myaccount.buffalonews.com Open in urlscan Pro
2600:1f18:410b:aea2:183c:dc66:b60:e842 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://click1.email.lee.net/epbjdyhhzhvfqrbdftsyyfqzkqfwkjqzqdplrphzqbrqdpt_kmdrhmrfsfjlssdtrlhtt.html
Effective URL:
https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Submission: On October 31 via manual (October 31st 2022, 5:10:16 pm UTC) from US — Scanned from DE

Summary HTTP 78 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 29 domains to perform 78 HTTP transactions. The main IP is 2600:1f18:410b:aea2:183c:dc66:b60:e842, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is myaccount.buffalonews.com.
TLS certificate: Issued by Amazon on December 21st 2021. Valid for: a year.

This is the only time myaccount.buffalonews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	74.214.203.11 74.214.203.11	14618 (AMAZON-AES) (AMAZON-AES)
7	2600:1f18:410... 2600:1f18:410b:aea2:183c:dc66:b60:e842	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2606:4700::68... 2606:4700::6812:1734	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:808::2004	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:350... 2a02:26f0:3500:16::215:148b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
5	2600:1f18:410... 2600:1f18:410b:aea1:c20e:ee1a:63b:9864	14618 (AMAZON-AES) (AMAZON-AES)
6	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
9	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	3.5.16.140 3.5.16.140	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:400c:c1b::9a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1 2	107.178.250.234 107.178.250.234	15169 (GOOGLE) (GOOGLE)
2	13.32.121.37 13.32.121.37	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:225... 2600:9000:225e:5c00:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
1 3	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	18.66.123.144 18.66.123.144	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:e4:... 2606:4700:e4::ac40:a40e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	18.235.126.7 18.235.126.7	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1 1	2600:1f18:730... 2600:1f18:730:b120:4095:a671:23e5:4310	14618 (AMAZON-AES) (AMAZON-AES)
1	35.168.71.120 35.168.71.120	14618 (AMAZON-AES) (AMAZON-AES)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	3.219.38.131 3.219.38.131	14618 (AMAZON-AES) (AMAZON-AES)
2 6	3.208.116.31 3.208.116.31	14618 (AMAZON-AES) (AMAZON-AES)
1	23.36.162.28 23.36.162.28	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4 4	52.28.211.5 52.28.211.5	16509 (AMAZON-02) (AMAZON-02)
2 2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 2	54.228.8.136 54.228.8.136	16509 (AMAZON-02) (AMAZON-02)
1 2	2.18.232.236 2.18.232.236	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a04:4e42::300 2a04:4e42::300	54113 (FASTLY) (FASTLY)
1 1	64.202.112.159 64.202.112.159	23352 (SERVERCEN...) (SERVERCENTRAL)
1	2600:1f18:ed:... 2600:1f18:ed:550a:18eb:75ae:dc51:d648	14618 (AMAZON-AES) (AMAZON-AES)
78	32

1 74.214.203.11 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)

click1.email.lee.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:410b:aea2:183c:dc66:b60:e842 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

myaccount.buffalonews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.buffalonews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ka-p.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:16::215:148b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1f18:410b:aea1:c20e:ee1a:63b:9864 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.bntech.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.5.16.140 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400c:c1b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.250.234 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 234.250.178.107.bc.googleusercontent.com

js.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.32.121.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-37.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:225e:5c00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.131.137 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.123.144 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-123-144.fra60.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e4::ac40:a40e (United States)

ASN13335 (CLOUDFLARENET, US)

qnhtg9kbqjgw2izax.ay.delivery	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.126.7 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-126-7.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b120:4095:a671:23e5:4310 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.168.71.120 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-168-71-120.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.219.38.131 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-219-38-131.compute-1.amazonaws.com

www.i.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.208.116.31 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-116-31.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.36.162.28 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-28.deploy.static.akamaitechnologies.com

sli.buffalonews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.241 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.28.211.5 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-211-5.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.228.8.136 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-8-136.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.232.236 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-236.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.159 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:ed:550a:18eb:75ae:dc51:d648 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	liadm.com 3 redirects b-code.liadm.com — Cisco Umbrella Rank: 3208 rp.liadm.com — Cisco Umbrella Rank: 1610 rp4.liadm.com — Cisco Umbrella Rank: 8498 i.liadm.com — Cisco Umbrella Rank: 587 i6.liadm.com — Cisco Umbrella Rank: 1903	22 KB
9	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	308 B
8	buffalonews.com myaccount.buffalonews.com api.buffalonews.com sli.buffalonews.com — Cisco Umbrella Rank: 227752	287 KB
6	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 76 cm.g.doubleclick.net — Cisco Umbrella Rank: 213	1 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	22 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2 ampcid.google.com — Cisco Umbrella Rank: 2141 region1.analytics.google.com — Cisco Umbrella Rank: 5362	2 KB
5	google.de www.google.de — Cisco Umbrella Rank: 6364 ampcid.google.de — Cisco Umbrella Rank: 63362	1 KB
5	bntech.io api.bntech.io — Cisco Umbrella Rank: 199680	8 KB
4	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 291	2 KB
4	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1433 ka-p.fontawesome.com — Cisco Umbrella Rank: 3626	64 KB
3	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 605 match.adsrvr.org — Cisco Umbrella Rank: 353	672 B
3	matheranalytics.com 1 redirects js.matheranalytics.com — Cisco Umbrella Rank: 10410 www.i.matheranalytics.com — Cisco Umbrella Rank: 9981	43 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 51	270 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 145	197 KB
2	addthis.com 1 redirects x.dlx.addthis.com — Cisco Umbrella Rank: 1183	1 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 202	2 KB
2	trkn.us 1 redirects trkn.us — Cisco Umbrella Rank: 2055	1 KB
2	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 150	2 KB
2	typekit.net use.typekit.net — Cisco Umbrella Rank: 422 p.typekit.net — Cisco Umbrella Rank: 560	1 KB
1	zemanta.com 1 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 565	291 B
1	taboola.com trc.taboola.com — Cisco Umbrella Rank: 631	369 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 458	676 B
1	ay.delivery qnhtg9kbqjgw2izax.ay.delivery — Cisco Umbrella Rank: 132794	13 KB
1	cloudfront.net d1eoo1tco6rr5e.cloudfront.net	668 B
1	amazonaws.com s3.amazonaws.com	18 KB
1	gstatic.com www.gstatic.com	160 KB
1	lee.net 1 redirects click1.email.lee.net	406 B
0	simpli.fi Failed tag.simpli.fi Failed
0	insiderdata360online.com Failed insiderdata360online.com Failed
78	29

	Domain	Requested by
9	www.facebook.com	myaccount.buffalonews.com
6	i.liadm.com	2 redirects b-code.liadm.com i.liadm.com
6	www.google-analytics.com	myaccount.buffalonews.com www.google-analytics.com
5	api.bntech.io	myaccount.buffalonews.com api.bntech.io
4	x.bidswitch.net	4 redirects
4	www.google.de	myaccount.buffalonews.com
4	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
4	api.buffalonews.com	myaccount.buffalonews.com
3	www.googletagmanager.com	myaccount.buffalonews.com www.googletagmanager.com
3	connect.facebook.net	myaccount.buffalonews.com connect.facebook.net
3	ka-p.fontawesome.com	kit.fontawesome.com
3	www.google.com	myaccount.buffalonews.com
3	myaccount.buffalonews.com	myaccount.buffalonews.com
2	x.dlx.addthis.com	1 redirects i.liadm.com
2	dpm.demdex.net	2 redirects
2	cm.g.doubleclick.net	2 redirects
2	region1.analytics.google.com	www.googletagmanager.com
2	trkn.us	1 redirects myaccount.buffalonews.com
2	insight.adsrvr.org	1 redirects d1eoo1tco6rr5e.cloudfront.net
2	b-code.liadm.com	www.googletagmanager.com b-code.liadm.com
2	sb.scorecardresearch.com	myaccount.buffalonews.com
2	js.matheranalytics.com	1 redirects myaccount.buffalonews.com
1	i6.liadm.com	i.liadm.com
1	b1sync.zemanta.com	1 redirects
1	trc.taboola.com	i.liadm.com
1	match.adsrvr.org	i.liadm.com
1	sync.mathtag.com	1 redirects
1	sli.buffalonews.com	myaccount.buffalonews.com
1	www.i.matheranalytics.com	myaccount.buffalonews.com
1	rp4.liadm.com	myaccount.buffalonews.com
1	rp.liadm.com	1 redirects
1	ampcid.google.de	www.google-analytics.com
1	qnhtg9kbqjgw2izax.ay.delivery	www.googletagmanager.com
1	d1eoo1tco6rr5e.cloudfront.net	www.googletagmanager.com
1	ampcid.google.com	www.google-analytics.com
1	s3.amazonaws.com	myaccount.buffalonews.com
1	www.gstatic.com	www.google.com
1	p.typekit.net	use.typekit.net
1	kit.fontawesome.com	myaccount.buffalonews.com
1	use.typekit.net	myaccount.buffalonews.com
1	click1.email.lee.net	1 redirects
0	tag.simpli.fi Failed	www.googletagmanager.com
0	insiderdata360online.com Failed	myaccount.buffalonews.com
78	43

This site contains links to these domains. Also see Links.

Domain
buffalonews.com

Subject Issuer	Validity	Valid
buffalonews.com Amazon	`2021-12-21` - `2023-01-17`	a year	crt.sh
use.typekit.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-09-14` - `2023-10-15`	a year	crt.sh
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-01` - `2023-01-01`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
bntech.io Amazon	`2022-03-04` - `2023-04-02`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-08-10` - `2022-11-08`	3 months	crt.sh
s3.amazonaws.com Amazon	`2022-04-01` - `2023-03-30`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-10-17` - `2023-01-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.scorecardresearch.com Amazon	`2022-01-29` - `2023-02-27`	a year	crt.sh
*.liadm.com Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-04-05` - `2023-04-05`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
www.i.matheranalytics.com Amazon	`2022-01-13` - `2023-02-11`	a year	crt.sh
sli.buffalo.com R3	`2022-09-07` - `2022-12-06`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Frame ID: E39FD704248896FB7D94C5F3FA09BCFD
Requests: 64 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 57792117F752CB863E6E6702F52BE451
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Frame ID: 9EE6707FD2B63D5C97DA849FF2F70CF9
Requests: 2 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-0585?s=&cim=&ps=true&ls=true&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: 3586E2F26F9B4408DF21EF7A743B1B44
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

My Account - The Buffalo News

Page URL History Show full URLs

https://click1.email.lee.net/epbjdyhhzhvfqrbdftsyyfqzkqfwkjqzqdplrphzqbrqdpt_kmdrhmrfsfjlssdtrlhtt.html HTTP 302
https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022... Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

78
Requests

87 %
HTTPS

55 %
IPv6

29
Domains

43
Subdomains

32
IPs

5
Countries

1111 kB
Transfer

3808 kB
Size

32
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://buffalonews.com/

Search URL Search Domain Scan URL

URL: https://buffalonews.com/pages/privacy_policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://buffalonews.com/pages/terms_and_conditions.html
Title: Terms and Conditions

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://click1.email.lee.net/epbjdyhhzhvfqrbdftsyyfqzkqfwkjqzqdplrphzqbrqdpt_kmdrhmrfsfjlssdtrlhtt.html HTTP 302
https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://js.matheranalytics.com/s/ma1527/725149308/lee/ml.js?cb=1608 HTTP 301
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js

Request Chain 38

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

Request Chain 44

https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=buffalonews.com&ord=1078116722 HTTP 302
https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=buffalonews.com&ord=1078116722&ip=185.213.155.166&cuidchk=1

Request Chain 54

https://rp.liadm.com/j?dtstmp=1667236211653&aid=a-0585&se=e30&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&tna=v2.5.0&pu=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&wpn=lc-bundle&c=PHRpdGxlPk15IEFjY291bnQgLSBUaGUgQnVmZmFsbyBOZXdzPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTWFuYWdlIGFsbCB5b3VyIGFjY291bnQgZGV0YWlscyBpbiBvbmUgcGxhY2UuIj4 HTTP 302
https://rp4.liadm.com/j?dtstmp=1667236211653&aid=a-0585&se=e30&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&tna=v2.5.0&pu=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&wpn=lc-bundle&c=PHRpdGxlPk15IEFjY291bnQgLSBUaGUgQnVmZmFsbyBOZXdzPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTWFuYWdlIGFsbCB5b3VyIGFjY291bnQgZGV0YWlscyBpbiBvbmUgcGxhY2UuIj4&i6=MmEwMzoxYjIwOjY6ZjAxMTo6NmU%3D&n3pc=true

Request Chain 70

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-0585%2F0%2F468fa03a11f244299b4596333eb8fdb5%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&e236a13d-5cd0-4e74-8d14-83825d6c9db6 HTTP 302
https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=7156&muid=ecd26360-0175-4200-a803-3ceb480b7d30

Request Chain 72

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=9db7495d-24de-450e-89ba-021a2ae8d7b5 HTTP 303
https://x.bidswitch.net/sync?ssp=liveintent&user_id=e236a13d-5cd0-4e74-8d14-83825d6c9db6 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=liveintent&bsw_param=9db7495d-24de-450e-89ba-021a2ae8d7b5&google_hm=OWRiNzQ5NWQtMjRkZS00NTBlLTg5YmEtMDIxYTJhZThkN2I1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=liveintent&bsw_param=9db7495d-24de-450e-89ba-021a2ae8d7b5&google_hm=OWRiNzQ5NWQtMjRkZS00NTBlLTg5YmEtMDIxYTJhZThkN2I1&google_tc= HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESENglAitOwnFwvQilpc2m1Tw&google_cver=1&ssp=liveintent&bsw_param=9db7495d-24de-450e-89ba-021a2ae8d7b5 HTTP 302
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=9db7495d-24de-450e-89ba-021a2ae8d7b5

Request Chain 73

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-0585%2F0%2F468fa03a11f244299b4596333eb8fdb5%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-0585%2F0%2F468fa03a11f244299b4596333eb8fdb5%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=82775&muid=56770357844419063360942980042435222880

Request Chain 74

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=e236a13d-5cd0-4e74-8d14-83825d6c9db6 HTTP 302
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&rd=Y

Request Chain 76

https://b1sync.zemanta.com/usersync/liveintent/?cb=%2F%2Fi.liadm.com%2Fs%2F35004%3Fbidder_id%3D98254%26bidder_uuid%3D__ZUID__ HTTP 302
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid= HTTP 303
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

78 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
myaccount.buffalonews.com/
Redirect Chain

https://click1.email.lee.net/epbjdyhhzhvfqrbdftsyyfqzkqfwkjqzqdplrphzqbrqdpt_kmdrhmrfsfjlssdtrlhtt.html
https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

1 KB
983 B

344ms
104ms

Document
text/html

2600:1f18:410b:aea2:183c:dc66:b60:e842
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea2:183c:dc66:b60:e842 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: b63324e4659a164791049736c33c88b47890f183ded969e801ca10cda6310ef1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 31 Oct 2022 17:10:09 GMT
ETag: W/"618eb0a8-50c"
Last-Modified: Fri, 12 Nov 2021 18:21:28 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html;charset=utf-8
Date: Mon, 31 Oct 2022 17:10:08 GMT
Keep-Alive: timeout=60
Location: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Server: Apache-Coyote/1.1

GET
H2 200 typ0hvv.css
use.typekit.net/ 4 KB
1000 B 177ms
128ms Stylesheet
text/css 2a02:26f0:3500:16::215:148f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/typ0hvv.css

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:148f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

ceb0fe6c8ce9a618de9db64e763af48767f6e48c82692590fd3d589955c065b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Mon, 31 Oct 2022 17:10:10 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 768

GET
H2 200 f2c0801395.js Show response
kit.fontawesome.com/ 11 KB
4 KB 78ms
39ms Script
text/javascript 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://kit.fontawesome.com/f2c0801395.js

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89c9f6f9fcf15f9c9762d94725fcc39567158a343861a8d9dcd26c951e93b44c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload

Request headers

Referer: https://myaccount.buffalonews.com/
Origin: https://myaccount.buffalonews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:10 GMT
strict-transport-security: max-age=31536000; preload
content-encoding: gzip
cf-cache-status: REVALIDATED
server: cloudflare
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=60, public, must-revalidate
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-ray: 762e00a8efaa5c1a-FRA
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: FyMZ3qNHW3ak7X_V6fAD

GET
H/1.1 200
OK cleave.min.js Show response
myaccount.buffalonews.com/js/ 21 KB
6 KB 109ms
108ms Script
application/javascript 2600:1f18:410b:aea2:183c:dc66:b60:e842
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.buffalonews.com/js/cleave.min.js
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea2:183c:dc66:b60:e842 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 7eb194c2648de022cb8f29399b9f4409d5ec0cc5314d6e4eea175c78d1d5089a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:10 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Dec 2020 19:06:43 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: W/"5fd12043-528d"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
970 B 132ms
48ms Script
text/javascript 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9f35f72d1b6d10f0b5ebca8169126dbab29cbbf968118773b2f65224ec612d0f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 557
x-xss-protection: 1; mode=block
expires: Mon, 31 Oct 2022 17:10:10 GMT

GET
H/1.1 200
OK app.js Show response
myaccount.buffalonews.com/ 1 MB
276 KB 319ms
210ms Script
application/javascript 2600:1f18:410b:aea2:183c:dc66:b60:e842
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://myaccount.buffalonews.com/app.js?v=1.4.0
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea2:183c:dc66:b60:e842 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: dcf18d50777709d707614764a7d6d7451f10424f4b2626efb9a04227a5e4d8f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:10 GMT
Content-Encoding: gzip
Last-Modified: Thu, 22 Sep 2022 12:18:30 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: W/"632c5296-108274"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive

GET
H2 200 p.css
p.typekit.net/ 5 B
181 B 52ms
6ms Stylesheet
text/css 2a02:26f0:3500:16::215:148b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=typ0hvv&ht=tk&f=29431.29432.29434.29435.29436&a=33059054&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/typ0hvv.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:148b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:10 GMT
last-modified: Sat, 16 Oct 2021 08:18:43 GMT
server: nginx
etag: "616a8ae3-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 pro.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 315 KB
53 KB 82ms
48ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css?token=f2c0801395
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/f2c0801395.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:10 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 22110
etag: "610ae215-d3b2"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 762e00aa4b155c1a-FRA
content-length: 54194

GET
H2 200 pro-v4-shims.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 26 KB
4 KB 88ms
54ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css?token=f2c0801395
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/f2c0801395.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:10 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 31465
etag: "610ae215-1062"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 762e00aa4b105c1a-FRA
content-length: 4194

GET
H2 200 pro-v4-font-face.min.css Show response
ka-p.fontawesome.com/releases/v5.15.4/css/ 27 KB
3 KB 70ms
36ms Fetch
text/css 2606:4700::6812:1734
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css?token=f2c0801395
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/f2c0801395.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:10 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
age: 22109
etag: "610ae215-a2b"
vary: Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 762e00aa4b0b5c1a-FRA
content-length: 2603

GET platform.js
insiderdata360online.com/service/ 0
0

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/ 400 KB
160 KB 217ms
38ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/NJPGLzpIZgjszqyOymHUP0XR/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8850c59b00380af79a60472b2d9db31db1f9abe5bbb3b3771eabb12780653688

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://myaccount.buffalonews.com/
Origin: https://myaccount.buffalonews.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 16:43:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1586
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 163140
x-xss-protection: 0
last-modified: Mon, 24 Oct 2022 04:01:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 31 Oct 2023 16:43:44 GMT

GET
H/1.1 200
OK myAccount Show response
api.buffalonews.com/settings/ 1 KB
1 KB 108ms
108ms XHR
application/json 2600:1f18:410b:aea2:183c:dc66:b60:e842
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.buffalonews.com/settings/myAccount
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/app.js?v=1.4.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea2:183c:dc66:b60:e842 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 3a3a818b0af5603c009c35527c7266c67d21a7b8fd432906771bf030db7c5753

Request headers

Accept: application/json, text/*
Referer: https://myaccount.buffalonews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
X-Hostname: myaccount.buffalonews.com

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 31 Oct 2022 17:10:11 GMT
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Content-Length: 1320
Content-Type: application/json

OPTIONS
H/1.1 200
OK myAccount
api.buffalonews.com/settings/ Frame 0
0 320ms
103ms Preflight
application/json 2600:1f18:410b:aea2:183c:dc66:b60:e842
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.buffalonews.com/settings/myAccount
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea2:183c:dc66:b60:e842 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-hostname
Access-Control-Request-Method: GET
Origin: https://myaccount.buffalonews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Hostname
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 21
Content-Type: application/json
Date: Mon, 31 Oct 2022 17:10:10 GMT
Server: nginx/1.10.3 (Ubuntu)

OPTIONS
H/1.1 200
OK subscribe
api.buffalonews.com/settings/ Frame 0
0 388ms
388ms Preflight
application/json 2600:1f18:410b:aea2:183c:dc66:b60:e842
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.buffalonews.com/settings/subscribe?campaign=E0010627E1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea2:183c:dc66:b60:e842 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-hostname
Access-Control-Request-Method: GET
Origin: https://myaccount.buffalonews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Hostname
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 21
Content-Type: application/json
Date: Mon, 31 Oct 2022 17:10:11 GMT
Server: nginx/1.10.3 (Ubuntu)

GET
H/1.1 200
OK 4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT Show response
api.bntech.io/js/ 18 KB
6 KB 340ms
118ms Script
text/javascript 2600:1f18:410b:aea1:c20e:ee1a:63b:9864
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/app.js?v=1.4.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea1:c20e:ee1a:63b:9864 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 6e547b9cd28475c1c0160d8664a748af9e84e0c6818975aadb530c9e01209eab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:11 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 96ms
30ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 31 Oct 2022 15:15:54 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 6857
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Mon, 31 Oct 2022 17:15:54 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 26ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f896040524443394b8b1ba4fbd1de94be74378ab901e53b3b40c1323d1735143

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27337
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: DzXDfadoDiqm33b4HjJwZhIBNXlIdK5vtM0IKbXNL62wTgcHDLt3MGagLV4LzgU9r6BvhhRs/bfdny53nAMgFA==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tr
www.facebook.com/ 0
185 B 25ms
9ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id={1041323275912628}&ev=PageView&noscript=1

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 504 KB
120 KB 211ms
126ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/app.js?v=1.4.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

170e2ff36a53844707e0ec430e9d6bbc56708c7973b84aaa498b9c2f887506fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122130
x-xss-protection: 0
last-modified: Mon, 31 Oct 2022 16:05:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 31 Oct 2022 17:10:11 GMT

GET
H/1.1 200
OK subscribe Show response
api.buffalonews.com/settings/ 1 KB
1 KB 112ms
111ms XHR
application/json 2600:1f18:410b:aea2:183c:dc66:b60:e842
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.buffalonews.com/settings/subscribe?campaign=E0010627E1
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/app.js?v=1.4.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea2:183c:dc66:b60:e842 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: c1ccf7b51a53a2799bda8f53e571be1b448d05df4b48dfec17205247b74fbf07

Request headers

Accept: application/json, text/*
Referer: https://myaccount.buffalonews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
X-Hostname: myaccount.buffalonews.com

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 31 Oct 2022 17:10:11 GMT
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Content-Length: 1284
Content-Type: application/json

GET
H/1.1 200
OK buffalo_news_logo.svg
s3.amazonaws.com/projects.buffalonews.com/subscribe/ 17 KB
18 KB 331ms
118ms Image
image/svg+xml 3.5.16.140
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/projects.buffalonews.com/subscribe/buffalo_news_logo.svg
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.16.140 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: f40830ff55b02948eacb96ff85bafdacd973b155d991e55f91784ec5c7ce82fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:12 GMT
Last-Modified: Tue, 14 Jul 2020 15:31:03 GMT
Server: AmazonS3
x-amz-request-id: 5QCPJKHKMKAHXT6Z
ETag: "8cb5a24b96c1a732a881ee5534f9646e"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 17683
x-amz-id-2: sEaPJ4GdtOa3paWNXwkfY+eKtKTP6+9ZpOLc5tzzLtIVR80pwkoQxzzjgNKOM6FX2M+yVtUCIPguyBrOMW+BMQ==

GET
H2 200 1041323275912628 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 80ms
80ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1041323275912628?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e9eef6898bd1faa4c8aa12ab8e9e42b24bfeae3f58df0be486766f3e55fbc6ec

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Aap1QxNx0oAxnLyL+n9mP/b9MNznusK7AZCavd0WhpLpYPqH3Et0wmQATinTvHHT9fvBbp26T6kI0Z0LMXCsrw==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
763 B 98ms
32ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 16:45:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1480
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 738
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 31 Oct 2022 17:45:31 GMT

GET
H3 200 961211893969940 Show response
connect.facebook.net/signals/config/ 297 KB
85 KB 9ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/961211893969940?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

57a585e15d1c97f032c7a99c654e3d489ae653a49650fe3e113070b013284718

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86959
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: JoSly3OFdZw6GE3KePzu1lZSuW072mqfw1d8jDPLJR7cIaJdHRSUOEc1TbOUAUmDHtgljwhWr2ah/zvQ4O5+mw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 21ms
10ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1041323275912628&ev=PageView&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&rl=&if=false&ts=1667236211287&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1667236211286.331320045&it=1667236211148&coo=false&exp=d1&rqm=GET

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 20ms
9ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1041323275912628&ev=lookup&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&rl=&if=false&ts=1667236211313&cd[name]=lookup&cd[route]=lookup&sw=1600&sh=1200&v=2.9.89&r=stable&ec=1&o=30&fbp=fb.1.1667236211286.331320045&it=1667236211148&coo=false&rqm=GET

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 20ms
10ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=961211893969940&ev=lookup&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&rl=&if=false&ts=1667236211314&cd[name]=lookup&cd[route]=lookup&sw=1600&sh=1200&v=2.9.89&r=stable&ec=1&o=30&fbp=fb.1.1667236211286.331320045&it=1667236211148&coo=false&rqm=GET

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 5779 0
18 B 17ms
9ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://myaccount.buffalonews.com
Referer: https://myaccount.buffalonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://myaccount.buffalonews.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 31 Oct 2022 17:10:11 GMT
priority: u=0
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 39ms
39ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1635153082&t=pageview&_s=1&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&dp=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&ul=en-us&de=UTF-8&dt=My%20Account%20-%20The%20Buffalo%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAAEIRAAAAACAAI~&jid=94565821&gjid=616219306&cid=118170383.1667236211&tid=UA-5339712-1&_gid=994032249.1667236211&_r=1&_slc=1&z=1100588683

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://myaccount.buffalonews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://myaccount.buffalonews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 32ms
31ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1635153082&t=event&_s=2&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&ul=en-us&de=UTF-8&dt=My%20Account%20-%20The%20Buffalo%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=myAccount&ea=lookup&el=lookup&_u=KGBAAEIRAAAAACAAI~&jid=&gjid=&cid=118170383.1667236211&tid=UA-5339712-1&_gid=994032249.1667236211&z=139884881

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 03:28:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 49278
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
449 B 56ms
19ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-5339712-1&cid=118170383.1667236211&jid=94565821&gjid=616219306&_gid=994032249.1667236211&_u=KGBAAEIQAAAAACAAI~&z=716057111

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://myaccount.buffalonews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 31 Oct 2022 17:10:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://myaccount.buffalonews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 151ms
76ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-5339712-1&cid=118170383.1667236211&jid=94565821&_u=KGBAAEIQAAAAACAAI~&z=1677696731

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 162ms
78ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-5339712-1&cid=118170383.1667236211&jid=94565821&_u=KGBAAEIQAAAAACAAI~&z=1677696731

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
539 B 145ms
46ms XHR
application/json 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://myaccount.buffalonews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 17:10:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://myaccount.buffalonews.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 94
x-xss-protection: 0

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 32ms
31ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 174
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 31 Oct 2022 18:07:17 GMT

GET
H3

200

ml.br.js Show response
js.matheranalytics.com/static/ltm/ma1527/lee/5/
Redirect Chain

https://js.matheranalytics.com/s/ma1527/725149308/lee/ml.js?cb=1608
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js

145 KB
42 KB

97ms
33ms

Script
application/x-javascript

107.178.250.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: H3
Server: 107.178.250.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 234.250.178.107.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 11:36:23 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 04 Aug 2021 03:52:13 GMT
server: nginx
age: 20028
etag: "96d23de5d1ede166c2abc188adf1ebd7"
vary: Accept-Encoding
x-cache: HIT Wed, 04 Aug 2021 04:04:18 GMT
content-type: application/x-javascript
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43093

Redirect headers

date: Mon, 31 Oct 2022 17:10:11 GMT
via: 1.1 google
server: nginx
vary: Accept-Encoding
location: https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
cache-control: public, max-age=269200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-served-by: 8-gc-euw1-10926

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 37ms
9ms Script
application/javascript 13.32.121.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-37.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Sun, 30 Oct 2022 23:48:09 GMT
content-encoding: gzip
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
last-modified: Tue, 28 Jun 2022 13:19:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
age: 62652
x-amz-server-side-encryption: AES256
etag: W/"eaf85c1c6758e84acfe134efd70e9373"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: DwhOwrNR2huoLqXEOi-PzJTm3ly5Rt_Z1yUssPEQUUK6Po0ur-lYcQ==

GET
H2 200 a-0585.min.js Show response
b-code.liadm.com/ 28 KB
11 KB 62ms
9ms Script
application/javascript 2600:9000:225e:5c00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-0585.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:5c00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 19fb6182f67890f3a21335563e9d4201f919e07eaa0c7f0c3f0f0f25ec441aee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 01:01:35 GMT
content-encoding: gzip
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P4
age: 58115
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-id: LEB_2O5rIXbDDGMgr56oWiRYN2MGRebdSNwBvwWJQwxonJl3Woi7mQ==

GET
H/1.1

200
OK

iframe Show response
d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/ Frame 9EE6
Redirect Chain

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

138 B
668 B

44ms
7ms

Document
text/html

18.66.123.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.123.144 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-123-144.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447

Request headers

Referer: https://myaccount.buffalonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 59097
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 138
Content-Type: text/html
Date: Mon, 31 Oct 2022 00:45:15 GMT
ETag: "50351b1f6590b5c4886c111874e016a0"
Last-Modified: Fri, 01 Oct 2021 23:50:10 GMT
Server: AmazonS3
Via: 1.1 2f72de1f504b6784c7adb04e7fe314f2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: OxFA7vMVYND6ohN-5xFGk3JYBLxyGQEto5RuaCHxBlxjoDa4xJK3qg==
X-Amz-Cf-Pop: FRA60-P2
X-Cache: Hit from cloudfront
x-amz-server-side-encryption: AES256

Redirect headers

content-length: 183
content-type: text/html; charset=UTF-8
date: Mon, 31 Oct 2022 17:10:11 GMT
location: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 client-v2.9.0-openWrap.js Show response
qnhtg9kbqjgw2izax.ay.delivery/ 37 KB
13 KB 78ms
28ms Script
application/javascript 2606:4700:e4::ac40:a40e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qnhtg9kbqjgw2izax.ay.delivery/client-v2.9.0-openWrap.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a40e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d2dd4469f84eee0b4a7fc1791a51c9fe3544bf4b26df414af78a2fddbe5938d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:11 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 24 Jan 2022 14:36:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 773
etag: W/"61eeb97b-95af"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LYkRVYqpC7GcGHt5IBrbzaeZT7Rs409AER9OfJ6%2BqwJtwxrOIPiCcifJLkuFlUc4SGvB5C5nP3uNh%2FwLOGDuXFYKOmvcFCBVpcLMZG96S9ew9xy%2FMfh5QSdDDI1ceOikJC6yXHzhiqGLzL3pRvoHBjb%2FR7TjDKgTZygkzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 762e00b1faf5bb59-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET 5b5dc540-ca6c-013a-51e3-0cc47a8ffaac
tag.simpli.fi/sifitag/ 0
0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 215 KB
75 KB 135ms
56ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

368ad094d110a9fdcdd3201f34c9e3f9c0ab4d0baf68127f6acbb58a176d09d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76424
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 31 Oct 2022 17:10:11 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 8ms
7ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1041323275912628&ev=Domain&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&rl=&if=false&ts=1667236211463&cd[custom_param]=buffalonews.com&sw=1600&sh=1200&v=2.9.89&r=stable&ec=2&o=30&fbp=fb.1.1667236211286.331320045&it=1667236211148&coo=false&rqm=GET

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 9ms
8ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=961211893969940&ev=Domain&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&rl=&if=false&ts=1667236211464&cd[custom_param]=buffalonews.com&sw=1600&sh=1200&v=2.9.89&r=stable&ec=2&o=30&fbp=fb.1.1667236211286.331320045&it=1667236211148&coo=false&rqm=GET

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:11 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H/1.1

200
OK

c
trkn.us/pixel/
Redirect Chain

https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=buffalonews.com&ord=1078116722
https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=buffalonews.com&ord=1078116722&ip=185.213.155.166&cuidchk=1

42 B
780 B

614ms
614ms

Image
image/gif

18.235.126.7
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=buffalonews.com&ord=1078116722&ip=185.213.155.166&cuidchk=1

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

HTTP/1.1

Server

18.235.126.7 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-235-126-7.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 31 Oct 2022 17:10:11 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Mon, 31 Oct 2022 17:10:11 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/html; charset=UTF-8
Location: /pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=buffalonews.com&ord=1078116722&ip=185.213.155.166&cuidchk=1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: keep-alive
Content-Length: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
76 KB 131ms
59ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7WMGT4N7SH&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f6cd9a637651fd548016b8ad2b8615f115a8c32a7fd62c184c5bcb4621d1ad10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77310
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 31 Oct 2022 17:10:11 GMT

GET
H/1.1 200
OK ads.js Show response
api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT/ads/BNTvorpPrTtfa/googleads/ 25 B
233 B 108ms
107ms Script
text/javascript 2600:1f18:410b:aea1:c20e:ee1a:63b:9864
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT/ads/BNTvorpPrTtfa/googleads/ads.js
Requested by: Host: api.bntech.io
URL: https://api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea1:c20e:ee1a:63b:9864 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: cebcc0f32432da08bda08a939e6614766857941b4398c2bc5924d31a3eaa3b98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 31 Oct 2022 17:10:11 GMT
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Content-Length: 25
Content-Type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK sso Show response
api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT/ 5 KB
2 KB 216ms
108ms Script
text/javascript 2600:1f18:410b:aea1:c20e:ee1a:63b:9864
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT/sso
Requested by: Host: api.bntech.io
URL: https://api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea1:c20e:ee1a:63b:9864 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 100208b06daf57f4534814f68c968f1647bac87e5644e7955625a3dcddb6bf93

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:11 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H2 204 b
sb.scorecardresearch.com/ 0
188 B 9ms
9ms Image
text/plain 13.32.121.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=10345586&cs_it=b3&cv=3.8.0.210223&ns__t=1667236211503&ns_c=UTF-8&c7=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&c8=My%20Account%20-%20The%20Buffalo%20News&c9=
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.121.37 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-121-37.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:11 GMT
via: 1.1 11a78ce92a548aac13fb6ee545aff014.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P1
x-amz-cf-id: UQDNdlLKMwb1LF9bkq1ifKcuOhFJTdR1g0YSLHTRaPd06n2eHEaobw==
x-cache: Miss from cloudfront

GET
H2 200 sync-container.js Show response
b-code.liadm.com/ 6 KB
6 KB 8ms
7ms Script
application/javascript 2600:9000:225e:5c00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/sync-container.js
Requested by: Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-0585.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:5c00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Wed, 05 Oct 2022 20:20:54 GMT
x-amz-version-id: WIo1DFPCLgnYZuB8yv1dFIDWe1bYBj2G
via: 1.1 da78abc509aafffb42eec33ca2dc60d4.cloudfront.net (CloudFront)
last-modified: Tue, 10 May 2022 11:48:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 2234958
etag: "ae5e94de938b0387eda6df8f20da811a"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
content-length: 5904
x-amz-cf-id: CiY99m9yzXGT7eVXBsiPDoNxKjF5DqV8Vs0NtgMJhJNBY1-1Eajx4Q==

OPTIONS
H/1.1 200
OK track
api.bntech.io/m/ Frame 0
0 319ms
107ms Preflight
application/json 2600:1f18:410b:aea1:c20e:ee1a:63b:9864
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bntech.io/m/track
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea1:c20e:ee1a:63b:9864 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-api-key,x-api-token,x-metric-type
Access-Control-Request-Method: PUT
Origin: https://myaccount.buffalonews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Token, X-API-Key, X-API-Token, X-Metric-Type
Access-Control-Allow-Methods: OPTIONS, GET, PUT
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 21
Content-Type: application/json
Date: Mon, 31 Oct 2022 17:10:11 GMT
Server: nginx/1.10.3 (Ubuntu)

PUT
H/1.1 200
OK track Show response
api.bntech.io/m/ 67 B
262 B 109ms
109ms XHR
application/json 2600:1f18:410b:aea1:c20e:ee1a:63b:9864
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.bntech.io/m/track
Requested by: Host: api.bntech.io
URL: https://api.bntech.io/js/4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:410b:aea1:c20e:ee1a:63b:9864 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: ab16d45b2aadc8e36c45376eadccd0ccc5ac7af8f15937973956ca0dbce47081

Request headers

Content-Type: application/json;charset=UTF-8
Referer: https://myaccount.buffalonews.com/
X-Metric-Type: view
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
X-API-Key: 4UXESkHyTlBIcIFsDlibVfh6XaRZmfGT
X-API-Token: Nw2d1SUG4-S9nlF22-WHFAxGAXrAi-AzkHBpgRo92vIkPcWtpM

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 31 Oct 2022 17:10:11 GMT
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Content-Length: 67
Content-Type: application/json

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
468 B 138ms
44ms XHR
application/json 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://myaccount.buffalonews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 31 Oct 2022 17:10:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://myaccount.buffalonews.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23
x-xss-protection: 0

GET
H2 200 /
insight.adsrvr.org/track/pxl/ Frame 9EE6 70 B
260 B 30ms
29ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=nebsjkp&ct=0:21usqg2&fmt=3
Requested by: Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 31 Oct 2022 17:10:11 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1667236211653&aid=a-0585&se=e30&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&tna=v2.5.0&pu=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_so...
https://rp4.liadm.com/j?dtstmp=1667236211653&aid=a-0585&se=e30&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&tna=v2.5.0&pu=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_s...

48 B
587 B

352ms
103ms

XHR
application/json

35.168.71.120
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1667236211653&aid=a-0585&se=e30&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&tna=v2.5.0&pu=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&wpn=lc-bundle&c=PHRpdGxlPk15IEFjY291bnQgLSBUaGUgQnVmZmFsbyBOZXdzPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTWFuYWdlIGFsbCB5b3VyIGFjY291bnQgZGV0YWlscyBpbiBvbmUgcGxhY2UuIj4&i6=MmEwMzoxYjIwOjY6ZjAxMTo6NmU%3D&n3pc=true

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Server

35.168.71.120 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-168-71-120.compute-1.amazonaws.com

Software

Resource Hash

261854a2664913c58d1956c532ba529898e252a789cfd45e02ca4691bba086d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date: Mon, 31 Oct 2022 17:10:12 GMT
x-pixel-event-id: 09c7bb5a-6024-4b91-b157-f9e509eb7c8e
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: DENY
vary: Origin
content-type: application/json
request-time: 0
access-control-allow-origin: null
access-control-allow-credentials: true
trace-id: aa153f305c0d7de5
content-length: 48
x-xss-protection: 1; mode=block

Redirect headers

date: Mon, 31 Oct 2022 17:10:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
vary: Origin
location: https://rp4.liadm.com/j?dtstmp=1667236211653&aid=a-0585&se=e30&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&tna=v2.5.0&pu=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&wpn=lc-bundle&c=PHRpdGxlPk15IEFjY291bnQgLSBUaGUgQnVmZmFsbyBOZXdzPC90aXRsZT48bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iTWFuYWdlIGFsbCB5b3VyIGFjY291bnQgZGV0YWlscyBpbiBvbmUgcGxhY2UuIj4&i6=MmEwMzoxYjIwOjY6ZjAxMTo6NmU%3D&n3pc=true
access-control-allow-origin: https://myaccount.buffalonews.com
request-time: 0
access-control-allow-credentials: true
trace-id: 6bee3af23ab2c8be
content-length: 0
x-xss-protection: 1; mode=block

POST
H2 204 collect
region1.analytics.google.com/g/ 0
354 B 342ms
37ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-F8FFLLVDEZ&gtm=2oeaq0&_p=1635153082&_gaz=1&cid=118170383.1667236211&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1667236211&sct=1&seg=0&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&dt=My%20Account%20-%20The%20Buffalo%20News&en=page_view&_fv=1&_ss=1&ep.asset_flag_array=false&ep.asset_tag_array=false&ep.domain=buffalonews.com&ep.page_type=index&ep.platform=desktop&ep.application=user&ep.byline=Undefined&ep.syndication_domain=null&ep.blox_sections=subscriber%2Cservices&ep.url_fragment=&ep.author=Undefined&ep.eedition_view_type=Page%20View&ep.asset_app=user&ep.asset_has_paywall=notset&ep.ad_breaks=undefined&up.client_id=function(a)%7Bvar%20b%3Da.get(%22clientId%22)%3Ba.set(%22dimension%22%2Bc%2Cb)%3Bwindow.dataLayer.push(%7Bgoogle_client_id%3Ab%7D)%7D&up.user_subscription_date=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://myaccount.buffalonews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 60ms
23ms Ping
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-F8FFLLVDEZ&cid=118170383.1667236211&gtm=2oeaq0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://myaccount.buffalonews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 373ms
72ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-F8FFLLVDEZ&cid=118170383.1667236211&gtm=2oeaq0&aip=1&z=1845284893

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
45 B 303ms
37ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7WMGT4N7SH&gtm=2oeaq0&_p=1635153082&_gaz=1&cid=118170383.1667236211&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1667236211&sct=1&seg=0&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&dt=My%20Account%20-%20The%20Buffalo%20News&en=page_view&_fv=1&_ss=1&ep.domain=buffalonews.com&ep.asset_flag_array=false&ep.asset_tag_array=false&ep.author=Undefined&ep.blox_sections=subscriber%2Cservices&ep.byline=Undefined&ep.asset_has_paywall=notset&ep.page_type=index&ep.url_fragment=&ep.url_fragment_tncms=&ep.blox_skin=flex-user&ep.blox_platform=desktop&ep.eedtion_view_type=Page%20View&ep.syndication_domain=null&ep.ad_breaks=undefined&up.client_id=function(a)%7Bvar%20b%3Da.get(%22clientId%22)%3Ba.set(%22dimension%22%2Bc%2Cb)%3Bwindow.dataLayer.push(%7Bgoogle_client_id%3Ab%7D)%7D&up.user_subscription_date=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7WMGT4N7SH&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://myaccount.buffalonews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 19ms
18ms Ping
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-7WMGT4N7SH&cid=118170383.1667236211&gtm=2oeaq0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7WMGT4N7SH&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://myaccount.buffalonews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 336ms
74ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7WMGT4N7SH&cid=118170383.1667236211&gtm=2oeaq0&aip=1&z=685894956

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 440ms
102ms Image
image/gif 3.219.38.131
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=pv&page=My%20Account%20-%20The%20Buffalo%20News&sec=subscriber&ptype=index&hier=subscriber%7Cservices&cms=townnews%2Fblox&arttype=user&tv=js-3.0.136&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=5&tvcfg=lee&tid=4316b97f-75f9-40b9-93c1-ce8a1dc0e798&pid=fd385271-f0a9-46ad-80e3-24f5d6bcfab0&dtm=1667236211793&qnm=_matherq&visible=1&tabid=145f2791-d5d1-44bd-a4cd-e843cd7fe902&url=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&vp=1600x1200&ds=1600x1200&tofa=1667236212&vid=1&lvidt=1667236212&duid=f0b4e422de0f715a&fp=2576032657&cid=ma1527&mrk=725149308&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY2NzIzNjIwODg5NCIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIxMy40bWIiLCJoZWFwVCI6IjE4LjJtYiIsImZzdFBhaW50IjoiMTc5MyIsImZldGNoUyI6Ijc4MiIsImRvbWFpblMiOiI3ODIiLCJkb21haW5FIjoiODAwIiwiY29ublMiOiI4MDAiLCJjb25uRSI6IjEwMjIiLCJzc2xTIjoiOTAyIiwicmVxdVMiOiIxMDIyIiwicmVzcFMiOiIxMTI2IiwicmVzcEUiOiIxMTI3IiwiZG9tTG9hZCI6IjExMjkiLCJkb21JbnRlciI6IjE4MTMiLCJkb21Mb2FkUyI6IjE4MTMiLCJkb21Mb2FkRSI6IjE4MTQifSwiaWRlbnRpdGllcyI6W3sidHlwZSI6ImdhIiwiaWQiOiIxMTgxNzAzODMiLCJyZWZUaW1lIjoiMTY2NzIzNjIxMTc5MiJ9XSwiY2FtcGFpZ25zIjpbeyJwYWdlSWQiOiJmZDM4NTI3MS1mMGE5LTQ2YWQtODBlMy0yNGY1ZDZiY2ZhYjAiLCJuYW1lIjoidXRtX3NvdXJjZSIsInZhbHVlIjoicG9zdHVwIiwicmVmVGltZSI6IjE2NjcyMzYyMTIiLCJjcmVhdGVUaW1lIjoiMTY2NzIzNjIxMiJ9LHsicGFnZUlkIjoiZmQzODUyNzEtZjBhOS00NmFkLTgwZTMtMjRmNWQ2YmNmYWIwIiwibmFtZSI6InV0bV9tZWRpdW0iLCJ2YWx1ZSI6ImVtYWlsIiwicmVmVGltZSI6IjE2NjcyMzYyMTIiLCJjcmVhdGVUaW1lIjoiMTY2NzIzNjIxMiJ9LHsicGFnZUlkIjoiZmQzODUyNzEtZjBhOS00NmFkLTgwZTMtMjRmNWQ2YmNmYWIwIiwibmFtZSI6InV0bV9jYW1wYWlnbiIsInZhbHVlIjoib2N0MjAyMl9FTV9icmFuZGNhbXBhaWduIiwicmVmVGltZSI6IjE2NjcyMzYyMTIiLCJjcmVhdGVUaW1lIjoiMTY2NzIzNjIxMiJ9XX0
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.219.38.131 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-219-38-131.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Mon, 31 Oct 2022 17:10:12 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 19ms
18ms XHR
text/plain 2a00:1450:400c:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-54716522-2&cid=118170383.1667236211&jid=826705042&gjid=1887376083&_gid=994032249.1667236211&_u=aGDAiEIzBAQCAGAEK~&z=2006503020

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c1b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://myaccount.buffalonews.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 31 Oct 2022 17:10:11 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://myaccount.buffalonews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 32ms
31ms Image
image/gif 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1635153082&t=pageview&_s=1&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&ul=en-us&de=UTF-8&dt=My%20Account%20-%20The%20Buffalo%20News&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAiEIzBAQCACAEK~&jid=826705042&gjid=1887376083&cid=118170383.1667236211&tid=UA-54716522-2&_gid=994032249.1667236211&gtm=2wgaq0TDWDC2&cg1=users&cd1=desktop&cd2=buffalonews.com&cd3=user&cd4=index&cd6=subscriber&cd7=services&cd14=Undefined&cd17=null&cd21=Buffalo&cd22=flex-user&cd23=subscriber%2Cservices&cd75=0&cd76=%20%20%20%20%20%20%20%20%20&cd79=&cd80=&cd82=&cd102=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F107.0.5304.87%20safari%2F537.36&cd103=Undefined&cd104=Undefined%2C%20Undefined&cd105=undefined&cd106=Page%20View&cd107=0&cd111=undefined&cd115=notset&cd89=118170383.1667236211&z=18460851

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 03:28:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 49278
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 73ms
72ms Image
image/gif 2a00:1450:4001:808::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-54716522-2&cid=118170383.1667236211&jid=826705042&_u=aGDAiEIzBAQCAGAEK~&z=1501519292

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 107ms
106ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-54716522-2&cid=118170383.1667236211&jid=826705042&_u=aGDAiEIzBAQCAGAEK~&z=1501519292

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK a-0585 Show response
i.liadm.com/s/c/ Frame 3586 1 KB
1 KB 331ms
111ms Document
text/html 3.208.116.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://i.liadm.com/s/c/a-0585?s=&cim=&ps=true&ls=true&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Requested by

Host: b-code.liadm.com
URL: https://b-code.liadm.com/sync-container.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.208.116.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-116-31.compute-1.amazonaws.com

Software

Resource Hash

e953e5141c33fefefb6316a9c2eed7e039a17e17c6181ad8008af6cc60b584f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://myaccount.buffalonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 639
Content-Type: text/html; charset=UTF-8
Date: Mon, 31 Oct 2022 17:10:12 GMT
ETag: 1.61803398874
Request-Time: 6
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding

GET
H/1.1 200
OK baker
sli.buffalonews.com/ 19 B
368 B 81ms
9ms Image
image/gif 23.36.162.28
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sli.buffalonews.com/baker?dtstmp=1667236212492
Requested by: Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.28 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-28.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Expires: Mon, 31 Oct 2022 17:10:12 GMT
Pragma: no-cache
Date: Mon, 31 Oct 2022 17:10:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 19
Content-Type: image/gif

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 7ms
7ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1041323275912628&ev=Microdata&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&rl=&if=false&ts=1667236212813&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22My%20Account%20-%20The%20Buffalo%20News%22%2C%22meta%3Adescription%22%3A%22Manage%20all%20your%20account%20details%20in%20one%20place.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.89&r=stable&ec=3&o=30&fbp=fb.1.1667236211286.331320045&it=1667236211148&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:12 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 7ms
7ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=961211893969940&ev=Microdata&dl=https%3A%2F%2Fmyaccount.buffalonews.com%2F%3Fcampaign%3DE0010627E1%26utm_source%3Dpostup%26utm_medium%3Demail%26utm_campaign%3Doct2022_EM_brandcampaign&rl=&if=false&ts=1667236212815&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22My%20Account%20-%20The%20Buffalo%20News%22%2C%22meta%3Adescription%22%3A%22Manage%20all%20your%20account%20details%20in%20one%20place.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.89&r=stable&ec=3&o=30&fbp=fb.1.1667236211286.331320045&it=1667236211148&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: myaccount.buffalonews.com
URL: https://myaccount.buffalonews.com/?campaign=E0010627E1&utm_source=postup&utm_medium=email&utm_campaign=oct2022_EM_brandcampaign

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.buffalonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 31 Oct 2022 17:10:12 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H/1.1

200
OK

468fa03a11f244299b4596333eb8fdb5
i.liadm.com/s/e/a-0585/0/ Frame 3586
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-0585%2F0%2F468fa03a11f244299b4596333eb8fdb5%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&e236a13d-5cd0-4e74-8d14-838...
https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=7156&muid=ecd26360-0175-4200-a803-3ceb480b7d30

43 B
274 B

105ms
104ms

Image
image/gif

3.208.116.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=7156&muid=ecd26360-0175-4200-a803-3ceb480b7d30

Requested by

Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-0585?s=&cim=&ps=true&ls=true&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Protocol

HTTP/1.1

Server

3.208.116.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-116-31.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:12 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Date: Mon, 31 Oct 2022 17:10:12 GMT
Server: MT3 4539 98cc2da master zrh-pixel-x30 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=7156&muid=ecd26360-0175-4200-a803-3ceb480b7d30
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 31 Oct 2022 17:10:11 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 3586 70 B
264 B 35ms
29ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1&gdpr=0
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-0585?s=&cim=&ps=true&ls=true&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

52164
i.liadm.com/s/ Frame 3586
Redirect Chain

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=9db7495d-24de-450e-89ba-021a2ae8d7b5
https://x.bidswitch.net/sync?ssp=liveintent&user_id=e236a13d-5cd0-4e74-8d14-83825d6c9db6
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=liveintent&bsw_param=9db7495d-24de-450e-89ba-021a2ae8d7b5&google_hm=OWRiNzQ5NWQtMjRkZS00NTBlLTg5YmEtMDIxYTJhZThkN2I1
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm=&google_sc=&ssp=liveintent&bsw_param=9db7495d-24de-450e-89ba-021a2ae8d7b5&google_hm=OWRiNzQ5NWQtMjRkZS00NTBlLTg5YmEtMDIxYTJhZTh...
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESENglAitOwnFwvQilpc2m1Tw&google_cver=1&ssp=liveintent&bsw_param=9db7495d-24de-450e-89ba-021a2ae8d7b5
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=9db7495d-24de-450e-89ba-021a2ae8d7b5

43 B
436 B

105ms
105ms

Image
image/gif

3.208.116.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=9db7495d-24de-450e-89ba-021a2ae8d7b5

Requested by

Protocol

HTTP/1.1

Server

3.208.116.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-116-31.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:13 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: //i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=9db7495d-24de-450e-89ba-021a2ae8d7b5
Date: Mon, 31 Oct 2022 17:10:13 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

468fa03a11f244299b4596333eb8fdb5
i.liadm.com/s/e/a-0585/0/ Frame 3586
Redirect Chain

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-0585%2F0%2F468fa03a11f244299b4596333eb8fdb5%3Fmpid%3D82775%26muid%3D%2...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-0585%2F0%2F468fa03a11f244299b4596333eb8fdb5%3Fmp...
https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=82775&muid=56770357844419063360942980042435222880

43 B
274 B

107ms
105ms

Image
image/gif

3.208.116.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=82775&muid=56770357844419063360942980042435222880

Requested by

Protocol

HTTP/1.1

Server

3.208.116.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-116-31.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:13 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

DCS: dcs-prod-irl1-2-v045-0314701ba.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: pLY2J4GWRkw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://i.liadm.com/s/e/a-0585/0/468fa03a11f244299b4596333eb8fdb5?mpid=82775&muid=56770357844419063360942980042435222880
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

live_intent_sync
x.dlx.addthis.com/e/ Frame 3586
Redirect Chain

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=e236a13d-5cd0-4e74-8d14-83825d6c9db6
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&rd=Y

43 B
602 B

154ms
154ms

Image
image/gif

2.18.232.236
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&rd=Y

Requested by

Protocol

Server

2.18.232.236 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-232-236.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

expires: Mon, 31 Oct 2022 17:10:13 GMT
pragma: no-cache
date: Mon, 31 Oct 2022 17:10:13 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.dlx.addthis.com/e/live_intent_sync?na_exid=e236a13d-5cd0-4e74-8d14-83825d6c9db6&rd=Y
pragma: no-cache
date: Mon, 31 Oct 2022 17:10:13 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Mon, 31 Oct 2022 17:10:13 GMT

GET
H2 200 /
trc.taboola.com/sg/liveintent/1/cm/ Frame 3586 43 B
369 B 42ms
20ms Image
image/gif 2a04:4e42::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/liveintent/1/cm/
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-0585?s=&cim=&ps=true&ls=true&duid=fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-vcl-time-ms: 14
pragma: no-cache
date: Mon, 31 Oct 2022 17:10:12 GMT
via: 1.1 varnish
x-served-by: cache-hhn4062-HHN
server: nginx
x-timer: S1667236213.854347,VS0,VE14
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1

200
OK

35004
i6.liadm.com/s/ Frame 3586
Redirect Chain

https://b1sync.zemanta.com/usersync/liveintent/?cb=%2F%2Fi.liadm.com%2Fs%2F35004%3Fbidder_id%3D98254%26bidder_uuid%3D__ZUID__
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

43 B
436 B

326ms
107ms

Image
image/gif

2600:1f18:ed:550a:18eb:75ae:dc51:d648
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:ed:550a:18eb:75ae:dc51:d648 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date: Mon, 31 Oct 2022 17:10:13 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
Date: Mon, 31 Oct 2022 17:10:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: insiderdata360online.com
URL: https://insiderdata360online.com/service/platform.js?ran=0.270503782929874

Domain: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/5b5dc540-ca6c-013a-51e3-0cc47a8ffaac

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

32 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
i.liadm.com/s	1970-01-20 07:50:28	Name: _li_ss Value: MgYIgQEQzhMyBQgMEM4TMgkI_____wcQzhM
click1.email.lee.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 939655C11DDE24F3C9D37CE953444DAD
.buffalonews.com/	1970-01-20 07:08:42	Name: _gid Value: GA1.2.994032249.1667236211
.buffalonews.com/	1970-01-20 09:16:52	Name: _fbp Value: fb.1.1667236211286.331320045
.buffalonews.com/	1970-01-20 07:07:16	Name: _gat Value: 1
.buffalonews.com/	1970-01-20 09:16:52	Name: _gcl_au Value: 1.1.14119086.1667236211
.buffalonews.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .buffalonews.com
.buffalonews.com/	1970-01-20 16:43:16	Name: _lc2_fpi Value: fb73f250d350--01ggqgbatkhbreqj47cvfr2qzq
.buffalonews.com/	1970-01-20 16:43:16	Name: TPCI Value: BNTNosD0gOMssVovzsq5mMDyoUsX07WJg6kBfEGZfh2PTXcyMtNPddEHE9XRbT7ELHS
.buffalonews.com/	1970-01-20 07:07:18	Name: _bnmsi Value: BNTNAepa1cEbB
.buffalonews.com/	1970-01-20 16:43:16	Name: _ga_F8FFLLVDEZ Value: GS1.1.1667236211.1.0.1667236211.60.0.0
.buffalonews.com/	1970-01-20 16:43:16	Name: _ga_7WMGT4N7SH Value: GS1.1.1667236211.1.0.1667236211.60.0.0
.buffalonews.com/	1970-01-20 16:43:16	Name: _ml_id Value: f0b4e422de0f715a.1667236212.1.1667236212.1667236212
.buffalonews.com/	1970-01-20 07:07:18	Name: _ml_ses Value: *
.buffalonews.com/	1970-01-20 07:07:19	Name: AMP_TOKEN Value: %24NOT_FOUND
.buffalonews.com/	1970-01-20 16:43:16	Name: _ga Value: GA1.2.118170383.1667236211
.buffalonews.com/	1970-01-20 07:07:16	Name: _dc_gtm_UA-54716522-2 Value: 1
.trkn.us/	1970-01-20 15:52:52	Name: barometric[cuid] Value: cuid_e39e45a5-1664-489b-befe-f842dd0988bd
.liadm.com/	1970-01-20 16:43:16	Name: lidid Value: e236a13d-5cd0-4e74-8d14-83825d6c9db6
myaccount.buffalonews.com/	1970-01-20 07:07:16	Name: _liChk Value: 0.05463117773969106
.mathtag.com/	1970-01-20 16:33:11	Name: uuid Value: ecd26360-0175-4200-a803-3ceb480b7d30
.demdex.net/	1970-01-20 11:26:28	Name: demdex Value: 56770357844419063360942980042435222880
.dpm.demdex.net/	1970-01-20 11:26:28	Name: dpm Value: 56770357844419063360942980042435222880
.addthis.com/	1970-01-20 16:37:30	Name: na_id Value: 2022103117101200075820755962
.addthis.com/	1970-01-20 16:37:30	Name: na_tc Value: Y
.addthis.com/	1970-01-20 16:37:30	Name: uid Value: 6360017485d0bd0e
.addthis.com/	1970-01-20 16:37:30	Name: ouid Value: 636001740001bd4e0e35df3338d66e042cdc8d64790cacca1115
.bidswitch.net/	1970-01-20 15:52:52	Name: tuuid Value: 9db7495d-24de-450e-89ba-021a2ae8d7b5
.bidswitch.net/	1970-01-20 15:52:52	Name: c Value: 1667236213
.bidswitch.net/	1970-01-20 15:52:52	Name: tuuid_lu Value: 1667236213
.dlx.addthis.com/	1970-01-20 07:50:28	Name: na_sc_x Value: 1
.doubleclick.net/	1970-01-20 16:28:52	Name: IDE Value: AHWqTUlUhBM-lTbL9sspCzYoZW46jB3rVFiqArXt8oTD2XUAcijjS8zsl_QWa0vNSJQ

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://tag.simpli.fi/sifitag/5b5dc540-ca6c-013a-51e3-0cc47a8ffaac Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ampcid.google.com
ampcid.google.de
api.bntech.io
api.buffalonews.com
b-code.liadm.com
b1sync.zemanta.com
click1.email.lee.net
cm.g.doubleclick.net
connect.facebook.net
d1eoo1tco6rr5e.cloudfront.net
dpm.demdex.net
i.liadm.com
i6.liadm.com
insiderdata360online.com
insight.adsrvr.org
js.matheranalytics.com
ka-p.fontawesome.com
kit.fontawesome.com
match.adsrvr.org
myaccount.buffalonews.com
p.typekit.net
qnhtg9kbqjgw2izax.ay.delivery
region1.analytics.google.com
rp.liadm.com
rp4.liadm.com
s3.amazonaws.com
sb.scorecardresearch.com
sli.buffalonews.com
stats.g.doubleclick.net
sync.mathtag.com
tag.simpli.fi
trc.taboola.com
trkn.us
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.i.matheranalytics.com
x.bidswitch.net
x.dlx.addthis.com
insiderdata360online.com
tag.simpli.fi
107.178.250.234
13.32.121.37
142.250.184.194
18.235.126.7
18.66.123.144
185.29.132.241
2.18.232.236
2001:4860:4802:32::178
2001:4860:4802:32::36
23.36.162.28
2600:1f18:410b:aea1:c20e:ee1a:63b:9864
2600:1f18:410b:aea2:183c:dc66:b60:e842
2600:1f18:730:b120:4095:a671:23e5:4310
2600:1f18:ed:550a:18eb:75ae:dc51:d648
2600:9000:225e:5c00:8:8845:1500:93a1
2606:4700::6812:1734
2606:4700:e4::ac40:a40e
2a00:1450:4001:806::200e
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:809::2008
2a00:1450:4001:810::2003
2a00:1450:4001:830::200e
2a00:1450:400c:c1b::9a
2a02:26f0:3500:16::215:148b
2a02:26f0:3500:16::215:148f
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42::300
3.208.116.31
3.219.38.131
3.5.16.140
35.168.71.120
35.71.131.137
52.28.211.5
54.228.8.136
64.202.112.159
74.214.203.11
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
100208b06daf57f4534814f68c968f1647bac87e5644e7955625a3dcddb6bf93
170e2ff36a53844707e0ec430e9d6bbc56708c7973b84aaa498b9c2f887506fd
19fb6182f67890f3a21335563e9d4201f919e07eaa0c7f0c3f0f0f25ec441aee
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
261854a2664913c58d1956c532ba529898e252a789cfd45e02ca4691bba086d9
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435
368ad094d110a9fdcdd3201f34c9e3f9c0ab4d0baf68127f6acbb58a176d09d1
37c65071f378cc9582aabdda3b52979ef901f2925e3f3c3dc597f41eac0f1b6d
3a3a818b0af5603c009c35527c7266c67d21a7b8fd432906771bf030db7c5753
3d2dd4469f84eee0b4a7fc1791a51c9fe3544bf4b26df414af78a2fddbe5938d
3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447
4245ecca2a4b50d7fd9adc9a965ed1f9b4ec24e9935e34c80efafc0f856d54c6
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57a585e15d1c97f032c7a99c654e3d489ae653a49650fe3e113070b013284718
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
6e547b9cd28475c1c0160d8664a748af9e84e0c6818975aadb530c9e01209eab
7eb194c2648de022cb8f29399b9f4409d5ec0cc5314d6e4eea175c78d1d5089a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8850c59b00380af79a60472b2d9db31db1f9abe5bbb3b3771eabb12780653688
89c9f6f9fcf15f9c9762d94725fcc39567158a343861a8d9dcd26c951e93b44c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9f35f72d1b6d10f0b5ebca8169126dbab29cbbf968118773b2f65224ec612d0f
a8a00b576cc9fad532a52ecdf8024724ddaa83cb0f5ca5d1b1d6eb8841103d60
ab16d45b2aadc8e36c45376eadccd0ccc5ac7af8f15937973956ca0dbce47081
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b63324e4659a164791049736c33c88b47890f183ded969e801ca10cda6310ef1
c1ccf7b51a53a2799bda8f53e571be1b448d05df4b48dfec17205247b74fbf07
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
ceb0fe6c8ce9a618de9db64e763af48767f6e48c82692590fd3d589955c065b9
cebcc0f32432da08bda08a939e6614766857941b4398c2bc5924d31a3eaa3b98
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
dcf18d50777709d707614764a7d6d7451f10424f4b2626efb9a04227a5e4d8f5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e953e5141c33fefefb6316a9c2eed7e039a17e17c6181ad8008af6cc60b584f9
e9eef6898bd1faa4c8aa12ab8e9e42b24bfeae3f58df0be486766f3e55fbc6ec
ee54b51af15f1f68f707da981f3c135c249a25e9293871e1e0cbd2c24c7b6117
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f40830ff55b02948eacb96ff85bafdacd973b155d991e55f91784ec5c7ce82fb
f6cd9a637651fd548016b8ad2b8615f115a8c32a7fd62c184c5bcb4621d1ad10
f896040524443394b8b1ba4fbd1de94be74378ab901e53b3b40c1323d1735143

myaccount.buffalonews.com Open in urlscan Pro 2600:1f18:410b:aea2:183c:dc66:b60:e842 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

78 Requests

87 %HTTPS

55 %IPv6

29 Domains

43 Subdomains

32 IPs

5 Countries

1111 kBTransfer

3808 kBSize

32 Cookies

3 Outgoing links

Page URL History

Redirected requests

78 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

myaccount.buffalonews.com Open in urlscan Pro
2600:1f18:410b:aea2:183c:dc66:b60:e842 Public Scan

Screenshot
Live screenshot

Full Image

78
Requests

87 %
HTTPS

55 %
IPv6

29
Domains

43
Subdomains

32
IPs

5
Countries

1111 kB
Transfer

3808 kB
Size

32
Cookies

78 HTTP transactions
0 data transactions