URL: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
Submission: On January 14 via api from SG

Summary

This website contacted 10 IPs in 6 countries across 9 domains to perform 38 HTTP transactions. The main IP is 74.214.203.11, located in United States and belongs to AMAZON-AES, US. The main domain is click1.email.journalstar.com.
This is the only time click1.email.journalstar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 74.214.203.11 14618 (AMAZON-AES)
4 2a03:2880:f01... 32934 (FACEBOOK)
1 2a00:1450:400... 15169 (GOOGLE)
1 96.46.128.252 14618 (AMAZON-AES)
16 104.18.130.43 13335 (CLOUDFLAR...)
14 14 2.16.186.51 20940 (AKAMAI-ASN1)
11 14 35.172.12.251 14618 (AMAZON-AES)
3 151.101.13.44 54113 (FASTLY)
6 104.111.249.62 16625 (AKAMAI-AS)
1 2 2600:1f18:444... 14618 (AMAZON-AES)
2 3 54.227.229.225 14618 (AMAZON-AES)
1 1 185.29.135.42 30419 (MEDIAMATH...)
38 10
Domain
Subdomains
Transfer
19 liadm.com
9 KB
16 townnews.com
214 KB
16 journalstar.com
71 KB
6 licasd.com
52 KB
6 facebook.net
118 KB
3 taboola.com
612 KB
1 mathtag.com
628 B
1 efeedbacktrk.com
466 B
1 google-analytics.com
96 B
38 9
Domain Requested by
16 bloximages.chicago2.vip.townnews.com click1.email.journalstar.com
14 p.liadm.com 11 redirects click1.email.journalstar.com
14 li.journalstar.com 14 redirects
6 c.licasd.com click1.email.journalstar.com
6 connect.facebook.net 2 redirects click1.email.journalstar.com
connect.facebook.net
3 i.liadm.com 2 redirects click1.email.journalstar.com
3 mb.taboola.com click1.email.journalstar.com
2 i6.liadm.com 1 redirects click1.email.journalstar.com
2 click1.email.journalstar.com
1 sync.mathtag.com 1 redirects
1 b76e3c.efeedbacktrk.com click1.email.journalstar.com
1 www.google-analytics.com click1.email.journalstar.com
38 12

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-12-22 -
2021-03-21
3 months
*.google-analytics.com
GTS CA 1O1
2020-12-15 -
2021-03-09
3 months
*.efeedbacktrk.com
Sectigo RSA Organization Validation Secure Server CA
2019-04-24 -
2021-04-23
2 years
bloximages.chicago2.vip.townnews.com
GeoTrust RSA CA 2018
2020-02-25 -
2021-04-25
a year
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2020-11-25 -
2021-12-26
a year
li.lisecurelink.com
Let's Encrypt Authority X3
2020-11-06 -
2021-02-04
3 months
*.liadm.com
Amazon
2020-11-30 -
2021-12-29
a year
p.liadm.com
Sectigo RSA Domain Validation Secure Server CA
2020-05-19 -
2022-05-30
2 years

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /^Apache-Coyote(?:\/([\d.]+))?/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /^Apache-Coyote(?:\/([\d.]+))?/i

Web
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i


Stats

0
Requests

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

38 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
3 KB
3 KB
Document
General
Full URL
http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
Protocol
HTTP/1.1
Server
74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
aa6149a4f80415c44d81f8184d45c07d4b03fd75483ec9ac0bd7ff0339318355

Request headers

Host
click1.email.journalstar.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
Apache-Coyote/1.1
Connection
Keep-Alive
Keep-Alive
timeout=60
Set-Cookie
JSESSIONID=5A1523F67CD3A23EEB55AE232386940E; Path=/; HttpOnly
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Date
Thu, 14 Jan 2021 01:18:56 GMT
all.js
connect.facebook.net/en_US
Redirect Chain
  • http://connect.facebook.net/en_US/all.js
  • https://connect.facebook.net/en_US/all.js
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
12bdc566f7a832d68a46b7a0992552151faf3d9551e154d45e6bcf74396fdcf5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
k2uBuuCfC6jJ4Iyt4EmowQ==
cross-origin-resource-policy
cross-origin
expires
Thu, 14 Jan 2021 01:28:42 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1780
x-fb-rlafr
0
x-fb-debug
QjP0ehXWUUzKQYzUEj3QmNPQJ2FHJ/091jSLutLnMOUuQLqGzQam2o6CN6fAVxn1Z0FJHx0/CqAbRhjHi9mNLw==
x-fb-trip-id
686109401
x-fb-content-md5
7ea577c38af86eb54ddb93932d37707b
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Thu, 14 Jan 2021 01:18:57 GMT
x-frame-options
DENY
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"7288b53ef352c55e13aa848aa29accd7"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5

Redirect headers

Location
https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason
HSTS
all.js?hash=6669e987b7e0e8dd2f64259b3751c704&ua=modern_es6
connect.facebook.net/en_US
188 KB
57 KB
Script
General
Full URL
https://connect.facebook.net/en_US/all.js?hash=6669e987b7e0e8dd2f64259b3751c704&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
http://click1.email.journalstar.com
Referer
http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
UvaJYeoZ6fPkIcrwm7YuNw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
57677
x-fb-rlafr
0
x-fb-debug
o9JydJO1n/JN/wezZ1itIo0aHyGcb93HRCPG8ILCzqVnop39F7fPwJwR3uqlU1vMzbkZJz1D83Q2WzJgvVGLig==
x-fb-trip-id
686109401
x-fb-content-md5
09140696646195f414d68e441add66a8
x-frame-options
DENY
date
Thu, 14 Jan 2021 01:18:57 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"74bf44cac1e1cd2b023a353abc4f85dd"
timing-allow-origin
*
expires
Thu, 13 Jan 2022 19:09:03 GMT
Cookie set ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
55 KB
55 KB
Document
General
Full URL
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Server
74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
a6c003cbc9fc9badb30e148343684cbc948549f755bdfebcba42daf27f8b55bb

Request headers

Host
click1.email.journalstar.com
Connection
keep-alive
Content-Length
269
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Origin
http://click1.email.journalstar.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
JSESSIONID=5A1523F67CD3A23EEB55AE232386940E
Upgrade-Insecure-Requests
1
Origin
http://click1.email.journalstar.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view

Response headers

Server
Apache-Coyote/1.1
Connection
Keep-Alive
Keep-Alive
timeout=60
Set-Cookie
JSESSIONID=74961951441A45223ABF895F837B5F18; Path=/; HttpOnly
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Date
Thu, 14 Jan 2021 01:18:57 GMT
all.js
connect.facebook.net/en_US
Redirect Chain
  • http://connect.facebook.net/en_US/all.js
  • https://connect.facebook.net/en_US/all.js
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
12bdc566f7a832d68a46b7a0992552151faf3d9551e154d45e6bcf74396fdcf5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
k2uBuuCfC6jJ4Iyt4EmowQ==
cross-origin-resource-policy
cross-origin
expires
Thu, 14 Jan 2021 01:28:42 GMT
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1780
x-fb-rlafr
0
x-fb-debug
QjP0ehXWUUzKQYzUEj3QmNPQJ2FHJ/091jSLutLnMOUuQLqGzQam2o6CN6fAVxn1Z0FJHx0/CqAbRhjHi9mNLw==
x-fb-trip-id
686109401
x-fb-content-md5
7ea577c38af86eb54ddb93932d37707b
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Thu, 14 Jan 2021 01:18:57 GMT
x-frame-options
DENY
report-to
{"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"7288b53ef352c55e13aa848aa29accd7"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5

Redirect headers

Location
https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason
HSTS
all.js?hash=6669e987b7e0e8dd2f64259b3751c704&ua=modern_es6
connect.facebook.net/en_US
188 KB
56 KB
Script
General
Full URL
https://connect.facebook.net/en_US/all.js?hash=6669e987b7e0e8dd2f64259b3751c704&ua=modern_es6
Requested by
Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eeb689959ff11455ada02fd3650327d834d030ae0869b1f54d7060359482133e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Origin
http://click1.email.journalstar.com
Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
UvaJYeoZ6fPkIcrwm7YuNw==
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
57677
x-fb-rlafr
0
x-fb-debug
o9JydJO1n/JN/wezZ1itIo0aHyGcb93HRCPG8ILCzqVnop39F7fPwJwR3uqlU1vMzbkZJz1D83Q2WzJgvVGLig==
x-fb-trip-id
686109401
x-fb-content-md5
09140696646195f414d68e441add66a8
x-frame-options
DENY
date
Thu, 14 Jan 2021 01:18:57 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"74bf44cac1e1cd2b023a353abc4f85dd"
timing-allow-origin
*
expires
Thu, 13 Jan 2022 19:09:03 GMT
collect?v=1&tid=UA-54716522-12&t=event&ec=email&ea=open&cid=5334099&el=whatcounts&cs=journalstar.com&cm=email&cn=%2Fnewsletter-templates%2Fnews-alert%2F%3Fforce_medium%3DPostUp
www.google-analytics.com
35 B
96 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&tid=UA-54716522-12&t=event&ec=email&ea=open&cid=5334099&el=whatcounts&cs=journalstar.com&cm=email&cn=%2Fnewsletter-templates%2Fnews-alert%2F%3Fforce_medium%3DPostUp
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 13 Jan 2021 19:04:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
22476
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
krrwtmssdsbjplvtjrhmmjpdgpjqgwpdptfklfshsdlphsl_rcngnnkjllpcvcjgvlwnk.gif
b76e3c.efeedbacktrk.com
68 B
466 B
Image
General
Full URL
https://b76e3c.efeedbacktrk.com/krrwtmssdsbjplvtjrhmmjpdgpjqgwpdptfklfshsdlphsl_rcngnnkjllpcvcjgvlwnk.gif
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
96.46.128.252 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
www.efeedbacktrk.com
Software
sp /
Resource Hash
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 14 Jan 2021 01:18:57 GMT
Server
sp
Content-Type
image/png;charset=utf-8
Cache-Control
private, max-age=0, no-cache, no-store, must-revalidate
Connection
Keep-Alive
imagetoolbar
no
Keep-Alive
timeout=60
Content-Length
68
Expires
Thu, 01 Jan 1970 00:00:00 GMT
62f44678-da42-11e9-a75c-7ba230687b72.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image
18 KB
18 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image/62f44678-da42-11e9-a75c-7ba230687b72.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c8a097e32c05dbd1256b8a06eb3aa03dc20c5f2d1c5dca2f00b6ed5c148fad1
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
2382326
last-modified
Wed, 18 Sep 2019 18:30:28 GMT
strict-transport-security
max-age=604800
content-length
18161
cf-request-id
07a0127e690000cdcf9a3ea000000001
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5d8277c4-46f1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa4a49cdcf-CDG
expires
Sat, 20 Nov 2021 11:30:20 GMT
5fff4b6815c74.preview.jpg?crop=947%2C592%2C234%2C833&resize=728%2C455&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/b/7d/b7d741a5-e9f2-5465-9daf-fe3719c3dbcd
40 KB
40 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/b/7d/b7d741a5-e9f2-5465-9daf-fe3719c3dbcd/5fff4b6815c74.preview.jpg?crop=947%2C592%2C234%2C833&resize=728%2C455&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa43b2a9fcd3eff255bc93b2c89fce1d71d31d0b1f06388ae63a46301f989e44
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
17170
last-modified
Wed, 13 Jan 2021 19:35:04 GMT
strict-transport-security
max-age=604800
content-length
40497
cf-request-id
07a0127e6b0000cdcff0853000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"b6970d01f5e23f2963b706729c518a4b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 13 Jan 2022 20:31:14 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa4a4fcdcf-CDG
cf-bgj
h2pri
recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-98cc-a4ad6ca0d088&widget.placement=104686&widget.slot=1&wi...
mb.taboola.com/server/1.1/jpg/liveintent-ron-row
Redirect Chain
  • http://li.journalstar.com/imp?s=104686&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=104686&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-9...
240 KB
241 KB
Image
General
Full URL
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-98cc-a4ad6ca0d088&widget.placement=104686&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
f07001944ae763d8646ed385143b179c625034449e94f0dabb59df58f2b56b7b

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:58 GMT
via
1.1 varnish
server
nginx
x-timer
S1610587138.210616,VS0,VE308
x-served-by
cache-fra19157-FRA
x-cache
MISS
content-type
image/jpeg
accept-ranges
bytes
content-length
245977
x-application-context
application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits
0

Redirect headers

Location
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-98cc-a4ad6ca0d088&widget.placement=104686&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225
Redirect Chain
  • http://li.journalstar.com/imp?s=445704&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=445704&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
1 KB
2 KB
Image
General
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-62.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified
Tue, 06 Aug 2019 20:24:36 GMT
Server
AmazonS3
x-amz-request-id
33868793B1CCB4E4
ETag
"6956da20f9d008ec379926ee358e5594"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1255
x-amz-id-2
jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225
Redirect Chain
  • http://li.journalstar.com/imp?s=576774&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=576774&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
15 KB
16 KB
Image
General
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-62.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified
Wed, 17 Feb 2016 22:44:07 GMT
Server
AmazonS3
x-amz-request-id
D26CB739C42B32BC
ETag
"c56fae17aa690ac40e2a23fbf5796b60"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15721
x-amz-id-2
NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
5fd3efa43b413.image.jpg?crop=1080%2C1080%2C420%2C0&resize=182%2C182&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/d/fc/dfc44b40-d68d-5f79-98d2-2554b7a62d61
8 KB
8 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/d/fc/dfc44b40-d68d-5f79-98d2-2554b7a62d61/5fd3efa43b413.image.jpg?crop=1080%2C1080%2C420%2C0&resize=182%2C182&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04e043038c2951b33f7257c4ec125cb77a8d20fe888e812dc4244c3194c8ba7d
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
25381
last-modified
Fri, 11 Dec 2020 22:16:04 GMT
strict-transport-security
max-age=604800
content-length
8088
cf-request-id
07a0127e6a0000cdcfa8167000000001
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"34ce30a82fa3005a2f10c2f9abf08c66"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 13 Jan 2022 17:16:03 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa4a4bcdcf-CDG
cf-bgj
h2pri
5fd26b0a4bb80.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/0/be/0be7c116-8d36-5a72-9892-4b15e635c5f8
8 KB
8 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/0/be/0be7c116-8d36-5a72-9892-4b15e635c5f8/5fd26b0a4bb80.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ab613ac850edc76324202ae1449197b8c9d0118b0a3ae2398803d115d9af46d
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
vary
Accept-Encoding
cf-cache-status
HIT
age
21398
last-modified
Thu, 10 Dec 2020 18:38:02 GMT
cf-bgj
h2pri
cf-request-id
07a0127e6a0000cdcfa0be5000000001
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"938ae4c872981ae7a8f09a3bafed6878"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
611386aa4a4ccdcf-CDG
expires
Thu, 13 Jan 2022 19:15:29 GMT
5fff1a7890a5e.image.jpg?crop=681%2C681%2C0%2C85&resize=182%2C182&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/9c/39c55ef5-476e-5394-96d5-e3d0d3a05bde
6 KB
6 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/9c/39c55ef5-476e-5394-96d5-e3d0d3a05bde/5fff1a7890a5e.image.jpg?crop=681%2C681%2C0%2C85&resize=182%2C182&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9d38d58b1c4269196488c855961d1fb1b4761e8de1e607bd5aa8c044c74578a
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
31579
last-modified
Wed, 13 Jan 2021 16:06:16 GMT
strict-transport-security
max-age=604800
content-length
5731
cf-request-id
07a0127e6a0000cdcfc92e1000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"670bed421a2f83a64f3046d6c7b7c625"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 13 Jan 2022 16:25:45 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa4a4acdcf-CDG
cf-bgj
h2pri
5ff63a04290d1.image.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/2/c9/2c905ed6-cec0-509c-983a-28d4cf87e6a9
77 KB
77 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/2/c9/2c905ed6-cec0-509c-983a-28d4cf87e6a9/5ff63a04290d1.image.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
370407adf1563ac7358e4c42df83619bc9160309b045587d95e6ae20db9f4b5e
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
611909
last-modified
Wed, 06 Jan 2021 22:30:28 GMT
strict-transport-security
max-age=604800
content-length
78509
cf-request-id
07a0127e6a0000cdcfcc9d8000000001
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5ff63a04-132ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa4a4dcdcf-CDG
expires
Thu, 06 Jan 2022 23:19:32 GMT
5fff0e3a93793.preview.jpg?crop=1175%2C1175%2C294%2C0&resize=182%2C182&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/c/b4/cb478071-e903-5886-b23e-c5b9ae7a882f
7 KB
8 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/c/b4/cb478071-e903-5886-b23e-c5b9ae7a882f/5fff0e3a93793.preview.jpg?crop=1175%2C1175%2C294%2C0&resize=182%2C182&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b5e7a779c21f69345cb08b15dba3696a359968788dddf38023eacef30d71348
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
34695
last-modified
Wed, 13 Jan 2021 15:14:02 GMT
strict-transport-security
max-age=604800
content-length
7412
cf-request-id
07a0127e870000cdcfecb7c000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"aee0009db75a0affa59430a79bf0a83d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 13 Jan 2022 15:27:31 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa7a75cdcf-CDG
cf-bgj
h2pri
5fade6c7f23af.image.jpg?crop=1246%2C1246%2C207%2C0&resize=182%2C182&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/4/84/484eae6a-f6a3-5500-bea4-da222c5c580c
4 KB
4 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/4/84/484eae6a-f6a3-5500-bea4-da222c5c580c/5fade6c7f23af.image.jpg?crop=1246%2C1246%2C207%2C0&resize=182%2C182&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fb9a18a06844147a8e829f05e774c5da15988b75337be134e6190e797db13ca
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
83053
last-modified
Fri, 13 Nov 2020 01:52:08 GMT
strict-transport-security
max-age=604800
content-length
4295
cf-request-id
07a0127e870000cdcfe6afd000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"6be1eed5530ad5aa44afc74bb3931eb8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 13 Jan 2022 01:47:54 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa7a76cdcf-CDG
cf-bgj
h2pri
5fb0c62770acd.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/c8/3c8cf29f-d119-5240-95f1-50de936b436a
5 KB
5 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/c8/3c8cf29f-d119-5240-95f1-50de936b436a/5fb0c62770acd.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
709a6f5024e7d6eecaf1490c177a636a4b2cb9af15171685b78c99859ea3bc73
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
66673
last-modified
Sun, 15 Nov 2020 06:09:43 GMT
strict-transport-security
max-age=604800
content-length
5384
cf-request-id
07a0127e870000cdcf89947000000001
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"7d8ef468e373ce6fa6074f48e4839dd6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Mon, 03 Jan 2022 03:52:54 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa7a77cdcf-CDG
cf-bgj
h2pri
serif-ds.woff2?_dc=1608764706
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images
26 KB
26 KB
Font
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/serif-ds.woff2?_dc=1608764706
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Origin
http://click1.email.journalstar.com
Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
vary
Accept-Encoding
cf-cache-status
HIT
last-modified
Wed, 23 Dec 2020 23:05:06 GMT
content-length
26164
cf-request-id
07a0127e7f000032be4089e000000001
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5fe3cd22-6634"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa699932be-CDG
expires
Sun, 02 Jan 2022 13:56:02 GMT
recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a500-8db6063970cc&widget.placement=104689&widget.slot=1&wi...
mb.taboola.com/server/1.1/jpg/liveintent-ron-row
Redirect Chain
  • http://li.journalstar.com/imp?s=104689&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=104689&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a...
62 KB
63 KB
Image
General
Full URL
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a500-8db6063970cc&widget.placement=104689&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.20.235&widget.alternative=
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fca8cefeb2a0df7ed3a9e5202aa65d092f748a5b3800496e3bec337815d58c3b

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:58 GMT
via
1.1 varnish
server
nginx
x-timer
S1610587138.210665,VS0,VE25
x-served-by
cache-fra19157-FRA
x-cache
MISS
content-type
image/jpeg
accept-ranges
bytes
content-length
63993
x-application-context
application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits
0

Redirect headers

Location
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a500-8db6063970cc&widget.placement=104689&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.20.235&widget.alternative=
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225
Redirect Chain
  • http://li.journalstar.com/imp?s=445703&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=445703&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
1 KB
2 KB
Image
General
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-62.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified
Tue, 06 Aug 2019 20:24:36 GMT
Server
AmazonS3
x-amz-request-id
33868793B1CCB4E4
ETag
"6956da20f9d008ec379926ee358e5594"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1255
x-amz-id-2
jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225
Redirect Chain
  • http://li.journalstar.com/imp?s=576773&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=576773&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
15 KB
16 KB
Image
General
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-62.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified
Wed, 17 Feb 2016 22:44:07 GMT
Server
AmazonS3
x-amz-request-id
D26CB739C42B32BC
ETag
"c56fae17aa690ac40e2a23fbf5796b60"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15721
x-amz-id-2
NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
5f4d3a6d82532.image.jpg?crop=1131%2C1131%2C351%2C0&resize=182%2C182&order=crop%2Cresize
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/a/9e/a9e867d0-24a4-586e-938f-20cb713df2d8
9 KB
9 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/a/9e/a9e867d0-24a4-586e-938f-20cb713df2d8/5f4d3a6d82532.image.jpg?crop=1131%2C1131%2C351%2C0&resize=182%2C182&order=crop%2Cresize
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc65aef5850cba71efa6a7c34359c8fc9f87c839195c03faa5382a5588f6a0a0
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
83053
last-modified
Mon, 31 Aug 2020 17:59:09 GMT
strict-transport-security
max-age=604800
content-length
9019
cf-request-id
07a0127e980000cdcf85124000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"22587f8b8ebc6a97f5a974b01e3d55c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
expires
Thu, 13 Jan 2022 01:47:54 GMT
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa8a83cdcf-CDG
cf-bgj
h2pri
recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-92b8-9b47cb131654&widget.placement=104680&widget.slot=1&wi...
mb.taboola.com/server/1.1/jpg/liveintent-ron-row
Redirect Chain
  • http://li.journalstar.com/imp?s=104680&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=104680&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-9...
307 KB
308 KB
Image
General
Full URL
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-92b8-9b47cb131654&widget.placement=104680&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c82cf19fad6a857f2d919c9f143cdc3fd7ebefb70b6bf862430ddd8e3f8b6c1c

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:59 GMT
via
1.1 varnish
server
nginx
x-timer
S1610587139.523443,VS0,VE1050
x-served-by
cache-fra19157-FRA
x-cache
MISS
content-type
image/jpeg
accept-ranges
bytes
content-length
314659
x-application-context
application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits
0

Redirect headers

Location
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-92b8-9b47cb131654&widget.placement=104680&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225
Redirect Chain
  • http://li.journalstar.com/imp?s=445705&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=445705&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
1 KB
2 KB
Image
General
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-62.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified
Tue, 06 Aug 2019 20:24:36 GMT
Server
AmazonS3
x-amz-request-id
33868793B1CCB4E4
ETag
"6956da20f9d008ec379926ee358e5594"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1255
x-amz-id-2
jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225
Redirect Chain
  • http://li.journalstar.com/imp?s=576775&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=576775&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
15 KB
16 KB
Image
General
Full URL
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-249-62.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified
Wed, 17 Feb 2016 22:44:07 GMT
Server
AmazonS3
x-amz-request-id
D26CB739C42B32BC
ETag
"c56fae17aa690ac40e2a23fbf5796b60"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
15721
x-amz-id-2
NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_...
i6.liadm.com/s/section
Redirect Chain
  • http://li.journalstar.com/imp?s=123588000&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588000&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
  • https://i6.liadm.com/s/section/123588000?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=...
  • https://i6.liadm.com/s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e...
43 B
419 B
Image
General
Full URL
https://i6.liadm.com/s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=dff5cb98389e4567baf556802d7330e0
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:444a:4602:9dc0:e3c3:ce39:bafa Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
/s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=dff5cb98389e4567baf556802d7330e0
Date
Thu, 14 Jan 2021 01:18:58 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01
i.liadm.com/s/e/5183/0
Redirect Chain
  • http://li.journalstar.com/imp?s=123588001&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588001&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
  • https://i.liadm.com/s/section/123588001?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=s...
  • https://i.liadm.com/s/section/123588001?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8...
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5183%2F0%2F5a21935b113e44af994203eb578dd691%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&8653c15d-6c26-4554-b10f-d23ee...
  • https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01
43 B
257 B
Image
General
Full URL
https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.227.229.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-227-229-225.compute-1.amazonaws.com
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:59 GMT
Cache-Control
no-store
Connection
keep-alive
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Date
Thu, 14 Jan 2021 01:19:00 GMT
Server
MT3 3483 e916156 master cdg-pixel-x6
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Thu, 14 Jan 2021 01:18:59 GMT
imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f4443...
p.liadm.com
Redirect Chain
  • http://li.journalstar.com/imp?s=123588002&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
43 B
315 B
Image
General
Full URL
https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.172.12.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-172-12-251.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma
no-cache
Date
Thu, 14 Jan 2021 01:18:58 GMT
Server
AkamaiGHost
Location
https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Thu, 14 Jan 2021 01:18:58 GMT
imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f4443...
p.liadm.com
Redirect Chain
  • http://li.journalstar.com/imp?s=123588003&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
43 B
315 B
Image
General
Full URL
https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.172.12.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-172-12-251.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma
no-cache
Date
Thu, 14 Jan 2021 01:18:58 GMT
Server
AkamaiGHost
Location
https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Thu, 14 Jan 2021 01:18:58 GMT
imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f4443...
p.liadm.com
Redirect Chain
  • http://li.journalstar.com/imp?s=123588004&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
43 B
315 B
Image
General
Full URL
https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
35.172.12.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-172-12-251.compute-1.amazonaws.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma
no-cache
Date
Thu, 14 Jan 2021 01:18:58 GMT
Server
AkamaiGHost
Location
https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Expires
Thu, 14 Jan 2021 01:18:58 GMT
facebook.png?_dc=1608710503
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email
413 B
527 B
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/facebook.png?_dc=1608710503
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75e46604bc973b209defcde74ec7a6bd80da48c49490eb392289e7083cde5436
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
1857440
last-modified
Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security
max-age=604800
content-length
413
cf-request-id
07a0127e980000cdcfb410f000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"5fe2f967-19d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa8a84cdcf-CDG
expires
Thu, 23 Dec 2021 10:06:18 GMT
twitter.png?_dc=1608710503
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email
920 B
1 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/twitter.png?_dc=1608710503
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f50d5b45cb56df68824851416593c663753e7d800f7261bf14b9c602d219bd42
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
1857440
last-modified
Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security
max-age=604800
content-length
920
cf-request-id
07a0127e990000cdcfcb88c000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"5fe2f967-398"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa8a86cdcf-CDG
expires
Thu, 23 Dec 2021 10:06:18 GMT
instagram.png?_dc=1608710503
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email
1 KB
1 KB
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/instagram.png?_dc=1608710503
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6b6ed729e29dad2a30e237aaecea16c23995310a67e369004944512eaa0b4d4
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
1857440
last-modified
Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security
max-age=604800
content-length
1311
cf-request-id
07a0127e990000cdcfa4011000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"5fe2f967-51f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa8a87cdcf-CDG
expires
Thu, 23 Dec 2021 10:06:18 GMT
youtube.png?_dc=1608710503
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email
817 B
933 B
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/youtube.png?_dc=1608710503
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06270bf1ca6b89cd31765870aaa57be10e6ac151205fe87351cc8d90d9cf22dc
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status
HIT
age
1857440
last-modified
Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security
max-age=604800
content-length
817
cf-request-id
07a0127e990000cdcfc7082000000001
x-robots-tag
noarchive
x-vcache
HIT
server
cloudflare
etag
"5fe2f967-331"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa8a89cdcf-CDG
expires
Thu, 23 Dec 2021 10:06:18 GMT
phone.png?_dc=1608710503
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email
493 B
626 B
Image
General
Full URL
https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/phone.png?_dc=1608710503
Requested by
Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2069f171e099f0e2ee2c73bff45cfda2ad0f5eecd9f1a5893e51edaf2ffd56b
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 14 Jan 2021 01:18:57 GMT
vary
Accept-Encoding
cf-cache-status
HIT
last-modified
Wed, 23 Dec 2020 08:01:43 GMT
content-length
493
cf-request-id
07a0127e990000cdcfe735c000000001
x-robots-tag
noarchive
x-vcache
MISS
server
cloudflare
etag
"5fe2f967-1ed"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=604800
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
611386aa8a8bcdcf-CDG
expires
Thu, 23 Dec 2021 10:06:14 GMT

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 1
  • http://connect.facebook.net/en_US/all.js
  • https://connect.facebook.net/en_US/all.js
Request 4
  • http://connect.facebook.net/en_US/all.js
  • https://connect.facebook.net/en_US/all.js
Request 10
  • http://li.journalstar.com/imp?s=104686&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=104686&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-9...
Request 11
  • http://li.journalstar.com/imp?s=445704&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=445704&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Request 12
  • http://li.journalstar.com/imp?s=576774&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=576774&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Request 21
  • http://li.journalstar.com/imp?s=104689&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=104689&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a...
Request 22
  • http://li.journalstar.com/imp?s=445703&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=445703&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Request 23
  • http://li.journalstar.com/imp?s=576773&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=576773&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Request 25
  • http://li.journalstar.com/imp?s=104680&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=104680&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-9...
Request 26
  • http://li.journalstar.com/imp?s=445705&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=445705&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Request 27
  • http://li.journalstar.com/imp?s=576775&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=576775&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
  • https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Request 28
  • http://li.journalstar.com/imp?s=123588000&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588000&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
  • https://i6.liadm.com/s/section/123588000?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=...
  • https://i6.liadm.com/s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e...
Request 29
  • http://li.journalstar.com/imp?s=123588001&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588001&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
  • https://i.liadm.com/s/section/123588001?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=s...
  • https://i.liadm.com/s/section/123588001?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8...
  • https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5183%2F0%2F5a21935b113e44af994203eb578dd691%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&8653c15d-6c26-4554-b10f-d23ee...
  • https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01
Request 30
  • http://li.journalstar.com/imp?s=123588002&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
Request 31
  • http://li.journalstar.com/imp?s=123588003&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
Request 32
  • http://li.journalstar.com/imp?s=123588004&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
  • https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| FB

1 Cookies

Domain/Path Name / Value
click1.email.journalstar.com/ Name: JSESSIONID
Value: 74961951441A45223ABF895F837B5F18

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b76e3c.efeedbacktrk.com
bloximages.chicago2.vip.townnews.com
c.licasd.com
click1.email.journalstar.com
connect.facebook.net
i.liadm.com
i6.liadm.com
li.journalstar.com
mb.taboola.com
p.liadm.com
sync.mathtag.com
www.google-analytics.com
104.111.249.62
104.18.130.43
151.101.13.44
185.29.135.42
2.16.186.51
2600:1f18:444a:4602:9dc0:e3c3:ce39:bafa
2a00:1450:4001:808::200e
2a03:2880:f01c:8012:face:b00c:0:3
35.172.12.251
54.227.229.225
74.214.203.11
96.46.128.252
04e043038c2951b33f7257c4ec125cb77a8d20fe888e812dc4244c3194c8ba7d
06270bf1ca6b89cd31765870aaa57be10e6ac151205fe87351cc8d90d9cf22dc
0b5e7a779c21f69345cb08b15dba3696a359968788dddf38023eacef30d71348
12bdc566f7a832d68a46b7a0992552151faf3d9551e154d45e6bcf74396fdcf5
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ab613ac850edc76324202ae1449197b8c9d0118b0a3ae2398803d115d9af46d
2fb9a18a06844147a8e829f05e774c5da15988b75337be134e6190e797db13ca
370407adf1563ac7358e4c42df83619bc9160309b045587d95e6ae20db9f4b5e
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6c8a097e32c05dbd1256b8a06eb3aa03dc20c5f2d1c5dca2f00b6ed5c148fad1
709a6f5024e7d6eecaf1490c177a636a4b2cb9af15171685b78c99859ea3bc73
75e46604bc973b209defcde74ec7a6bd80da48c49490eb392289e7083cde5436
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a2069f171e099f0e2ee2c73bff45cfda2ad0f5eecd9f1a5893e51edaf2ffd56b
a6c003cbc9fc9badb30e148343684cbc948549f755bdfebcba42daf27f8b55bb
aa43b2a9fcd3eff255bc93b2c89fce1d71d31d0b1f06388ae63a46301f989e44
aa6149a4f80415c44d81f8184d45c07d4b03fd75483ec9ac0bd7ff0339318355
bc65aef5850cba71efa6a7c34359c8fc9f87c839195c03faa5382a5588f6a0a0
c82cf19fad6a857f2d919c9f143cdc3fd7ebefb70b6bf862430ddd8e3f8b6c1c
c9d38d58b1c4269196488c855961d1fb1b4761e8de1e607bd5aa8c044c74578a
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d6b6ed729e29dad2a30e237aaecea16c23995310a67e369004944512eaa0b4d4
eeb689959ff11455ada02fd3650327d834d030ae0869b1f54d7060359482133e
f07001944ae763d8646ed385143b179c625034449e94f0dabb59df58f2b56b7b
f50d5b45cb56df68824851416593c663753e7d800f7261bf14b9c602d219bd42
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
fca8cefeb2a0df7ed3a9e5202aa65d092f748a5b3800496e3bec337815d58c3b