click1.email.journalstar.com Open in urlscan Pro
74.214.203.11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view
Effective URL:
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Submission: On January 15 via api (January 15th 2021, 3:13:13 am UTC) from SG

Summary HTTP 38 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 6 countries across 10 domains to perform 38 HTTP transactions. The main IP is 74.214.203.11, located in United States and belongs to AMAZON-AES, US. The main domain is click1.email.journalstar.com.

This is the only time click1.email.journalstar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	74.214.203.11 74.214.203.11	14618 (AMAZON-AES) (AMAZON-AES)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE)
1	96.46.128.252 96.46.128.252	14618 (AMAZON-AES) (AMAZON-AES)
16	104.18.130.43 104.18.130.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5 5	2.16.186.51 2.16.186.51	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 4	34.224.147.78 34.224.147.78	14618 (AMAZON-AES) (AMAZON-AES)
2	65.9.58.122 65.9.58.122	16509 (AMAZON-02) (AMAZON-02)
9 9	2.16.186.72 2.16.186.72	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8 10	54.237.172.114 54.237.172.114	14618 (AMAZON-AES) (AMAZON-AES)
6	104.111.249.62 104.111.249.62	16625 (AKAMAI-AS) (AKAMAI-AS)
1	199.232.137.44 199.232.137.44	54113 (FASTLY) (FASTLY)
2 3	54.88.18.91 54.88.18.91	14618 (AMAZON-AES) (AMAZON-AES)
1 1	185.29.135.233 185.29.135.233	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	2600:1f18:444... 2600:1f18:444a:4680:7493:838e:3006:4686	14618 (AMAZON-AES) (AMAZON-AES)
38	12

2 74.214.203.11 (United States)

ASN14618 (AMAZON-AES, US)

click1.email.journalstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.46.128.252 (United States)

ASN14618 (AMAZON-AES, US)
PTR: www.efeedbacktrk.com

85419c.efeedbacktrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 104.18.130.43 (United States)

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.16.186.51 (Ascension Island) 5 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-51.deploy.static.akamaitechnologies.com

li.journalstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.224.147.78 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-147-78.compute-1.amazonaws.com

p.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.58.122 (Seattle, United States)

ASN16509 (AMAZON-02, US)

html-img.revcontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.16.186.72 (Ascension Island) 9 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-72.deploy.static.akamaitechnologies.com

li.journalstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.237.172.114 (Ashburn, United States) 8 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-237-172-114.compute-1.amazonaws.com

p.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.249.62 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-249-62.deploy.static.akamaitechnologies.com

c.licasd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.137.44 (United States)

ASN54113 (FASTLY, US)

mb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.88.18.91 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-18-91.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.233 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:444a:4680:7493:838e:3006:4686 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	liadm.com 14 redirects p.liadm.com i.liadm.com i6.liadm.com	8 KB
16	townnews.com bloximages.chicago2.vip.townnews.com	223 KB
16	journalstar.com 14 redirects click1.email.journalstar.com li.journalstar.com	71 KB
6	licasd.com c.licasd.com	52 KB
4	facebook.net connect.facebook.net	117 KB
2	revcontent.com html-img.revcontent.com	58 KB
1	mathtag.com 1 redirects sync.mathtag.com	629 B
1	taboola.com mb.taboola.com	67 KB
1	efeedbacktrk.com 85419c.efeedbacktrk.com	466 B
1	google-analytics.com www.google-analytics.com	194 B
38	10

	Domain	Requested by
16	bloximages.chicago2.vip.townnews.com	click1.email.journalstar.com
14	p.liadm.com	11 redirects click1.email.journalstar.com
14	li.journalstar.com	14 redirects
6	c.licasd.com	click1.email.journalstar.com
4	connect.facebook.net	click1.email.journalstar.com connect.facebook.net
3	i.liadm.com	2 redirects click1.email.journalstar.com
2	i6.liadm.com	1 redirects click1.email.journalstar.com
2	html-img.revcontent.com	click1.email.journalstar.com
2	click1.email.journalstar.com
1	sync.mathtag.com	1 redirects
1	mb.taboola.com	click1.email.journalstar.com
1	85419c.efeedbacktrk.com	click1.email.journalstar.com
1	www.google-analytics.com	click1.email.journalstar.com
38	13

This site contains no links.

Subject Issuer	Validity	Valid
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.efeedbacktrk.com Sectigo RSA Organization Validation Secure Server CA	`2019-04-24` - `2021-04-23`	2 years	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust RSA CA 2018	`2020-02-25` - `2021-04-25`	a year	crt.sh
revcontent.com Amazon	`2021-01-12` - `2022-02-10`	a year	crt.sh
li.lisecurelink.com Let's Encrypt Authority X3	`2020-11-06` - `2021-02-04`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.liadm.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
p.liadm.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-19` - `2022-05-30`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Frame ID: 96688D97DA5F76EE0B161021391F2A47
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyz... Page URL
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0 Page URL

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /^Apache-Coyote(?:\/([\d.]+))?/i

Apache Tomcat (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^Apache-Coyote(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Page Statistics

38
Requests

95 %
HTTPS

20 %
IPv6

10
Domains

13
Subdomains

12
IPs

6
Countries

579 kB
Transfer

833 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view Page URL
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 3

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 10

http://li.journalstar.com/imp?s=205453&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=205453&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://html-img.revcontent.com/?id=142342&key=746a60e7-67c4-349d-9aaf-74e69e9236bd&affiliate_id=5183&size=970x250

Request Chain 11

http://li.journalstar.com/imp?s=425311&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=425311&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

Request Chain 12

http://li.journalstar.com/imp?s=556381&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=556381&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

Request Chain 21

http://li.journalstar.com/imp?s=205450&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=205450&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=jw6Bk_pJQQ5_qyvh69PKdiSmGkkuxtI6f_L6bQ&recipient.user.id=&instance.id=0b2a9f50-93cb-3f78-bddb-0b18f74c2176&widget.placement=205450&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=15636&recipient.user.agent=&recipient.ipv4=194.99.105.99&widget.alternative=

Request Chain 22

http://li.journalstar.com/imp?s=425312&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=425312&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

Request Chain 23

http://li.journalstar.com/imp?s=556382&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=556382&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

Request Chain 24

http://li.journalstar.com/imp?s=205456&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=205456&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://html-img.revcontent.com/?id=142340&key=d84ec9c9-aec7-34c4-a67c-3039bd890e24&affiliate_id=5183&size=300x250

Request Chain 25

http://li.journalstar.com/imp?s=205459&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=205459&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

Request Chain 26

http://li.journalstar.com/imp?s=628484&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=628484&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

Request Chain 27

http://li.journalstar.com/imp?s=124563600&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=124563600&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://i.liadm.com/s/section/124563600?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb HTTP 303
https://i.liadm.com/s/section/124563600?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=5ff883e182b54d1fbecdd20ee6d48e26 HTTP 303
https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5183%2F0%2Ff6ad5fcbf81247edbac3daed09e0e9a4%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&5ff883e1-82b5-4d1f-becd-d20ee6d48e26&previous_uuid=f6ad5fcbf81247edbac3daed09e0e9a4 HTTP 302
https://i.liadm.com/s/e/5183/0/f6ad5fcbf81247edbac3daed09e0e9a4?mpid=7156&muid=c5d16001-0837-4000-b61b-6e9c416a6ee9

Request Chain 28

http://li.journalstar.com/imp?s=124563601&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=124563601&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://i6.liadm.com/s/section/124563601?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb HTTP 303
https://i6.liadm.com/s/section/124563601?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=578a8f87989c453e9ead4ede4c05975e

Request Chain 29

http://li.journalstar.com/imp?s=124563602&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=124563602&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com

Request Chain 30

http://li.journalstar.com/imp?s=124563603&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=124563603&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com

Request Chain 31

http://li.journalstar.com/imp?s=124563604&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=124563604&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set ViewMessage.do Show response
click1.email.journalstar.com/ 3 KB
3 KB 124ms
124ms Document
text/html 74.214.203.11
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view
Protocol: HTTP/1.1
Server: 74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 9e31560163d1cc811ef15daa009f4f66ed4e4ebbdfd5af6e7e27216c3034e9be

Request headers

Host: click1.email.journalstar.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: Apache-Coyote/1.1
Connection: Keep-Alive
Keep-Alive: timeout=60
Set-Cookie: JSESSIONID=D4E0C6CD91A518056BBE680EA941DDF0; Path=/; HttpOnly
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Date: Fri, 15 Jan 2021 03:12:52 GMT

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

6ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dca483c82bca339d5953f246f5d6895848f6ecac973341c49a6e23c79be5538b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Zm6lQkOmdHckW4UzRpbKpA==
cross-origin-resource-policy: cross-origin
expires: Fri, 15 Jan 2021 03:21:38 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1781
x-fb-rlafr: 0
x-fb-debug: ThhsvokAPLsLFLhmUdEwf+p4UbLtPfmRShz2OFfU3DrXXF9oh/VpWgbBshxtpTiMmylN99AUJOOXOZ/K030asA==
x-fb-trip-id: 686109401
x-fb-content-md5: 299b707b9ec1f8d17d2bb058cbc6e135
date: Fri, 15 Jan 2021 03:12:53 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "8b5df1571c07ffb7c696455cd30190ff"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason: HSTS

GET
H2 200 all.js
connect.facebook.net/en_US/ 188 KB
57 KB 20ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=858c73555784a0779caae44b6f80f347&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://click1.email.journalstar.com
Referer: http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: o8bAaBEgsPPJ/6o0W9I+Kw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 57677
x-fb-rlafr: 0
x-fb-debug: lSpNCVi0guyVXkvd8+2t8r/Hgn06i70BtHhToYPRQtGKi9ekLBI7VSnOJDbD384RxsV7kuB09WCXdmNQfr4eMQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 9d564f8d3445332bf767a55a77518a86
x-frame-options: DENY
date: Fri, 15 Jan 2021 03:12:53 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "00691abd8e1aee56d99e0a2867e439c2"
timing-allow-origin: *
expires: Sat, 15 Jan 2022 02:06:37 GMT

POST
H/1.1 200
OK Primary Request Cookie set ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0 Show response
click1.email.journalstar.com/ 56 KB
56 KB 504ms
503ms Document
text/html 74.214.203.11
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Server: 74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 721e519c54f09a1423dec3bd3b095d7f1aca8d1b4bfaafe8306f431ace1b7c6d

Request headers

Host: click1.email.journalstar.com
Connection: keep-alive
Content-Length: 269
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Origin: http://click1.email.journalstar.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: JSESSIONID=D4E0C6CD91A518056BBE680EA941DDF0
Upgrade-Insecure-Requests: 1
Origin: http://click1.email.journalstar.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://click1.email.journalstar.com/ViewMessage.do?m=gtglgmktt&r=rlngnnkjll&s=iybpgvddndtcymgbhvvcnfcqfpcncgzkyzd&q=1610638157&a=view

Response headers

Server: Apache-Coyote/1.1
Connection: Keep-Alive
Keep-Alive: timeout=60
Set-Cookie: JSESSIONID=69B5989CB75F865A5AE7AD8B04E1BE26; Path=/; HttpOnly
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Date: Fri, 15 Jan 2021 03:12:53 GMT

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

6ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dca483c82bca339d5953f246f5d6895848f6ecac973341c49a6e23c79be5538b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Zm6lQkOmdHckW4UzRpbKpA==
cross-origin-resource-policy: cross-origin
expires: Fri, 15 Jan 2021 03:21:38 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1781
x-fb-rlafr: 0
x-fb-debug: ThhsvokAPLsLFLhmUdEwf+p4UbLtPfmRShz2OFfU3DrXXF9oh/VpWgbBshxtpTiMmylN99AUJOOXOZ/K030asA==
x-fb-trip-id: 686109401
x-fb-content-md5: 299b707b9ec1f8d17d2bb058cbc6e135
date: Fri, 15 Jan 2021 03:12:54 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "8b5df1571c07ffb7c696455cd30190ff"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason: HSTS

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 188 KB
56 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=858c73555784a0779caae44b6f80f347&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

57d8f2da851d6a5f3b8e00c7e8ca40ddbf874d6fd5e887214ccea8fe12ab91b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://click1.email.journalstar.com
Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: o8bAaBEgsPPJ/6o0W9I+Kw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 57677
x-fb-rlafr: 0
x-fb-debug: lSpNCVi0guyVXkvd8+2t8r/Hgn06i70BtHhToYPRQtGKi9ekLBI7VSnOJDbD384RxsV7kuB09WCXdmNQfr4eMQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 9d564f8d3445332bf767a55a77518a86
x-frame-options: DENY
date: Fri, 15 Jan 2021 03:12:54 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "00691abd8e1aee56d99e0a2867e439c2"
timing-allow-origin: *
expires: Sat, 15 Jan 2022 02:06:37 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 8ms
6ms Image
image/gif 2a00:1450:4001:815::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&tid=UA-54716522-12&t=event&ec=email&ea=open&cid=5334099&el=whatcounts&cs=journalstar.com&cm=email&cn=%2Fnewsletter-templates%2Fbreaking%2F%3Fforce_medium%3DPostUp

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Jan 2021 12:55:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 51439
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK gcyswgttltjdmcrwdkyggdmlhmdphsmlmwnqcntytlltygm_fbrjhhbqyywdndqnhrdjg.gif
85419c.efeedbacktrk.com/ 68 B
466 B 520ms
126ms Image
image/png 96.46.128.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://85419c.efeedbacktrk.com/gcyswgttltjdmcrwdkyggdmlhmdphsmlmwnqcntytlltygm_fbrjhhbqyywdndqnhrdjg.gif
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 96.46.128.252 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: www.efeedbacktrk.com
Software: sp /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Jan 2021 03:12:53 GMT
Server: sp
Content-Type: image/png;charset=utf-8
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Connection: Keep-Alive
imagetoolbar: no
Keep-Alive: timeout=60
Content-Length: 68
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 62f44678-da42-11e9-a75c-7ba230687b72.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image/ 18 KB
18 KB 59ms
58ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image/62f44678-da42-11e9-a75c-7ba230687b72.png

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c8a097e32c05dbd1256b8a06eb3aa03dc20c5f2d1c5dca2f00b6ed5c148fad1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 96566
last-modified: Wed, 18 Sep 2019 18:30:28 GMT
strict-transport-security: max-age=604800
content-length: 18161
cf-request-id: 07a5a12bb900000c15088e6000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5d8277c4-46f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af2cb9f0c15-AMS
expires: Sat, 20 Nov 2021 11:30:20 GMT

GET
H2 200 26b22406-29af-11eb-84c5-d315e5f8172c.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image/ 4 KB
4 KB 296ms
295ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image/26b22406-29af-11eb-84c5-d315e5f8172c.png

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95d6eec022b51242be5b6da4ff276d1ba32e7297aabecf43b1ff850aaf41818a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
vary: Accept-Encoding
cf-cache-status: HIT
last-modified: Wed, 18 Nov 2020 15:03:01 GMT
content-length: 3827
cf-request-id: 07a5a12bbb00000c1504bbb000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5fb537a5-ef3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af2cba60c15-AMS
expires: Sat, 20 Nov 2021 09:05:53 GMT

GET
H2 200 600061a895d68.preview.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/8/3f/83f14eaf-5cff-52e4-b9cc-9a434a770c66/ 47 KB
47 KB 295ms
294ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/8/3f/83f14eaf-5cff-52e4-b9cc-9a434a770c66/600061a895d68.preview.jpg?crop=1728%2C1080%2C95%2C0&resize=728%2C455&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4932d430fc2fdde2df88095f87b7dece3bd3a6a87ef2b051de02ecc65ff5edc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
last-modified: Thu, 14 Jan 2021 15:22:16 GMT
strict-transport-security: max-age=604800
content-length: 48050
cf-request-id: 07a5a12bbb00000c15fca20000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "51b92126fc50b150168782e287600ac4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 14 Jan 2022 15:30:01 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af2cba70c15-AMS
cf-bgj: h2pri

GET
H2

200

/
html-img.revcontent.com/
Redirect Chain

http://li.journalstar.com/imp?s=205453&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=205453&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://html-img.revcontent.com/?id=142342&key=746a60e7-67c4-349d-9aaf-74e69e9236bd&affiliate_id=5183&size=970x250

36 KB
37 KB

567ms
445ms

Image
image/jpeg

65.9.58.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://html-img.revcontent.com/?id=142342&key=746a60e7-67c4-349d-9aaf-74e69e9236bd&affiliate_id=5183&size=970x250

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.58.122 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache/2.4.25 (Debian) /

Resource Hash

623cc04225623c9576350c0c262ddc33f90825890c21a3df3ee9b71fd1817904

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:55 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
server-timing: fastly;dur=47;cpu=0;start=2020-12-03T22:24:26.770Z;desc=miss,rtt;dur=0,cloudinary;dur=75;start=2020-11-19T20:25:32.576Z
content-length: 36850
last-modified: Wed, 09 Sep 2020 17:33:59 GMT
server: Apache/2.4.25 (Debian)
etag: "9946dba7bfd36340e27cbd0e7c5e50fc"
strict-transport-security: max-age=604800
x-hw: 1610680375.cds172.dc2.hn,1610680375.cds030.dc2.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: k_rp7zOIPj5tclRh9Dej9Bs67MUpYAUby8ncPSGcN90-7REE27UOig==
expires: Sun, 14 Feb 2021 03:12:55 GMT

Redirect headers

Location: https://html-img.revcontent.com/?id=142342&key=746a60e7-67c4-349d-9aaf-74e69e9236bd&affiliate_id=5183&size=970x250
Date: Fri, 15 Jan 2021 03:12:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=425311&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=425311&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

1 KB
2 KB

148ms
49ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:54 GMT
Last-Modified: Tue, 06 Aug 2019 20:24:36 GMT
Server: AmazonS3
x-amz-request-id: 33868793B1CCB4E4
ETag: "6956da20f9d008ec379926ee358e5594"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1255
x-amz-id-2: jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date: Fri, 15 Jan 2021 03:12:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=556381&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=556381&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

15 KB
16 KB

148ms
52ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:54 GMT
Last-Modified: Wed, 17 Feb 2016 22:44:07 GMT
Server: AmazonS3
x-amz-request-id: D26CB739C42B32BC
ETag: "c56fae17aa690ac40e2a23fbf5796b60"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15721
x-amz-id-2: NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date: Fri, 15 Jan 2021 03:12:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 5fff67c2e2152.preview.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/c/3f/c3f249ae-8b94-52e9-b497-b51d04dc86d0/ 9 KB
9 KB 291ms
289ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/c/3f/c3f249ae-8b94-52e9-b497-b51d04dc86d0/5fff67c2e2152.preview.jpg?crop=1175%2C1175%2C294%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

807ed197ccc15e8eeae882a70ab9e9bd6cd9084f79855bdc80bc8fdc76045a3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
last-modified: Wed, 13 Jan 2021 21:36:03 GMT
strict-transport-security: max-age=604800
content-length: 9558
cf-request-id: 07a5a12bc200000c150e04f000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "c58e2ecc1bddc34c23c2db36937e147f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 14 Jan 2022 15:30:01 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af2dbb10c15-AMS
cf-bgj: h2pri

GET
H2 200 5fd26b0a4bb80.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/0/be/0be7c116-8d36-5a72-9892-4b15e635c5f8/ 8 KB
8 KB 54ms
53ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/0/be/0be7c116-8d36-5a72-9892-4b15e635c5f8/5fd26b0a4bb80.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ab613ac850edc76324202ae1449197b8c9d0118b0a3ae2398803d115d9af46d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 96566
last-modified: Thu, 10 Dec 2020 18:38:02 GMT
cf-bgj: h2pri
cf-request-id: 07a5a12bc200000c1515b64000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "938ae4c872981ae7a8f09a3bafed6878"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 611c6af2dbb20c15-AMS
expires: Thu, 13 Jan 2022 19:15:29 GMT

GET
H2 200 5fff346f528b7.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/e/66/e66b98de-2108-5bdc-bf72-91794f435fc8/ 6 KB
6 KB 55ms
54ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/e/66/e66b98de-2108-5bdc-bf72-91794f435fc8/5fff346f528b7.image.jpg?crop=404%2C404%2C90%2C146&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9d0b994e2ee44958022ff48ebe806ff718925de944fa7e3bf7a7dd7108509e6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 46746
last-modified: Wed, 13 Jan 2021 17:57:03 GMT
strict-transport-security: max-age=604800
content-length: 5843
cf-request-id: 07a5a12bc400000c15cdbe5000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "3cbe87490b5b2419aea7bb9f0709716d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 14 Jan 2022 12:34:48 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af2dbb70c15-AMS
cf-bgj: h2pri

GET
H2 200 5ff63a04290d1.image.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/2/c9/2c905ed6-cec0-509c-983a-28d4cf87e6a9/ 77 KB
77 KB 126ms
125ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/2/c9/2c905ed6-cec0-509c-983a-28d4cf87e6a9/5ff63a04290d1.image.png

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

370407adf1563ac7358e4c42df83619bc9160309b045587d95e6ae20db9f4b5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 155879
last-modified: Wed, 06 Jan 2021 22:30:28 GMT
strict-transport-security: max-age=604800
content-length: 78509
cf-request-id: 07a5a12bf700000c15cdbe7000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5ff63a04-132ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af32c100c15-AMS
expires: Thu, 06 Jan 2022 23:19:32 GMT

GET
H2 200 5fff6c37e9014.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/5/3e/53eab38d-42ff-5804-afd7-e6fb58bba8a9/ 9 KB
9 KB 232ms
231ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/5/3e/53eab38d-42ff-5804-afd7-e6fb58bba8a9/5fff6c37e9014.image.jpg?crop=1176%2C1176%2C293%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4bd10347064abf655738b972dd77d07311312ecbade09708647641510288bd5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 46746
last-modified: Wed, 13 Jan 2021 21:55:04 GMT
strict-transport-security: max-age=604800
content-length: 9190
cf-request-id: 07a5a12bfa00000c15b5b97000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "7ebe80483b617aeafce48ec27d536137"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Fri, 14 Jan 2022 11:41:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af32c190c15-AMS
cf-bgj: h2pri

GET
H2 200 5efb747f592bd.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/f/54/f54de310-0d37-5050-8d31-35851fd9717b/ 7 KB
7 KB 200ms
200ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/f/54/f54de310-0d37-5050-8d31-35851fd9717b/5efb747f592bd.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39664ba8def65361565016aadb9f256a80458a99b62d1aa11ac3204b0c40e449

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 46746
last-modified: Tue, 30 Jun 2020 17:21:03 GMT
cf-bgj: h2pri
cf-request-id: 07a5a12c1b00000c15f2397000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "91ddfcae599d4d96915f3ce5c4118928"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 611c6af35c470c15-AMS
expires: Sat, 08 Jan 2022 16:04:18 GMT

GET
H2 200 5f25bdd0059df.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/5/45/5456f31d-dc0d-5289-a122-c40aa54ab3db/ 6 KB
7 KB 97ms
96ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/5/45/5456f31d-dc0d-5289-a122-c40aa54ab3db/5f25bdd0059df.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a22309d8e3e8ea9cae433efcbbf380c1629b36a6e8bbabf4d082930d6181c101

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 96566
last-modified: Sat, 01 Aug 2020 19:09:04 GMT
cf-bgj: h2pri
cf-request-id: 07a5a12c8300000c15c4917000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "e9ac0495792b313aff7c3aeb1810895a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 611c6af40cea0c15-AMS
expires: Thu, 11 Nov 2021 22:04:49 GMT

GET
H2 200 serif-ds.woff2
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/ 26 KB
26 KB 159ms
60ms Font
application/font-woff2 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/serif-ds.woff2?_dc=1608764706

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: http://click1.email.journalstar.com
Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 97
last-modified: Wed, 23 Dec 2020 23:05:06 GMT
strict-transport-security: max-age=604800
content-length: 26164
cf-request-id: 07a5a12c2d00000c2d0100f000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5fe3cd22-6634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af378e20c2d-AMS
expires: Sun, 02 Jan 2022 13:56:02 GMT

GET
H2

200

recommendations.get
mb.taboola.com/server/1.1/jpg/liveintent-ron-row/
Redirect Chain

http://li.journalstar.com/imp?s=205450&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=205450&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=jw6Bk_pJQQ5_qyvh69PKdiSmGkkuxtI6f_L6bQ&recipient.use...

67 KB
67 KB

279ms
278ms

Image
image/jpeg

199.232.137.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=jw6Bk_pJQQ5_qyvh69PKdiSmGkkuxtI6f_L6bQ&recipient.user.id=&instance.id=0b2a9f50-93cb-3f78-bddb-0b18f74c2176&widget.placement=205450&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=15636&recipient.user.agent=&recipient.ipv4=194.99.105.99&widget.alternative=
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 199.232.137.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5649a8607c962e040dc426c18c953fb0d84206d2f794950b3a77b5c58ed79885

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:55 GMT
via: 1.1 varnish
server: nginx
x-timer: S1610680375.848042,VS0,VE237
x-served-by: cache-hhn11529-HHN
x-cache: MISS
content-type: image/jpeg
accept-ranges: bytes
content-length: 68710
x-application-context: application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits: 0

Redirect headers

Location: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=jw6Bk_pJQQ5_qyvh69PKdiSmGkkuxtI6f_L6bQ&recipient.user.id=&instance.id=0b2a9f50-93cb-3f78-bddb-0b18f74c2176&widget.placement=205450&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=15636&recipient.user.agent=&recipient.ipv4=194.99.105.99&widget.alternative=
Date: Fri, 15 Jan 2021 03:12:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=425312&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=425312&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

1 KB
2 KB

50ms
49ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:54 GMT
Last-Modified: Tue, 06 Aug 2019 20:24:36 GMT
Server: AmazonS3
x-amz-request-id: 33868793B1CCB4E4
ETag: "6956da20f9d008ec379926ee358e5594"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1255
x-amz-id-2: jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date: Fri, 15 Jan 2021 03:12:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=556382&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=556382&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

15 KB
16 KB

53ms
52ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:54 GMT
Last-Modified: Wed, 17 Feb 2016 22:44:07 GMT
Server: AmazonS3
x-amz-request-id: D26CB739C42B32BC
ETag: "c56fae17aa690ac40e2a23fbf5796b60"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15721
x-amz-id-2: NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date: Fri, 15 Jan 2021 03:12:54 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

/
html-img.revcontent.com/
Redirect Chain

http://li.journalstar.com/imp?s=205456&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=205456&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://html-img.revcontent.com/?id=142340&key=d84ec9c9-aec7-34c4-a67c-3039bd890e24&affiliate_id=5183&size=300x250

21 KB
21 KB

475ms
474ms

Image
image/jpeg

65.9.58.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://html-img.revcontent.com/?id=142340&key=d84ec9c9-aec7-34c4-a67c-3039bd890e24&affiliate_id=5183&size=300x250

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.58.122 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache/2.4.25 (Debian) /

Resource Hash

caa56275c2756231bc51b3462a0307ab290227574a5a20fe1647eacf489e8eee

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:55 GMT
via: 1.1 fdd677a35b242f0199586a71e2f6859f.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
server-timing: fastly;dur=65;cpu=0;start=2020-09-29T21:25:59.276Z;desc=miss,rtt;dur=0,cloudinary;dur=62;start=2020-09-29T21:25:59.279Z
content-length: 21078
last-modified: Wed, 09 Sep 2020 16:36:34 GMT
server: Apache/2.4.25 (Debian)
etag: "d20b6cbfc707eba363bf630c67d33f9d"
strict-transport-security: max-age=604800
x-hw: 1610680375.cds063.dc2.hn,1610680375.cds033.dc2.c
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, no-transform, immutable, max-age=604800
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: S8zGPE6tM3zK_QzjnW1dEtduseT2_DrQzhDqwO5imXYVMWW0DEeasQ==
expires: Sun, 14 Feb 2021 03:12:55 GMT

Redirect headers

Location: https://html-img.revcontent.com/?id=142340&key=d84ec9c9-aec7-34c4-a67c-3039bd890e24&affiliate_id=5183&size=300x250
Date: Fri, 15 Jan 2021 03:12:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=205459&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=205459&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

1 KB
2 KB

45ms
45ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:55 GMT
Last-Modified: Tue, 06 Aug 2019 20:24:36 GMT
Server: AmazonS3
x-amz-request-id: 33868793B1CCB4E4
ETag: "6956da20f9d008ec379926ee358e5594"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1255
x-amz-id-2: jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date: Fri, 15 Jan 2021 03:12:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=628484&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=628484&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

15 KB
16 KB

58ms
58ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:55 GMT
Last-Modified: Wed, 17 Feb 2016 22:44:07 GMT
Server: AmazonS3
x-amz-request-id: D26CB739C42B32BC
ETag: "c56fae17aa690ac40e2a23fbf5796b60"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15721
x-amz-id-2: NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date: Fri, 15 Jan 2021 03:12:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

f6ad5fcbf81247edbac3daed09e0e9a4
i.liadm.com/s/e/5183/0/
Redirect Chain

http://li.journalstar.com/imp?s=124563600&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=124563600&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
https://i.liadm.com/s/section/124563600?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=s...
https://i.liadm.com/s/section/124563600?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8...
https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5183%2F0%2Ff6ad5fcbf81247edbac3daed09e0e9a4%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&5ff883e1-82b5-4d1f-becd-d20ee...
https://i.liadm.com/s/e/5183/0/f6ad5fcbf81247edbac3daed09e0e9a4?mpid=7156&muid=c5d16001-0837-4000-b61b-6e9c416a6ee9

43 B
257 B

156ms
155ms

Image
image/gif

54.88.18.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/5183/0/f6ad5fcbf81247edbac3daed09e0e9a4?mpid=7156&muid=c5d16001-0837-4000-b61b-6e9c416a6ee9

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.88.18.91 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-88-18-91.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:56 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Date: Fri, 15 Jan 2021 03:13:02 GMT
Server: MT3 3499 e337273 master cdg-pixel-x14
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://i.liadm.com/s/e/5183/0/f6ad5fcbf81247edbac3daed09e0e9a4?mpid=7156&muid=c5d16001-0837-4000-b61b-6e9c416a6ee9
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 15 Jan 2021 03:13:01 GMT

GET
H/1.1

200
OK

124563601
i6.liadm.com/s/section/
Redirect Chain

http://li.journalstar.com/imp?s=124563601&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=124563601&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
https://i6.liadm.com/s/section/124563601?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=...
https://i6.liadm.com/s/section/124563601?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e...

43 B
419 B

97ms
96ms

Image
image/gif

2600:1f18:444a:4680:7493:838e:3006:4686
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/section/124563601?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=578a8f87989c453e9ead4ede4c05975e

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:444a:4680:7493:838e:3006:4686 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:55 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: /s/section/124563601?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=578a8f87989c453e9ead4ede4c05975e
Date: Fri, 15 Jan 2021 03:12:55 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

imp
p.liadm.com/
Redirect Chain

http://li.journalstar.com/imp?s=124563602&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=124563602&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...

43 B
315 B

126ms
125ms

Image
image/gif

54.237.172.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.liadm.com/imp?_li_uuid=&s=124563602&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.237.172.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-237-172-114.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma: no-cache
Date: Fri, 15 Jan 2021 03:12:55 GMT
Server: AkamaiGHost
Location: https://p.liadm.com/imp?_li_uuid=&s=124563602&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Fri, 15 Jan 2021 03:12:55 GMT

GET
H/1.1

200
OK

imp
p.liadm.com/
Redirect Chain

http://li.journalstar.com/imp?s=124563603&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=124563603&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...

43 B
315 B

127ms
126ms

Image
image/gif

34.224.147.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.liadm.com/imp?_li_uuid=&s=124563603&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.224.147.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-224-147-78.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma: no-cache
Date: Fri, 15 Jan 2021 03:12:55 GMT
Server: AkamaiGHost
Location: https://p.liadm.com/imp?_li_uuid=&s=124563603&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Fri, 15 Jan 2021 03:12:55 GMT

GET
H/1.1

200
OK

imp
p.liadm.com/
Redirect Chain

http://li.journalstar.com/imp?s=124563604&li=&e=DBSI-IBOLoanAgency@dbs.com&p=739466
https://p.liadm.com/imp?_li_uuid=&s=124563604&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...

43 B
315 B

131ms
130ms

Image
image/gif

54.237.172.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.liadm.com/imp?_li_uuid=&s=124563604&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 54.237.172.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-237-172-114.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 03:12:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma: no-cache
Date: Fri, 15 Jan 2021 03:12:55 GMT
Server: AkamaiGHost
Location: https://p.liadm.com/imp?_li_uuid=&s=124563604&li=&p=739466&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Fri, 15 Jan 2021 03:12:55 GMT

GET
H2 200 facebook.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 413 B
523 B 97ms
96ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/facebook.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75e46604bc973b209defcde74ec7a6bd80da48c49490eb392289e7083cde5436

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 93503
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 413
cf-request-id: 07a5a12c8400000c15f239b000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-19d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af40ceb0c15-AMS
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 twitter.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 920 B
1 KB 98ms
97ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/twitter.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f50d5b45cb56df68824851416593c663753e7d800f7261bf14b9c602d219bd42

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 93527
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 920
cf-request-id: 07a5a12c8400000c15088ef000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-398"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af40cec0c15-AMS
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 instagram.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 1 KB
1 KB 97ms
96ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/instagram.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6b6ed729e29dad2a30e237aaecea16c23995310a67e369004944512eaa0b4d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 93503
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 1311
cf-request-id: 07a5a12c8400000c15d43d7000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-51f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af40ced0c15-AMS
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 youtube.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 817 B
921 B 98ms
97ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/youtube.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06270bf1ca6b89cd31765870aaa57be10e6ac151205fe87351cc8d90d9cf22dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 93503
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 817
cf-request-id: 07a5a12c8400000c15e38e2000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-331"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af40cee0c15-AMS
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 phone.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 493 B
620 B 97ms
96ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/phone.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2069f171e099f0e2ee2c73bff45cfda2ad0f5eecd9f1a5893e51edaf2ffd56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=D4E0C6CD91A518056BBE680EA941DDF0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 15 Jan 2021 03:12:54 GMT
cf-cache-status: HIT
age: 93503
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 493
cf-request-id: 07a5a12c8400000c15db91b000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5fe2f967-1ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611c6af40cef0c15-AMS
expires: Thu, 23 Dec 2021 10:06:14 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			click1.email.journalstar.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 69B5989CB75F865A5AE7AD8B04E1BE26

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

85419c.efeedbacktrk.com
bloximages.chicago2.vip.townnews.com
c.licasd.com
click1.email.journalstar.com
connect.facebook.net
html-img.revcontent.com
i.liadm.com
i6.liadm.com
li.journalstar.com
mb.taboola.com
p.liadm.com
sync.mathtag.com
www.google-analytics.com
104.111.249.62
104.18.130.43
185.29.135.233
199.232.137.44
2.16.186.51
2.16.186.72
2600:1f18:444a:4680:7493:838e:3006:4686
2a00:1450:4001:815::200e
2a03:2880:f01c:8012:face:b00c:0:3
34.224.147.78
54.237.172.114
54.88.18.91
65.9.58.122
74.214.203.11
96.46.128.252
06270bf1ca6b89cd31765870aaa57be10e6ac151205fe87351cc8d90d9cf22dc
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ab613ac850edc76324202ae1449197b8c9d0118b0a3ae2398803d115d9af46d
370407adf1563ac7358e4c42df83619bc9160309b045587d95e6ae20db9f4b5e
39664ba8def65361565016aadb9f256a80458a99b62d1aa11ac3204b0c40e449
4bd10347064abf655738b972dd77d07311312ecbade09708647641510288bd5e
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5649a8607c962e040dc426c18c953fb0d84206d2f794950b3a77b5c58ed79885
57d8f2da851d6a5f3b8e00c7e8ca40ddbf874d6fd5e887214ccea8fe12ab91b7
623cc04225623c9576350c0c262ddc33f90825890c21a3df3ee9b71fd1817904
6c8a097e32c05dbd1256b8a06eb3aa03dc20c5f2d1c5dca2f00b6ed5c148fad1
721e519c54f09a1423dec3bd3b095d7f1aca8d1b4bfaafe8306f431ace1b7c6d
75e46604bc973b209defcde74ec7a6bd80da48c49490eb392289e7083cde5436
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff
807ed197ccc15e8eeae882a70ab9e9bd6cd9084f79855bdc80bc8fdc76045a3a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
95d6eec022b51242be5b6da4ff276d1ba32e7297aabecf43b1ff850aaf41818a
9d0b994e2ee44958022ff48ebe806ff718925de944fa7e3bf7a7dd7108509e6b
9e31560163d1cc811ef15daa009f4f66ed4e4ebbdfd5af6e7e27216c3034e9be
a2069f171e099f0e2ee2c73bff45cfda2ad0f5eecd9f1a5893e51edaf2ffd56b
a22309d8e3e8ea9cae433efcbbf380c1629b36a6e8bbabf4d082930d6181c101
caa56275c2756231bc51b3462a0307ab290227574a5a20fe1647eacf489e8eee
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d6b6ed729e29dad2a30e237aaecea16c23995310a67e369004944512eaa0b4d4
dca483c82bca339d5953f246f5d6895848f6ecac973341c49a6e23c79be5538b
e4932d430fc2fdde2df88095f87b7dece3bd3a6a87ef2b051de02ecc65ff5edc
f50d5b45cb56df68824851416593c663753e7d800f7261bf14b9c602d219bd42
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40

click1.email.journalstar.com Open in urlscan Pro 74.214.203.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

38 Requests

95 %HTTPS

20 %IPv6

10 Domains

13 Subdomains

12 IPs

6 Countries

579 kBTransfer

833 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

click1.email.journalstar.com Open in urlscan Pro
74.214.203.11 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

95 %
HTTPS

20 %
IPv6

10
Domains

13
Subdomains

12
IPs

6
Countries

579 kB
Transfer

833 kB
Size

1
Cookies

38 HTTP transactions
0 data transactions