43NDEwMDYyODRaIiwic291cmNlIjoiY29va2llIn0sInNoYXJldGhyb3VnaCI6eyJ1aWQiOiJmZGIwYmFhOS0zZmIwLTRhODYtYTUyMC1kNTM0MTY5MDQ2NDQiLCJleHBpcmVzIjoiMjAyMy0wNi0xNlQxNDo0MToyOC4yMTc2OTcyNTFaIiwic291cmNlIjoiY29va2llIn0sInNtYXJ0Ijp7InVpZCI6IjQ4OTk0OTkyNjc4MTU2MDAzOTAiLCJleHBpcmVzIjoiMjAyMy0wNi0xNlQxNDo0MToyOC4wNTI0NzU2MTFaIiwic291cmNlIjoiY29va2llIn0sInNvdnJuIjp7InVpZCI6Ikd2N3hpTFpIMXlBTDhNVy1TNWktRG92NiIsImV4cGlyZXMiOiIyMDIzLTA2LTE2VDE0OjQxOjI2LjcwNzk2MzUyNVoiLCJzb3VyY2UiOiJjb29raWUifSwidHJpcGxlbGlmdCI6eyJ1aWQiOiI0NTkxNjA3Mjg3OTU0MzY5MDI4Nzk3IiwiZXhwaXJlcyI6IjIwMjMtMDYtMTZUMTQ6NDE6MjguMzY2MTY3OTY3WiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJ0dGQiOnsidWlkIjoiM2QwMGJiZDEtYTM1MS00YjMyLTk4NDYtNDAxMWFjZjNjMDIyIiwiZXhwaXJlcyI6IjIwMjMtMDYtMTZUMTQ6NDE6MjcuMjk3ODQyODgyWiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJ5YWhvb3NzcCI6eyJ1aWQiOiJ5LVczNVNTSEpFMnVIOFJzcm1zd2k4cm5IaGNGYmFjakR4WWpMb2d1by1-QSIsImV4cGlyZXMiOiIyMDIzLTA2LTE2VDE0OjQxOjI3LjA3ODYyODMzNFoiLCJzb3VyY2UiOiJjb29raWUifX0sImJkYXkiOiIyMDIzLTA2LTAyVDE0OjQxOjI1LjkwMTI1NDQzMloifQ==
.pubmatic.com/ Name: SPugT
Value: 1685713199

7 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://play.google.com/log?format=json&hasfast=true&authuser=0
Message:
Failed to load resource: the server responded with a status of 400 ()
javascript warning URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html(Line 166)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=354908&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&random=0.259818566821584, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://www.thespec.com/tr/news/waterloo-region/2023/06/01/university-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html(Line 166)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://dev.visualwebsiteoptimizer.com/deploy/js_visitor_settings.php?v=1&a=354908&url=https%3A%2F%2Fwww.thespec.com%2Ftr%2Fnews%2Fwaterloo-region%2F2023%2F06%2F01%2Funiversity-of-waterloo-interrupts-suspected-ransomware-attack-on-its-online-systems.html&random=0.259818566821584, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://dmx.districtm.io/s/v1/img/s/101995
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://dmx.districtm.io/s/v1/img/s/101995
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'report-sample' 'nonce-7ucKrz-QR1AcZgJjjEWUZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DotsSplashUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://youtube.com https://www.youtube.com https://youtube.googleapis.com https://*.ytimg.com https://maps.googleapis.com https://ajax.googleapis.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DotsSplashUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /_/DotsSplashUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12987815.fls.doubleclick.net
8fd3bc06c5801f35dd31c36f0bd0a294.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
acdn.adnxs-simple.com
acdn.adnxs.com
ad-delivery.net
ad.doubleclick.net
ad.turn.com
ad2.360yield.com
ads.avct.cloud
ads.freeskreen.com
ads.pubmatic.com
adserver.pressboard.ca
adservice.google.ca
adservice.google.com
ajax.googleapis.com
ap.lijit.com
api.parsely.com
api.permutive.com
api.sofiapulse.com
api.thestar.com
api.viafoura.co
bc.thespec.com
be54a597-6b6d-4e2d-9d31-642310a8db25.edge.permutive.app
be54a597-6b6d-4e2d-9d31-642310a8db25.prmutv.co
bid.g.doubleclick.net
btloader.com
bttrack.com
c.amazon-adsystem.com
cdn.adnxs.com
cdn.cluepixel.com
cdn.jsdelivr.net
cdn.parsely.com
cdn.petametrics.com
cdn.viafoura.net
cm.adform.net
cm.adgrx.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
crb.kargo.com
crcdn01.adnxs-simple.com
creative.sofiapulse.com
cs.admanmedia.com
csi.gstatic.com
d1nxn87txdj54y.cloudfront.net
d1z2jf7jlzjs58.cloudfront.net
dev.visualwebsiteoptimizer.com
dis.criteo.com
dmx.districtm.io
dpm.demdex.net
dsp.nrich.ai
dsum-sec.casalemedia.com
eb2.3lift.com
elb.the-ozone-project.com
engagefront.theweathernetwork.com
eus.rubiconproject.com
experience-api.sofiapulse.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gcdn.2mdn.net
googleads.g.doubleclick.net
i.clean.gg
i.viafoura.co
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
images.thestarimages.com
imasdk.googleapis.com
insight.adsrvr.org
loadeu.exelator.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
news.google.com
nym1-ib.adnxs.com
optimized-by.rubiconproject.com
p.rfihub.com
p1.parsely.com
pagead2.googlesyndication.com
pc022-cybt2.ads.tremorhub.com
pixel-us-east.rubiconproject.com
pixel-us-west.rubiconproject.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.thestar.com
play.google.com
pr-bh.ybp.yahoo.com
prebid.the-ozone-project.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
pubads.g.doubleclick.net
pubmatic-match.dotomi.com
px.ads.linkedin.com
px.moatads.com
query.petametrics.com
r4---sn-t0a7ln7d.c.2mdn.net
resources.thestar.com
rtb-csync.smartadserver.com
rtb.adentifi.com
rtb.openx.net
s.amazon-adsystem.com
s.thespec.com
s0.2mdn.net
s3.us-east-2.amazonaws.com
sb.freeskreen.com
sb.scorecardresearch.com
scm.publishers.tremorhub.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
sr.studiostack.com
ssbsync-global.smartadserver.com
ssum.casalemedia.com
static.cloudflareinsights.com
static.freeskreen.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.bfmio.com
sync.ipredictive.com
sync.mathtag.com
sync.smartadserver.com
sync.technoratimedia.com
synchroscript.deliveryengine.adswizz.com
thrtle.com
token.rubiconproject.com
torontostarnewspaperslimited.demdex.net
torstar.blueconic.net
torstar.gscontxt.net
tpc.googlesyndication.com
track.sofiapulse.com
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
vast.doubleverify.com
video.freeskreen.com
w4o7aea80ss3-a.akamaihd.net
ww1772.smartadserver.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.thespec.com
x.bidswitch.net
z.moatads.com
cm.adgrx.com
csi.gstatic.com
dmx.districtm.io
dsp.nrich.ai
pubmatic-match.dotomi.com
query.petametrics.com
sync.bfmio.com
sync.ipredictive.com
sync.technoratimedia.com
synchroscript.deliveryengine.adswizz.com
104.18.43.178
108.138.107.138
13.226.34.68
13.226.36.115
13.33.60.87
13.35.93.41
142.250.31.155
142.251.40.134
142.251.40.98
150.136.157.133
151.101.1.108
151.101.65.108
151.101.66.49
151.139.128.10
162.248.18.34
162.248.18.37
172.217.13.102
172.217.13.130
18.164.101.60
18.164.116.103
18.164.116.60
18.164.124.117
18.164.131.14
18.164.98.157
192.132.33.46
192.40.39.223
199.187.193.177
199.187.193.179
199.187.193.197
199.187.193.200
199.38.167.131
20.49.104.19
206.189.177.190
216.200.232.249
23.192.31.127
23.215.130.106
23.3.115.102
23.41.168.189
23.41.168.202
23.41.169.149
2600:1f18:1430:9000:eeee:2de2:4483:dc16
2600:1f18:44f0:4847:757a:9f73:587:7107
2600:1f18:4e9:5a07:1d29:9fda:71f8:ef93
2600:1f18:612b:4200:e88d:9deb:419:5e00
2600:1f18:612b:4264:fdb4:174:60b1:9ea2
2600:9000:21dd:de00:8:2ae1:d740:93a1
2600:9000:23ca:d800:16:970:b940:93a1
2606:4700:20::681a:d8
2606:4700:20::ac43:4513
2606:4700:20::ac43:4686
2606:4700:20::ac43:4775
2606:4700:4400::ac40:9256
2606:4700::6810:3965
2606:4700:e0::ac40:6b1b
2607:f8b0:4004:c1b::9a
2607:f8b0:4020:1::9
2607:f8b0:4020:804::2002
2607:f8b0:4020:804::200e
2607:f8b0:4020:805::2002
2607:f8b0:4020:805::2003
2607:f8b0:4020:805::200a
2607:f8b0:4020:805::200e
2607:f8b0:4020:806::2001
2607:f8b0:4020:806::2002
2607:f8b0:4020:806::2003
2607:f8b0:4020:806::2008
2607:f8b0:4020:806::200a
2607:f8b0:4020:806::200e
2607:f8b0:4020:807::2001
2607:f8b0:4020:807::2003
2607:f8b0:4020:807::2004
2607:f8b0:4020:807::2006
2607:f8b0:4020:807::200e
2620:112:f002:bbbb::21
2620:1ec:21::14
2a02:6ea0:c400::11
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
2a04:4e42:200::485
3.18.203.134
3.217.168.175
3.222.242.235
3.225.186.40
3.227.114.111
34.107.254.252
34.111.113.62
34.120.23.223
34.150.170.96
34.196.231.85
34.200.65.202
34.206.184.66
34.229.3.43
34.231.84.56
34.233.251.255
34.234.189.105
34.95.69.49
34.96.102.137
34.98.64.218
35.171.1.225
35.190.14.224
35.211.178.172
35.227.252.103
35.241.9.51
35.71.139.29
37.157.5.133
38.91.45.7
50.17.44.206
52.205.167.202
52.21.159.118
52.219.107.9
52.223.40.198
52.44.28.1
52.46.143.56
52.72.136.170
52.85.61.103
54.165.35.122
54.221.183.221
54.84.233.243
63.140.38.113
63.251.86.50
67.220.224.144
68.67.160.184
68.67.160.24
68.67.178.10
74.119.119.150
8.28.7.81
8.28.7.83
8.28.7.84
8.39.36.142
8.43.72.97
8.43.72.98
80.77.87.161
001c41197b8371ab7a20b3b8d34bc0fa94bd64ec85b63ba654b845d11532e1c7
01fe569dffd6f9247d5b98dcd3f13d0fddae9ab86a22e604c7196b5a5979b546
02a0170c9b831567d5d219f0e53bb63c1a81be075141503aeedc429bb55da1ec
02a4225dce02c122ea0f6c9b27fdb08433b9dc76ec802aaffde961feb1d9f612
040011b9537699d58250f25ba79f098f851fa457fc68e51dc1836e71d9eecb8e
0644c32180e603548fb16e195d88c0d4674b4c55151d125b9c3b7b7eae66936b
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06bb8c86e0692f4542437a0abcc2cf07f5fabf6c99ab1a1ff6b83f54fb92d294
07ba8b6a769f306219056245b915f4eb5394c3456630a67d5c2f2b1d8370a454
096ef6644ebed2ac191e5a20c7c5bf31a24d8739912e2142003fdaa469a13aa5
098ac1fe26b8dcbf76d32aa5db27e6112d093743f9a3e4df1dc529c131df4363
0a9eb8fb1f1adc5c521abe5636479140a4bad2c57658cdb304695e0610b8aaf2
0b6d1e665ed037683597a779c1d367c8d58c182bf7fd76c8ed651ce6e43f5cb8
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0be3b3c29eb1481c54d5e848beab08078ac74c10bc54aa77cf80d98b5902fd8d
0c31624894ba6758871eec6194cec1fc1fd045f875c5b07a7fac312c8c3eae85
0c5abe1491ffbb02498051e698c3327ebef2aca7e51360c77aef050a7df94fd5
0e9ccac01e78946f97c905d468ca5a23e4c48aab3f84fe187d1b4cc0a19898bb
0ee89ce6941fb1e9eb99d7d7fd1682b40838cc53953c45af6da2e84052e734dd
10730811c5e6c638696bacac570f78c617aac67b3d8d0056714cf09a0c380a4d
1280928ff3311afe4e1ea30521ab9d06b838ee3efdbad88fed50f42fcc1c7ba2
12b121eb22ce19541fa86ce19b9c9981ac5d5ae37729c8d4c3cdd63c6b2634e7
133185efc3ebe51623accb7177e2b7e4ef1e7bad63c1ace950239d118ea74f9b
133d99ecc7e1f65d2e0bdc9d04fae746f2e9b820213b2a2df7fed60ba073475e
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
13d3efc57a481a1a210404e48c9d27bcc4e22bfe56e60bdc988f19afa9e666e8
1604a5ba0f2f61ff17add24c3796fbf2275d0d70d66dd0ec001a79218f5a3099
176fee37001cdc59696ba8496d3e39194d4eb668e774c95d5e6933c1e8e19c98
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1894300144e968b81ffe49f390283a8ee44d3ba47e363760087ff954a44e6bd8
18fe303b90ec11272afb9bcdc4fddb8b860c4e8b9cb1da505444c60073a7e62d
19ac7f7f03270e923c602d544845da674a088cbb610a4c76a6445f0d075b7d0f
1a4886135ca215d220902bc72d99fffc1a29818df257e5b784251772715e4cfa
1ad7d6da68483b3c8590f50ad2cbb504afdaf9c5db1c849715caf85fe682ecb0
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1b29af82ad757fab4ab348e30008412ea6380c49637bff2366212fbd7d6ea236
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e4b3631f2c10ad3828062ea5e29fc582c28e603c56837544ede24ac014abe87
24a49691a5fcf930fbb9f1433e0c14f0b99e173fbb81d7b604481b1ef2fae01d
24ab75edf1a82aa35ce36917a67de6866caa71904eb001bdb13cfaa4901f03bb
25e5c10cb58300c92e6d6065fa0ea49a206499c58a2f1152af1deea8f34a5066
265ae92bbb9a65903bae2aed4a92b9af4c03537907d03f8bf80fb214f4550ce7
27eb87df8f4eb3164ad81ff266aed79d50a33f6869c249ee27ac80ad0c1e3dc2
28197ceb983f0b9d36b397add84509800d73ef9c6b2191343b9e96191a96a9f8
28564772b2b25e7d5d5e4a1b865a0767bf2a9af8e1b5379f2dcdb0ecb4679dbc
286770eac4396ea2a2e587f3f981a7ab16890b925c16d5f10e617924d2ed0bbf
29c6a208824b56fd5d1d51f00cf1e519993d2448ff2b1ab90c375ca9917aa79d
2c8042abb4977eab5b0b17a24c3ae8bc14010539171fff9bcf2ea480a7473ffb
2d767fe00284ba315844a0f61f8f69721df84ca58781e8b960455fee618c9778
2db8e30047815010ad310b23e7812789cda1be619862ae76e505c8fc1795dc83
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e5656278877a92809adf252cc0183e5fbd0192e93c0fd0fcc6a709dabd4a517
2e87fb4cc4c586bf8aae23bd3726d40a20087b26989bf9668b18e31c3db62fd2
2f4b2c82c058c5607049981652cf61e27e46e2afb00047baa36529ade3e1d8a8
31ace63fa339896dc045f21da77b1ffdc57160e2db5690b132766b0086d6f58e
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
322f32330a0ec9ad84886251d027a7bc919d8c0f88c65ee3e3db6d96d71de026
325be98d467be29fd7b3d1c36f2e137806b171ca7d73ef3b535e198ec0bd1dc1
33000d6e4cc873115b00d2548f25df7878521d20150242d336409c04782f0484
355c65937df1fa01bf1ecd8806b4fc9dbd7d8cfe7c570ff7750415e94e7fe6ca
37f32cda3d74b3634eaaca668df1c2dc9dc4d16e40aeea240334d2fc25dc2212
38254c821b6bec9ee36bb8116cf81a16b0a9c2a51f97cacdb483b4fdeb6e3821
39a2081996839223659775e59a17c80055abe389a7ba35cd43c8b9ac09f63d71
39cde2628915da4d5c9c1672bf8435916c42e58721c3fe89e4512951d7f9da0e
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e54047a5de69628d87570753a0bfbcae01a1375bc54d1b3819751e211b602b9
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f74f0154c63f844a9fd5e19d0a2fc8b8304fcc2158e52f43e6e496c464c38b3
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41b6651b577e89020ffd1463fd5b0bc83bacd1f42eb24a47d8f334cd016d91ed
4230eb0b2967a0e37379c2eb0ce011bf23b3d5a9e27d83282fa14820f36ef260
4349c1ea6737b944d8fab7867c5c4d327d2ccbe155162ec392e85897f4ce6507
435d2a4f9752c742107b0423be9e34bad86830867e0b6a7b5d382087e31009f9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
448edd4a71b4ca28931010c1c2166872801702a420ff549a7c757edf863d7530
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492584db86b05db92e84082fb80ac2d2944bc4c7c8d9ef82cdf8c880b7cee02d
49bd5cc239085142e293f889016f2329dfc5e6b96c4974468341c4af12bf343d
4acc75b78ebb012c99e000bbf5b6e7df2932baba7bcedafa8b136f70ddd095eb
4b108d10517b218ebb22d63ad00b85baf89a7b4f1884c3fd01eb03f0790b1cd6
4b123f8e3a4b0db9c32f6add4b53ac3b66afecd0ac6c0b17a90e1451642f7418
4b7536e7a009e1e43e5da7cba000269c401db82ec2c76c83027aa36cf3276445
4bdd7d90638e1014b4551127fc7cec16c6b7de3600883836737a30ab515e4508
4c89acfa2eecebb2c3696f96f81436da61cbf6a8c12355108042c670b7da8c9f
4d1b71f4ffdff139c5778a6ab809db2008d1c42df078d25f8f10f735990f0417
4d30543ac6e90772e81a0884755c1ec57baacc83daac73fa91e30682c82d13dc
4da8f4d2d20833c254b092ab30d0ebaee5e3d93716e320773ff55c27c353796b
4daa42737db10de9d5295b04f962e97bc9d31c86d6ed1ceac99b883f7f89b780
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
502a19bd8010b390245ee5ce7cab84a4250da24d548828b555a53a68cfbd8db9
502cb2e7447df5ec67988f64fa05a9dd4e924c4799f62b751b530ea3010272da
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5154e8c20331d4072f81178925ed2dda1381fccf4f3a5f6cceb64022e19c9748
51ff5c0605afbe98af6bc168165d70587aeff4eb1e4ef328d7409f09b61f9032
52c6b724460d1cc1eef6b6b43f27f26d9f17f392ca2148e0df83f05f3cbc9970
52ce4e88e775047f2dda9504da03d0ecb2c7d3020c83eee8bf2f13367ae5d9ff
53e47f0803e3983ae0b26db5f39e87c0bfd327981749c02c9e2f955341e34d7b
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
56058c446fe27877827d6a21a153507463b42db351d2508dffbbd2f19eccad74
563ef2ed3f9d0f46ac612d268d96164a269cc6e6689d85afbf5d647c4b026334
56a05564ec0c75eaf13a049fb53e42aa414b3cc06b44cbb3c9434f02c43f3faa
583a8735e8714c413ee3ef9baa78afe76f3df8b9c0f8c787f29e78f8f388eb06
584bcd74aa62107dc290e6de5d5cc3f0bb939205b05110660b78458c45374cc5
5b45e54f6eb098d7cc9c09013051774e3773e0aa8a08dbda32e1508d814d64d7
5b73ab08d45df209c848e3d788be3b125c45c7d34f5de7a9c542c0379df4ac5f
5d19d95434eb4ff0c6bab9d7d8e46f023effe1404bf9beccdafa7260d76dbf80
5efbf37161ccf1f5079844a185c44c279d158b790972ab12a3cce258f3ca0384
5f38fdbb3a0b25f3fbd984e544b8f1cd33252c19757a23dad98582bd498e220d
5f8f2739eab8542e8316b8d27f96040f31ae37bba3f5247dc55a7a32d1eac773
5f9a3651285a059ee2300807104a16372013411a5f73f69ae526615cfb0d18e5
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
60fd8589cc7cfe1b217ddb7859959f534c5ebad3aa8a4b9986feca00deeb63b3
6118aab3972757bc62c6e4c730c32154718c63b74cffc6c66733af493c730139
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
624adcaa282392acb25cc86581dca014e3d38649c94d1c762feb4798c3b35d9d
62651edf87d2816cb10682476cb72ad3065481fe168cb6b18d91d0e2aa0a64dd
62f586be8571b23584eb4a60a45a3157ff7c8388b1b1e3b4e8890e243b3e47de
64eb1841c385edc0225cb4f85b2ea001cc69cccee156dea5d99a28cfacfe9be9
65e46732d0930db4f321ac805a0838672ce0345e7590a32b66c6ef879fd65147
6707bbab4dbba0ac7fce42d70d1a036d37a9e2fbeb320156e9d960e193c1d6c9
683a1a8b9a62ef07363ed753ef08af2037c6f7e951ba5ac3fa2d3b1cbcd8a8cf
688be45e0c758d6d89d8d9b00d376a34005e317ace40e1b89a981081db3c1d36
68cbd98efce174f2bb086fdd54dfbfd750810b267d0f0d6b218ac879ec16066b
6930c1acb61e726bd2f0c6ed17935d5243887297289afc1c2117ef2e054c216c
6a5d134ce0702f55663b83e6d4a9d300e38f9328f96f1651419111712f9f02cb
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bc91c9f5be45ff817c94a258337d80f9294adaaaaf25fc398ade94c1fede77a
6c40bae72381e15e1961ef1088a508e05474b5f2a6c3656873454a310bc5a8a9
6c6bd4f1d599be4d43843b7dbf5ec5e134cd7aec0c900ac1c030ead10bbe4ea1
6cc3cea50ece06b0fdea4c8470095557062eecbf8b9b5579cf326394067bdacb
70902476282da52bc3ab186de644721543e2b40ed921e9f5aba72f40693d73a8
7094d04ea8b0392929875dd172e215885bce14457db59e9c4b391ba6003bc9db
71a904ba726ae38a8aa08425bae824e9850452b5c41a182bdc526a139ba3a9bc
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
7378bb30948ea6502b92a7dcf64fa47052f3e1157f0b5ab48a5c8a047fc03de4
739486c9886037bb0606d58ebe345e35bb53da69643d5eceeb6ce255f68e6e4d
7484e674eae2f0ddb5666849889d09c337e2142c7f16c922057b362b8a6522db
74ab538279bbe1a1ee19a79ff46eb25085f93c601646688ae11366bdd1c31c0d
757f9e52aae63cd3a35f11a9848010dfc99a63840ddd0e13c45cfa2f49b859e5
7593edef4fac359caa7af33a6dd858bb61d55dc94cba56a7b8cd60b4ad91901a
75ccdeee26a8564a51ce241d50bbd89b96f6290c71fad550e3b40862b1333812
778fc1b6d4ae51a0299f25884e1725aa448ce7ef85b62deb6d57a5c475fd976c
78c1c1baf0d964522f8afab09cfc754685c1648826a7f9967fd52b774b4ec5aa
7961acf7bc6288ddce88beea063f39235d2c556af91d6205244b847025e3e088
7a42dac047c13d30244074e7c1caf24f3c12a5af603c8e15b79b1bb84236dcb5
7a601e1f3532dfb3784acb9637e1a4e4063360abe2dc0b7ba82a391a0adf2b7b
7b986be165af27dbe780c4d161221f28e30b58f6bc4749488874186ea2f8f80a
7bb05bc0a6f02c90de52b1a2600ee3524a379b0a1bc01b14079b2c19371c1af1
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c0807123881f2bb1ae740878a47b117ba2c4916493771566d1c541c1af72b14
7d15f3719d41beb79decc738b38bb574064dc1fce387dbfbc1928d7977844d01
7ed26f64b9349be7a581f317b073385996f0bc320ba48384b6dcffc4c2a27f38
80054139c1329d1a4fb14379f44aef7396b7bd351abaa58535c3254d696c3c46
818bebc960e07f89d65ebb8c1771e28dbb03c905bd88104735f316b4a8bf076f
81da4cc843429a9adfc0c56c51cf32de8ee5879e2cb5e832bea0aeed1b07b97a
8300ba70904617a47a80e9098fe00b3f7aefd328519318c420289b0bbdfb5e2c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85ad6e614713d376bdb131c6da1ad4c22bfab9ad9e69cb846e8964cd33d90454
86b970715982c67383219d957ad8f76315420dd79e66c2d8377bc995e3f872e3
877250f6dfd3aa4180b43c1ac5001c788dd9804fd399ee24cfe11f2bd9ea62d7
8964a5347b489a4bb3a8a4040198055dc71df378a7237a2dccec66ba12c2258e
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8c048a7f19663f0abaccc2d7807d2bafa9bed2109da98174d372756f8bcfb0be
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e55b8063e1a865029e59734a1614c36a36a40e08698dc4a9b33c0a9622abc9d
8f489e41c30772428ebfa185d2ceee55884d86d6ed3bc9baa24145207cab1942
8f7e2aec938d93a79372ef71ee7ebf36406aba48ea8777d194b5570faf2927b1
914225799176fb82d48ad192578a1e92a9e5b54157ffebe91b69d6bbdd1c1096
91c073d74de05fc7224a46160878f9afddf9f7e9b92d17493aef7bbd5ec65776
9255f9f186056d9c722c47bb75bf71f79690a0a85fdccf83481c6eca62552623
933a5026b7c285374462eab03154af744cd5e7e1cdde46c25984f5e944f598ca
93d615f48a65ed6c18de3415af8431bd0b7c16b1b45fa06935589019a2257afb
941989003a69c246ce43bf83550a69e285146495de1e288adf0f1227f3d3510e
9474557b14923e78c9b0b7b44bccd0d7018187fb0150095946932a071f155933
94be855965ff490c48ad636198f79f54888f1af352f2f6929f06eea2e42461b2
94f85f14f383789ad93a5497662e9c58dd12af11f920edd3c4c56b00f09f6f4a
968d063c7d7133e208f69a6522c1c526a909dbc80a7419b92f863dcef55b9178
96a09b113a717216a966d68981089e3ce552dae5cdf88683be3f046ae22665c6
978ddf3ddbf0fe3fb2aa857326a2dc7a202193a10b95b1d011328f162ab6e598
99abe493f12834f8189183af5f2fb955cd1974fbacb04b1fc1d522cc408c6bcb
99c2257ab0c877ef811c0dde48d17bfb2cf1f1a5bd5bc6a9e9a7f4a114f4df3c
9bbe8a076fa1089051684bcad9b09038fcae4544c009c390d33f56d364ade046
9e14fd10a9c089db488b0266c4a36a3980b2bf174687344fb6d26fd0af0bfab8
9fbfcca0a93c880396177a22dd132eab33ab43c63693935024dda40db6b93cba
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0ec8793ecc2c9d97dcceac6cce1de315e1a0cf7b6c5180060916c2d047c9a1c
a18687b0d9a995e6ec68d999fe1131209deee56f67dfa43ba1b05cb6281b9e8a
a1aa6fedfd542521d223a26c6d4510af436b14ee00275c2a72a05e4c89bb335b
a1dff843ee0fe6235e2a56c41d778c1cc93b5edee1dfd48dc2e7cec9704e3f4a
a1ef1bae111d81a03790f14bd0726733ac21001f1a3636dcb3db5f6575cb6250
a37b2b0d2c0bb535df01f28a974fef976dd94862c81188134dd5dace2e94b73b
a4780f2e590ec2778aee8186f7f6cba60f73db668396afcbebffd6c24702b039
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5702526838a6eb12aeccef5256084709af4cdbe217bd3f7f405750ef1e64d96
a7694405d22e2ce17d95152b5eca83fc18f2c119984d85438bf7e5d213e90df5
aaed3d3926d949754c711f3a90512f2c02b75141d03548bddb52e2233d384542
abe3aa99e2acf0a113e6de6c4fa0c8c2becb65b2b487cdda05d80696116368ce
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ad36e105d30ef5df085b7236b565bd9249128f8e9d84f15c2bcfe8caba8c1823
ad5fc1a1f2e9f61750da7c5f657b4555458014b20726b06d78d3d2c1e60ee392
ad7ddcbcd3e661c5091dfc398ef11e1e4c3003623b716d66f697134d757cb8c6
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af9dbf02c85319fda5ed6e97828a8328ce87a4a11e2a95d506654bf7dee244f4
afa2d43bc5235e019048bf8eeb242859a5beff1fa165621f8deaa6385b799951
b0ab2f21243b940db6c6b986e1cedb149ffcc296b62b326e9214366585d1040d
b0e4f8cd4b1d94161ffc981f473c126aec81f2e8c7ad2cf4ebf72e2bc4537102
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1aaf4f2a405bdb5f0967a37fd5fba482980bd0b35b7710286acff0a6817e668
b3936c1c4ae0fadf9f39ed209319744448d770f253bb59ac3ff6a3137a50ebed
b3abab8c0524b6f876d36f99aedd1fb14317c2e3758d2bdf093362d458f6f199
b3e7087e228be3a58b28db80acc7ba4d178749326af5386b4b754f1160b6b44a
b4790478ab91a0e87ed9f99695a63759965be84c2a275bae7ba98ec5ddb2ef8a
b4b43b4ab2d0b7798ae8aacacf9821f635146c15dfa8722a52e798142f9fff5c
b77646e33dbe48df43870e5d1b9aa29dae157e3f1bfc07f90e35348cc6b01871
b7e923b744b90a3af2ae85b1ef0b797a7611056cfb4879f90aa8ced6679885e9
b8dd12b4cc0283b0d20c31c231b8ae14fa61c1b64d594cd8f8c0ed1948acb3b5
bb15acf8664551bb35fa66c11f3505770bca9ca021adc8bbb7d963ba2a908ab8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc2dee2d7bba673bee2abc6490f270aedec3e93055882daa0cd0a474388265b9
be2277c99594557635d0993ac606fdc4994494e43408bc1be5c6ac9bfabc5dac
c046091dc561069d9016665a4887400bd4f6cd1a4d890bcc5fc02ec40b8fa82b
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c329b0419532f7f4f820859731983d9e6c56b6b06d6022c50395185231d3d681
c3f150ee9a5d40ccc643b5aae13a580dac5c2741ed2944aded212c78438bee24
c5995519a907da5fad47a645f3c0bc5e88b0208de210e552f0d00168e2950646
c69f6c228856dcd06546b3782129e13d474f5f2b0c8207e8f79885c3d34cf708
c87ccf18fa9e39015629a1ef3e7e28a1ecaa5b43a3e5b2c468f8f66ef7c3213d
c9e7e57b41ad230bfdd7f6f2ac59a84e8325261665d34269136965f554a53c53
cb173186366387bcf49ac06892d80f8575a49fce32f1fe0d35569e6a1518a8cf
cb46793b16474c3edd63f754a9f7b9969e7b23ce1bcb5f01ad0863d1385b4339
cb68c85ec678d8d358314efdc8858f9d33fee686b7f1b2d8e52d265528e92f1a
cbaf07acd0356b90bb8d0ca983d2d2d19f7a3426e5b89c8cdcd9c9d28193fca8
cc3c110bb25be5bd3e5663f64681734135aa6eb85c854b808b12cdf758ae4ca7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf495f35900eede4a1b3c50f090fa5f350c4ba063b418e0b0aaf666ef92b8426
cf933a19179b4733c5ec68640d966cae7d022c97cd4fcd3929f9e1d9556f66d1
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d50498a5133157c8013de7c60872e145e43e1047ee67925973f6c3c73b7a3252
d64838c3671d2f4e0548c83bc49a7ec448aedb3737c202dd8ec8bc708707404e
d67b9ab178f9e1240ce38ef9a9f1fc812749f76988dfade5f82642535eefbff5
d6a68cdc992b6fc7a2a81a52041baf27b77a5280afd672aea7fe8a147218da05
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d85850c885fe92574f866d77f638250a2747c691aa7f537b4922e28b368cd51a
d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8
dab345a77f18737ea548406a22e1c9ce091aeed1267da2b3868c58579536902d
dd65d9dfe9b33154a8cad2984b5af82ed36694f3a7e1b9e5ac14300569de7ed3
ddca01e3dcba24b322b5cc65fc0df212d6ebdda5f479053e5c704bdd72dd3b9d
de88195f1e8845e339482fddb64284d32b559f6bb6a3a3ac6b4159e8b2b7947b
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c56baac767b8d93df8119afcc3ff93bdf501db25b27f27a6bd586069ad1c7f
e4058b846286433d019ff33bb22b2eca434c9d36249df436d5a3c623825674d0
e5455fe11eef6ea9da6fd8b89ec7d0376cf18b8d863a31fd6f4e13225055049a
e7132074537f32430e3cf3c28f5bd37009987838ec9e1de55fa1a992ed4ed9f9
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e87ea3f39a0aa9666ab229df5ab7dee7b8672c53b705c8e6791716cc00ab2b54
eae88bc2b7f33928fc9516f697725352f3586224093ada09bfbe01282205c8a7
ebf4f635a17d10d6eb46ba680b70142419aa3220f228001a036d311a22ee9d2a
ec55e6d1b9700b4ecaf0d34658a54a9960a468bebe0e7d2ef622124ec9ec6d9e
eda56fdfa95038cc8da36137585d26bbdcdbfb5a5096d7393683889efb4d5384
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef636bc2de313ca1e48c80144caebd6c341f38f16165323586d9f4f84000e56d
f13c139d48dadf2a0c42bc0d21525dcc27989bb3a4181b1d4d972e54c8a20b63
f161e73721cccda56a706dae6426e48b11dfb742f60a9246d97e9786c535f16f
f1ef4c1955d0829a87514d7ca024407ca0640a980ce0609c02cffa9c7c064d3f
f341962426b90ce776ae4e165e6872476c976924aaee9ed73d3bfb8f316b6130
f42bbeaf126cf497823f753f4e01e75d657906d24be3b5240c896206f347d730
f5ee1f486d72b4c1b2ba4a16320729616508e9d67b4440aa5fc3a78fd18cd0e0
f63b683b181032b37e4b8a3fe5d001edc0b40a8df47c66b7966e2e7242f0226d
f78011b02b12a324e8be95e18ec1bd321e7ac458af447e458212b709f827ab53
f81dcd52bcb43ab9d7131914859c8e412f42cab53a5411812a6526a52d6f6a25
f8fbf7e16e3604db25ab37c4a496865033167bb550e3b2e92f1070424f48723a
f9514e6a79cc322c76d9e9690db3258d12c189493210efc272e064ec4d7b41c1
fb228657c70408ac8b2da62b4cf1025931dd7a3fc028b1a219422c7e628310d8
fe477e3dc74c39f58277bb9cbcf3480b0e3a0fb5933e9fe365a5de81115baa9e