click1.email.journalstar.com Open in urlscan Pro
74.214.203.11 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
Effective URL:
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Submission: On January 14 via api (January 14th 2021, 1:19:19 am UTC) from SG

Summary HTTP 38 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 6 countries across 9 domains to perform 38 HTTP transactions. The main IP is 74.214.203.11, located in United States and belongs to AMAZON-AES, US. The main domain is click1.email.journalstar.com.

This is the only time click1.email.journalstar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	74.214.203.11 74.214.203.11	14618 (AMAZON-AES) (AMAZON-AES)
4	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	96.46.128.252 96.46.128.252	14618 (AMAZON-AES) (AMAZON-AES)
16	104.18.130.43 104.18.130.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14 14	2.16.186.51 2.16.186.51	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
11 14	35.172.12.251 35.172.12.251	14618 (AMAZON-AES) (AMAZON-AES)
3	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
6	104.111.249.62 104.111.249.62	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2600:1f18:444... 2600:1f18:444a:4602:9dc0:e3c3:ce39:bafa	14618 (AMAZON-AES) (AMAZON-AES)
2 3	54.227.229.225 54.227.229.225	14618 (AMAZON-AES) (AMAZON-AES)
1 1	185.29.135.42 185.29.135.42	30419 (MEDIAMATH...) (MEDIAMATH-INC)
38	10

2 74.214.203.11 (United States)

ASN14618 (AMAZON-AES, US)

click1.email.journalstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.46.128.252 (United States)

ASN14618 (AMAZON-AES, US)
PTR: www.efeedbacktrk.com

b76e3c.efeedbacktrk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 104.18.130.43 (United States)

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2.16.186.51 (Ascension Island) 14 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-51.deploy.static.akamaitechnologies.com

li.journalstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 35.172.12.251 (Ashburn, United States) 11 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-172-12-251.compute-1.amazonaws.com

p.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

mb.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.249.62 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-249-62.deploy.static.akamaitechnologies.com

c.licasd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:444a:4602:9dc0:e3c3:ce39:bafa (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.227.229.225 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-229-225.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.135.42 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	liadm.com 14 redirects p.liadm.com i6.liadm.com i.liadm.com	9 KB
16	townnews.com bloximages.chicago2.vip.townnews.com	214 KB
16	journalstar.com 14 redirects click1.email.journalstar.com li.journalstar.com	71 KB
6	licasd.com c.licasd.com	52 KB
4	facebook.net connect.facebook.net	118 KB
3	taboola.com mb.taboola.com	612 KB
1	mathtag.com 1 redirects sync.mathtag.com	628 B
1	efeedbacktrk.com b76e3c.efeedbacktrk.com	466 B
1	google-analytics.com www.google-analytics.com	96 B
38	9

	Domain	Requested by
16	bloximages.chicago2.vip.townnews.com	click1.email.journalstar.com
14	p.liadm.com	11 redirects click1.email.journalstar.com
14	li.journalstar.com	14 redirects
6	c.licasd.com	click1.email.journalstar.com
4	connect.facebook.net	click1.email.journalstar.com connect.facebook.net
3	i.liadm.com	2 redirects click1.email.journalstar.com
3	mb.taboola.com	click1.email.journalstar.com
2	i6.liadm.com	1 redirects click1.email.journalstar.com
2	click1.email.journalstar.com
1	sync.mathtag.com	1 redirects
1	b76e3c.efeedbacktrk.com	click1.email.journalstar.com
1	www.google-analytics.com	click1.email.journalstar.com
38	12

This site contains no links.

Subject Issuer	Validity	Valid
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-12-22` - `2021-03-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.efeedbacktrk.com Sectigo RSA Organization Validation Secure Server CA	`2019-04-24` - `2021-04-23`	2 years	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust RSA CA 2018	`2020-02-25` - `2021-04-25`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
li.lisecurelink.com Let's Encrypt Authority X3	`2020-11-06` - `2021-02-04`	3 months	crt.sh
*.liadm.com Amazon	`2020-11-30` - `2021-12-29`	a year	crt.sh
p.liadm.com Sectigo RSA Domain Validation Secure Server CA	`2020-05-19` - `2022-05-30`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Frame ID: B9CE4A160783D09C9C8614468112EB72
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtm... Page URL
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E Page URL

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /^Apache-Coyote(?:\/([\d.]+))?/i

Apache Tomcat (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^Apache-Coyote(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Page Statistics

38
Requests

95 %
HTTPS

25 %
IPv6

9
Domains

12
Subdomains

10
IPs

6
Countries

1056 kB
Transfer

1310 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view Page URL
http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 3

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 9

http://li.journalstar.com/imp?s=104686&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=104686&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-98cc-a4ad6ca0d088&widget.placement=104686&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone

Request Chain 10

http://li.journalstar.com/imp?s=445704&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=445704&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

Request Chain 11

http://li.journalstar.com/imp?s=576774&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=576774&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

Request Chain 20

http://li.journalstar.com/imp?s=104689&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=104689&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a500-8db6063970cc&widget.placement=104689&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.20.235&widget.alternative=

Request Chain 21

http://li.journalstar.com/imp?s=445703&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=445703&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

Request Chain 22

http://li.journalstar.com/imp?s=576773&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=576773&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

Request Chain 24

http://li.journalstar.com/imp?s=104680&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=104680&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-92b8-9b47cb131654&widget.placement=104680&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone

Request Chain 25

http://li.journalstar.com/imp?s=445705&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=445705&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

Request Chain 26

http://li.journalstar.com/imp?s=576775&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=576775&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

Request Chain 27

http://li.journalstar.com/imp?s=123588000&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=123588000&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://i6.liadm.com/s/section/123588000?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb HTTP 303
https://i6.liadm.com/s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=dff5cb98389e4567baf556802d7330e0

Request Chain 28

http://li.journalstar.com/imp?s=123588001&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=123588001&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com HTTP 302
https://i.liadm.com/s/section/123588001?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb HTTP 303
https://i.liadm.com/s/section/123588001?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=8653c15d6c264554b10fd23eede96990 HTTP 303
https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5183%2F0%2F5a21935b113e44af994203eb578dd691%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&8653c15d-6c26-4554-b10f-d23eede96990&previous_uuid=5a21935b113e44af994203eb578dd691 HTTP 302
https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01

Request Chain 29

http://li.journalstar.com/imp?s=123588002&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com

Request Chain 30

http://li.journalstar.com/imp?s=123588003&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com

Request Chain 31

http://li.journalstar.com/imp?s=123588004&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061 HTTP 301
https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set ViewMessage.do Show response
click1.email.journalstar.com/ 3 KB
3 KB 99ms
98ms Document
text/html 74.214.203.11
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
Protocol: HTTP/1.1
Server: 74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: aa6149a4f80415c44d81f8184d45c07d4b03fd75483ec9ac0bd7ff0339318355

Request headers

Host: click1.email.journalstar.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: Apache-Coyote/1.1
Connection: Keep-Alive
Keep-Alive: timeout=60
Set-Cookie: JSESSIONID=5A1523F67CD3A23EEB55AE232386940E; Path=/; HttpOnly
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Date: Thu, 14 Jan 2021 01:18:56 GMT

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

17ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

12bdc566f7a832d68a46b7a0992552151faf3d9551e154d45e6bcf74396fdcf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: k2uBuuCfC6jJ4Iyt4EmowQ==
cross-origin-resource-policy: cross-origin
expires: Thu, 14 Jan 2021 01:28:42 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: QjP0ehXWUUzKQYzUEj3QmNPQJ2FHJ/091jSLutLnMOUuQLqGzQam2o6CN6fAVxn1Z0FJHx0/CqAbRhjHi9mNLw==
x-fb-trip-id: 686109401
x-fb-content-md5: 7ea577c38af86eb54ddb93932d37707b
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 14 Jan 2021 01:18:57 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "7288b53ef352c55e13aa848aa29accd7"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason: HSTS

GET
H2 200 all.js
connect.facebook.net/en_US/ 188 KB
57 KB 18ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=6669e987b7e0e8dd2f64259b3751c704&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://click1.email.journalstar.com
Referer: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: UvaJYeoZ6fPkIcrwm7YuNw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 57677
x-fb-rlafr: 0
x-fb-debug: o9JydJO1n/JN/wezZ1itIo0aHyGcb93HRCPG8ILCzqVnop39F7fPwJwR3uqlU1vMzbkZJz1D83Q2WzJgvVGLig==
x-fb-trip-id: 686109401
x-fb-content-md5: 09140696646195f414d68e441add66a8
x-frame-options: DENY
date: Thu, 14 Jan 2021 01:18:57 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "74bf44cac1e1cd2b023a353abc4f85dd"
timing-allow-origin: *
expires: Thu, 13 Jan 2022 19:09:03 GMT

POST
H/1.1 200
OK Primary Request Cookie set ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E Show response
click1.email.journalstar.com/ 55 KB
55 KB 462ms
461ms Document
text/html 74.214.203.11
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Server: 74.214.203.11 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a6c003cbc9fc9badb30e148343684cbc948549f755bdfebcba42daf27f8b55bb

Request headers

Host: click1.email.journalstar.com
Connection: keep-alive
Content-Length: 269
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
Origin: http://click1.email.journalstar.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Cookie: JSESSIONID=5A1523F67CD3A23EEB55AE232386940E
Upgrade-Insecure-Requests: 1
Origin: http://click1.email.journalstar.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://click1.email.journalstar.com/ViewMessage.do?m=hqbhbmnwv&r=rlngnnkjll&s=otksfjllrlcqtwfkzjjqrvqnvsqrqfmgtml&q=1610569834&a=view

Response headers

Server: Apache-Coyote/1.1
Connection: Keep-Alive
Keep-Alive: timeout=60
Set-Cookie: JSESSIONID=74961951441A45223ABF895F837B5F18; Path=/; HttpOnly
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Date: Thu, 14 Jan 2021 01:18:57 GMT

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

6ms
6ms

Script
application/x-javascript

2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

12bdc566f7a832d68a46b7a0992552151faf3d9551e154d45e6bcf74396fdcf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: k2uBuuCfC6jJ4Iyt4EmowQ==
cross-origin-resource-policy: cross-origin
expires: Thu, 14 Jan 2021 01:28:42 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: QjP0ehXWUUzKQYzUEj3QmNPQJ2FHJ/091jSLutLnMOUuQLqGzQam2o6CN6fAVxn1Z0FJHx0/CqAbRhjHi9mNLw==
x-fb-trip-id: 686109401
x-fb-content-md5: 7ea577c38af86eb54ddb93932d37707b
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Thu, 14 Jan 2021 01:18:57 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "7288b53ef352c55e13aa848aa29accd7"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

Redirect headers

Location: https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason: HSTS

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 188 KB
56 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=6669e987b7e0e8dd2f64259b3751c704&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eeb689959ff11455ada02fd3650327d834d030ae0869b1f54d7060359482133e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://click1.email.journalstar.com
Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: UvaJYeoZ6fPkIcrwm7YuNw==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 57677
x-fb-rlafr: 0
x-fb-debug: o9JydJO1n/JN/wezZ1itIo0aHyGcb93HRCPG8ILCzqVnop39F7fPwJwR3uqlU1vMzbkZJz1D83Q2WzJgvVGLig==
x-fb-trip-id: 686109401
x-fb-content-md5: 09140696646195f414d68e441add66a8
x-frame-options: DENY
date: Thu, 14 Jan 2021 01:18:57 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "74bf44cac1e1cd2b023a353abc4f85dd"
timing-allow-origin: *
expires: Thu, 13 Jan 2022 19:09:03 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
96 B 6ms
6ms Image
image/gif 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&tid=UA-54716522-12&t=event&ec=email&ea=open&cid=5334099&el=whatcounts&cs=journalstar.com&cm=email&cn=%2Fnewsletter-templates%2Fnews-alert%2F%3Fforce_medium%3DPostUp

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 13 Jan 2021 19:04:21 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22476
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK krrwtmssdsbjplvtjrhmmjpdgpjqgwpdptfklfshsdlphsl_rcngnnkjllpcvcjgvlwnk.gif
b76e3c.efeedbacktrk.com/ 68 B
466 B 426ms
97ms Image
image/png 96.46.128.252
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b76e3c.efeedbacktrk.com/krrwtmssdsbjplvtjrhmmjpdgpjqgwpdptfklfshsdlphsl_rcngnnkjllpcvcjgvlwnk.gif
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 96.46.128.252 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: www.efeedbacktrk.com
Software: sp /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:18:57 GMT
Server: sp
Content-Type: image/png;charset=utf-8
Cache-Control: private, max-age=0, no-cache, no-store, must-revalidate
Connection: Keep-Alive
imagetoolbar: no
Keep-Alive: timeout=60
Content-Length: 68
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 62f44678-da42-11e9-a75c-7ba230687b72.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image/ 18 KB
18 KB 74ms
29ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/custom/image/62f44678-da42-11e9-a75c-7ba230687b72.png

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c8a097e32c05dbd1256b8a06eb3aa03dc20c5f2d1c5dca2f00b6ed5c148fad1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 2382326
last-modified: Wed, 18 Sep 2019 18:30:28 GMT
strict-transport-security: max-age=604800
content-length: 18161
cf-request-id: 07a0127e690000cdcf9a3ea000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5d8277c4-46f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa4a49cdcf-CDG
expires: Sat, 20 Nov 2021 11:30:20 GMT

GET
H2 200 5fff4b6815c74.preview.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/b/7d/b7d741a5-e9f2-5465-9daf-fe3719c3dbcd/ 40 KB
40 KB 130ms
85ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/b/7d/b7d741a5-e9f2-5465-9daf-fe3719c3dbcd/5fff4b6815c74.preview.jpg?crop=947%2C592%2C234%2C833&resize=728%2C455&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa43b2a9fcd3eff255bc93b2c89fce1d71d31d0b1f06388ae63a46301f989e44

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 17170
last-modified: Wed, 13 Jan 2021 19:35:04 GMT
strict-transport-security: max-age=604800
content-length: 40497
cf-request-id: 07a0127e6b0000cdcff0853000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "b6970d01f5e23f2963b706729c518a4b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 20:31:14 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa4a4fcdcf-CDG
cf-bgj: h2pri

GET
H2

200

recommendations.get
mb.taboola.com/server/1.1/jpg/liveintent-ron-row/
Redirect Chain

http://li.journalstar.com/imp?s=104686&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=104686&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-9...

240 KB
241 KB

395ms
335ms

Image
image/jpeg

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-98cc-a4ad6ca0d088&widget.placement=104686&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f07001944ae763d8646ed385143b179c625034449e94f0dabb59df58f2b56b7b

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:58 GMT
via: 1.1 varnish
server: nginx
x-timer: S1610587138.210616,VS0,VE308
x-served-by: cache-fra19157-FRA
x-cache: MISS
content-type: image/jpeg
accept-ranges: bytes
content-length: 245977
x-application-context: application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits: 0

Redirect headers

Location: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=f131be7d-0dd2-30a2-98cc-a4ad6ca0d088&widget.placement=104686&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=445704&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=445704&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

1 KB
2 KB

87ms
28ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified: Tue, 06 Aug 2019 20:24:36 GMT
Server: AmazonS3
x-amz-request-id: 33868793B1CCB4E4
ETag: "6956da20f9d008ec379926ee358e5594"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1255
x-amz-id-2: jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=576774&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=576774&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

15 KB
16 KB

104ms
38ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified: Wed, 17 Feb 2016 22:44:07 GMT
Server: AmazonS3
x-amz-request-id: D26CB739C42B32BC
ETag: "c56fae17aa690ac40e2a23fbf5796b60"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15721
x-amz-id-2: NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 5fd3efa43b413.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/d/fc/dfc44b40-d68d-5f79-98d2-2554b7a62d61/ 8 KB
8 KB 71ms
29ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/d/fc/dfc44b40-d68d-5f79-98d2-2554b7a62d61/5fd3efa43b413.image.jpg?crop=1080%2C1080%2C420%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04e043038c2951b33f7257c4ec125cb77a8d20fe888e812dc4244c3194c8ba7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 25381
last-modified: Fri, 11 Dec 2020 22:16:04 GMT
strict-transport-security: max-age=604800
content-length: 8088
cf-request-id: 07a0127e6a0000cdcfa8167000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "34ce30a82fa3005a2f10c2f9abf08c66"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 17:16:03 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa4a4bcdcf-CDG
cf-bgj: h2pri

GET
H2 200 5fd26b0a4bb80.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/0/be/0be7c116-8d36-5a72-9892-4b15e635c5f8/ 8 KB
8 KB 69ms
28ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/0/be/0be7c116-8d36-5a72-9892-4b15e635c5f8/5fd26b0a4bb80.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ab613ac850edc76324202ae1449197b8c9d0118b0a3ae2398803d115d9af46d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 21398
last-modified: Thu, 10 Dec 2020 18:38:02 GMT
cf-bgj: h2pri
cf-request-id: 07a0127e6a0000cdcfa0be5000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "938ae4c872981ae7a8f09a3bafed6878"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 611386aa4a4ccdcf-CDG
expires: Thu, 13 Jan 2022 19:15:29 GMT

GET
H2 200 5fff1a7890a5e.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/9c/39c55ef5-476e-5394-96d5-e3d0d3a05bde/ 6 KB
6 KB 125ms
86ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/9c/39c55ef5-476e-5394-96d5-e3d0d3a05bde/5fff1a7890a5e.image.jpg?crop=681%2C681%2C0%2C85&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9d38d58b1c4269196488c855961d1fb1b4761e8de1e607bd5aa8c044c74578a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 31579
last-modified: Wed, 13 Jan 2021 16:06:16 GMT
strict-transport-security: max-age=604800
content-length: 5731
cf-request-id: 07a0127e6a0000cdcfc92e1000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "670bed421a2f83a64f3046d6c7b7c625"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 16:25:45 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa4a4acdcf-CDG
cf-bgj: h2pri

GET
H2 200 5ff63a04290d1.image.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/2/c9/2c905ed6-cec0-509c-983a-28d4cf87e6a9/ 77 KB
77 KB 94ms
56ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/2/c9/2c905ed6-cec0-509c-983a-28d4cf87e6a9/5ff63a04290d1.image.png

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

370407adf1563ac7358e4c42df83619bc9160309b045587d95e6ae20db9f4b5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 611909
last-modified: Wed, 06 Jan 2021 22:30:28 GMT
strict-transport-security: max-age=604800
content-length: 78509
cf-request-id: 07a0127e6a0000cdcfcc9d8000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5ff63a04-132ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa4a4dcdcf-CDG
expires: Thu, 06 Jan 2022 23:19:32 GMT

GET
H2 200 5fff0e3a93793.preview.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/c/b4/cb478071-e903-5886-b23e-c5b9ae7a882f/ 7 KB
8 KB 67ms
65ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/c/b4/cb478071-e903-5886-b23e-c5b9ae7a882f/5fff0e3a93793.preview.jpg?crop=1175%2C1175%2C294%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b5e7a779c21f69345cb08b15dba3696a359968788dddf38023eacef30d71348

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 34695
last-modified: Wed, 13 Jan 2021 15:14:02 GMT
strict-transport-security: max-age=604800
content-length: 7412
cf-request-id: 07a0127e870000cdcfecb7c000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "aee0009db75a0affa59430a79bf0a83d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 15:27:31 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa7a75cdcf-CDG
cf-bgj: h2pri

GET
H2 200 5fade6c7f23af.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/4/84/484eae6a-f6a3-5500-bea4-da222c5c580c/ 4 KB
4 KB 65ms
64ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/4/84/484eae6a-f6a3-5500-bea4-da222c5c580c/5fade6c7f23af.image.jpg?crop=1246%2C1246%2C207%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fb9a18a06844147a8e829f05e774c5da15988b75337be134e6190e797db13ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 83053
last-modified: Fri, 13 Nov 2020 01:52:08 GMT
strict-transport-security: max-age=604800
content-length: 4295
cf-request-id: 07a0127e870000cdcfe6afd000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "6be1eed5530ad5aa44afc74bb3931eb8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 01:47:54 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa7a76cdcf-CDG
cf-bgj: h2pri

GET
H2 200 5fb0c62770acd.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/c8/3c8cf29f-d119-5240-95f1-50de936b436a/ 5 KB
5 KB 65ms
64ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/3/c8/3c8cf29f-d119-5240-95f1-50de936b436a/5fb0c62770acd.image.jpg?crop=555%2C555%2C152%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

709a6f5024e7d6eecaf1490c177a636a4b2cb9af15171685b78c99859ea3bc73

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 66673
last-modified: Sun, 15 Nov 2020 06:09:43 GMT
strict-transport-security: max-age=604800
content-length: 5384
cf-request-id: 07a0127e870000cdcf89947000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "7d8ef468e373ce6fa6074f48e4839dd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 03 Jan 2022 03:52:54 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa7a77cdcf-CDG
cf-bgj: h2pri

GET
H2 200 serif-ds.woff2
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/ 26 KB
26 KB 171ms
122ms Font
application/font-woff2 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/serif-ds.woff2?_dc=1608764706

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Origin: http://click1.email.journalstar.com
Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
vary: Accept-Encoding
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 23:05:06 GMT
content-length: 26164
cf-request-id: 07a0127e7f000032be4089e000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5fe3cd22-6634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa699932be-CDG
expires: Sun, 02 Jan 2022 13:56:02 GMT

GET
H2

200

recommendations.get
mb.taboola.com/server/1.1/jpg/liveintent-ron-row/
Redirect Chain

http://li.journalstar.com/imp?s=104689&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=104689&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a...

62 KB
63 KB

103ms
52ms

Image
image/jpeg

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a500-8db6063970cc&widget.placement=104689&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.20.235&widget.alternative=
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: fca8cefeb2a0df7ed3a9e5202aa65d092f748a5b3800496e3bec337815d58c3b

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:58 GMT
via: 1.1 varnish
server: nginx
x-timer: S1610587138.210665,VS0,VE25
x-served-by: cache-fra19157-FRA
x-cache: MISS
content-type: image/jpeg
accept-ranges: bytes
content-length: 63993
x-application-context: application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits: 0

Redirect headers

Location: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=0bf0ed9a-0531-3fba-a500-8db6063970cc&widget.placement=104689&widget.slot=1&widget.mode=thumbnails-medrec&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.20.235&widget.alternative=
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=445703&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=445703&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

1 KB
2 KB

42ms
37ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified: Tue, 06 Aug 2019 20:24:36 GMT
Server: AmazonS3
x-amz-request-id: 33868793B1CCB4E4
ETag: "6956da20f9d008ec379926ee358e5594"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1255
x-amz-id-2: jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=576773&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=576773&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

15 KB
16 KB

37ms
36ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified: Wed, 17 Feb 2016 22:44:07 GMT
Server: AmazonS3
x-amz-request-id: D26CB739C42B32BC
ETag: "c56fae17aa690ac40e2a23fbf5796b60"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15721
x-amz-id-2: NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2 200 5f4d3a6d82532.image.jpg
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/a/9e/a9e867d0-24a4-586e-938f-20cb713df2d8/ 9 KB
9 KB 54ms
52ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/assets/v3/editorial/a/9e/a9e867d0-24a4-586e-938f-20cb713df2d8/5f4d3a6d82532.image.jpg?crop=1131%2C1131%2C351%2C0&resize=182%2C182&order=crop%2Cresize

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc65aef5850cba71efa6a7c34359c8fc9f87c839195c03faa5382a5588f6a0a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 83053
last-modified: Mon, 31 Aug 2020 17:59:09 GMT
strict-transport-security: max-age=604800
content-length: 9019
cf-request-id: 07a0127e980000cdcf85124000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "22587f8b8ebc6a97f5a974b01e3d55c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 13 Jan 2022 01:47:54 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa8a83cdcf-CDG
cf-bgj: h2pri

GET
H2

200

recommendations.get
mb.taboola.com/server/1.1/jpg/liveintent-ron-row/
Redirect Chain

http://li.journalstar.com/imp?s=104680&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=104680&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-9...

307 KB
308 KB

1080ms
1079ms

Image
image/jpeg

151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-92b8-9b47cb131654&widget.placement=104680&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c82cf19fad6a857f2d919c9f143cdc3fd7ebefb70b6bf862430ddd8e3f8b6c1c

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:59 GMT
via: 1.1 varnish
server: nginx
x-timer: S1610587139.523443,VS0,VE1050
x-served-by: cache-fra19157-FRA
x-cache: MISS
content-type: image/jpeg
accept-ranges: bytes
content-length: 314659
x-application-context: application:fe,capture-cache-remote-hz,capture-remote-hz:8080
x-cache-hits: 0

Redirect headers

Location: https://mb.taboola.com/server/1.1/jpg/liveintent-ron-row/recommendations.get?recipient.proprietary.namespace=liveintent&recipient.proprietary.id=&recipient.user.id=&instance.id=934a55c4-e11a-3192-92b8-9b47cb131654&widget.placement=104680&widget.slot=1&widget.mode=mobile-marquee&source.url=http%3A%2F%2Fliveintent.com%2F&newsletter.id=5880&recipient.user.agent=&recipient.ipv4=82.102.18.114&widget.alternative=Phone
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

94c8cd36dc1428947beeb6283056d111.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=445705&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=445705&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png

1 KB
2 KB

28ms
28ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified: Tue, 06 Aug 2019 20:24:36 GMT
Server: AmazonS3
x-amz-request-id: 33868793B1CCB4E4
ETag: "6956da20f9d008ec379926ee358e5594"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1255
x-amz-id-2: jvxKP7USaUQRoG8Fv214GJAgm5f9X+tJQnQBwNVI8qN+cljWXNBdILbTiX5UCYx8eZA7bh8Pnt0=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/94c8cd36dc1428947beeb6283056d111.png
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

27e30bebaaece921293946f3c75ca02b.png
c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/
Redirect Chain

http://li.journalstar.com/imp?s=576775&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=576775&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a...
https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png

15 KB
16 KB

38ms
38ms

Image
image/png

104.111.249.62
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.249.62 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-249-62.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Last-Modified: Wed, 17 Feb 2016 22:44:07 GMT
Server: AmazonS3
x-amz-request-id: D26CB739C42B32BC
ETag: "c56fae17aa690ac40e2a23fbf5796b60"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15721
x-amz-id-2: NQldzLLr0jcVZpKlN9kjbSnngVtCL1RCbEqkJNH4VVqGZ0HFMum2q/zD6mLWx0BfmE5dcSCDagk=

Redirect headers

Location: https://c.licasd.com/ads/499280149b11102e9c99d9decb5d7225/27e30bebaaece921293946f3c75ca02b.png
Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200
OK

123588000
i6.liadm.com/s/section/
Redirect Chain

http://li.journalstar.com/imp?s=123588000&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=123588000&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
https://i6.liadm.com/s/section/123588000?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=...
https://i6.liadm.com/s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e...

43 B
419 B

109ms
109ms

Image
image/gif

2600:1f18:444a:4602:9dc0:e3c3:ce39:bafa
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=dff5cb98389e4567baf556802d7330e0

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:444a:4602:9dc0:e3c3:ce39:bafa Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: /s/section/123588000?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&previous_uuid=dff5cb98389e4567baf556802d7330e0
Date: Thu, 14 Jan 2021 01:18:58 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

5a21935b113e44af994203eb578dd691
i.liadm.com/s/e/5183/0/
Redirect Chain

http://li.journalstar.com/imp?s=123588001&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=123588001&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...
https://i.liadm.com/s/section/123588001?m=378cb6dbadfc4316ce01888924d3b518&sh1=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=s...
https://i.liadm.com/s/section/123588001?sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&source=safe_rtb&m=378cb6dbadfc4316ce01888924d3b518&_li_chk=true&sh1=d8bfa71cf80fc004f6e8...
https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2F5183%2F0%2F5a21935b113e44af994203eb578dd691%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&8653c15d-6c26-4554-b10f-d23ee...
https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01

43 B
257 B

112ms
112ms

Image
image/gif

54.227.229.225
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.227.229.225 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-227-229-225.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:59 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Date: Thu, 14 Jan 2021 01:19:00 GMT
Server: MT3 3483 e916156 master cdg-pixel-x6
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://i.liadm.com/s/e/5183/0/5a21935b113e44af994203eb578dd691?mpid=7156&muid=5ee05fff-9c03-4500-b530-45be24d36e01
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 14 Jan 2021 01:18:59 GMT

GET
H/1.1

200
OK

imp
p.liadm.com/
Redirect Chain

http://li.journalstar.com/imp?s=123588002&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...

43 B
315 B

97ms
97ms

Image
image/gif

35.172.12.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.172.12.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-12-251.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:18:58 GMT
Server: AkamaiGHost
Location: https://p.liadm.com/imp?_li_uuid=&s=123588002&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 14 Jan 2021 01:18:58 GMT

GET
H/1.1

200
OK

imp
p.liadm.com/
Redirect Chain

http://li.journalstar.com/imp?s=123588003&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...

43 B
315 B

98ms
98ms

Image
image/gif

35.172.12.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.172.12.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-12-251.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:18:58 GMT
Server: AkamaiGHost
Location: https://p.liadm.com/imp?_li_uuid=&s=123588003&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 14 Jan 2021 01:18:58 GMT

GET
H/1.1

200
OK

imp
p.liadm.com/
Redirect Chain

http://li.journalstar.com/imp?s=123588004&li=&e=DBSI-IBOLoanAgency@dbs.com&p=738061
https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e...

43 B
315 B

98ms
97ms

Image
image/gif

35.172.12.251
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Requested by: Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 35.172.12.251 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-172-12-251.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Thu, 14 Jan 2021 01:18:58 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

Pragma: no-cache
Date: Thu, 14 Jan 2021 01:18:58 GMT
Server: AkamaiGHost
Location: https://p.liadm.com/imp?_li_uuid=&s=123588004&li=&p=738061&m=378cb6dbadfc4316ce01888924d3b518&sh=d8bfa71cf80fc004f6e8a0e7222259a2dd73ba36&sh2=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&mo=83f44432993a1f5d271a847816e80f52&mol=378cb6dbadfc4316ce01888924d3b518&mou=7d1cfa6cc1f8141de23257a5ee763275&msu=7d1cfa6cc1f8141de23257a5ee763275&sh2o=dc92f2a4bae72c0b8e02f35070fe3382516f13b8285e83fa3599c77c566bc1b3&sh2ol=87cd56704fcd4defdcc7dbcf86a1de3d7c4dd00e0ef32ece513720e05a59b368&sh2ou=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&sh2su=4c435b5c6cfb418e855770d08fa3468afd3cb6ecb430b57f91a6fe3d895c3152&dom=dbs.com
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Thu, 14 Jan 2021 01:18:58 GMT

GET
H2 200 facebook.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 413 B
527 B 53ms
51ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/facebook.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75e46604bc973b209defcde74ec7a6bd80da48c49490eb392289e7083cde5436

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 1857440
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 413
cf-request-id: 07a0127e980000cdcfb410f000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-19d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa8a84cdcf-CDG
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 twitter.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 920 B
1 KB 52ms
50ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/twitter.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f50d5b45cb56df68824851416593c663753e7d800f7261bf14b9c602d219bd42

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 1857440
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 920
cf-request-id: 07a0127e990000cdcfcb88c000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-398"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa8a86cdcf-CDG
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 instagram.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 1 KB
1 KB 53ms
51ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/instagram.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6b6ed729e29dad2a30e237aaecea16c23995310a67e369004944512eaa0b4d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 1857440
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 1311
cf-request-id: 07a0127e990000cdcfa4011000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-51f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa8a87cdcf-CDG
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 youtube.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 817 B
933 B 53ms
52ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/youtube.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06270bf1ca6b89cd31765870aaa57be10e6ac151205fe87351cc8d90d9cf22dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
cf-cache-status: HIT
age: 1857440
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
strict-transport-security: max-age=604800
content-length: 817
cf-request-id: 07a0127e990000cdcfc7082000000001
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "5fe2f967-331"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa8a89cdcf-CDG
expires: Thu, 23 Dec 2021 10:06:18 GMT

GET
H2 200 phone.png
bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/ 493 B
626 B 122ms
121ms Image
image/png 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/journalstar.com/content/tncms/live/libraries/flex/components/lee_flex/resources/images/email/phone.png?_dc=1608710503

Requested by

Host: click1.email.journalstar.com
URL: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2069f171e099f0e2ee2c73bff45cfda2ad0f5eecd9f1a5893e51edaf2ffd56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: http://click1.email.journalstar.com/ViewMessage.do;jsessionid=5A1523F67CD3A23EEB55AE232386940E
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 14 Jan 2021 01:18:57 GMT
vary: Accept-Encoding
cf-cache-status: HIT
last-modified: Wed, 23 Dec 2020 08:01:43 GMT
content-length: 493
cf-request-id: 07a0127e990000cdcfe735c000000001
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5fe2f967-1ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 611386aa8a8bcdcf-CDG
expires: Thu, 23 Dec 2021 10:06:14 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			click1.email.journalstar.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 74961951441A45223ABF895F837B5F18

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b76e3c.efeedbacktrk.com
bloximages.chicago2.vip.townnews.com
c.licasd.com
click1.email.journalstar.com
connect.facebook.net
i.liadm.com
i6.liadm.com
li.journalstar.com
mb.taboola.com
p.liadm.com
sync.mathtag.com
www.google-analytics.com
104.111.249.62
104.18.130.43
151.101.13.44
185.29.135.42
2.16.186.51
2600:1f18:444a:4602:9dc0:e3c3:ce39:bafa
2a00:1450:4001:808::200e
2a03:2880:f01c:8012:face:b00c:0:3
35.172.12.251
54.227.229.225
74.214.203.11
96.46.128.252
04e043038c2951b33f7257c4ec125cb77a8d20fe888e812dc4244c3194c8ba7d
06270bf1ca6b89cd31765870aaa57be10e6ac151205fe87351cc8d90d9cf22dc
0b5e7a779c21f69345cb08b15dba3696a359968788dddf38023eacef30d71348
12bdc566f7a832d68a46b7a0992552151faf3d9551e154d45e6bcf74396fdcf5
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ab613ac850edc76324202ae1449197b8c9d0118b0a3ae2398803d115d9af46d
2fb9a18a06844147a8e829f05e774c5da15988b75337be134e6190e797db13ca
370407adf1563ac7358e4c42df83619bc9160309b045587d95e6ae20db9f4b5e
5417ebe6c4d945b5780b26bff7af7b190dd85ebd80a273f91bfb18c948eb20ac
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
6c8a097e32c05dbd1256b8a06eb3aa03dc20c5f2d1c5dca2f00b6ed5c148fad1
709a6f5024e7d6eecaf1490c177a636a4b2cb9af15171685b78c99859ea3bc73
75e46604bc973b209defcde74ec7a6bd80da48c49490eb392289e7083cde5436
7df42999b17c3dd8039a37c41774eaa804db05245669e742e2e686b8da507bff
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a2069f171e099f0e2ee2c73bff45cfda2ad0f5eecd9f1a5893e51edaf2ffd56b
a6c003cbc9fc9badb30e148343684cbc948549f755bdfebcba42daf27f8b55bb
aa43b2a9fcd3eff255bc93b2c89fce1d71d31d0b1f06388ae63a46301f989e44
aa6149a4f80415c44d81f8184d45c07d4b03fd75483ec9ac0bd7ff0339318355
bc65aef5850cba71efa6a7c34359c8fc9f87c839195c03faa5382a5588f6a0a0
c82cf19fad6a857f2d919c9f143cdc3fd7ebefb70b6bf862430ddd8e3f8b6c1c
c9d38d58b1c4269196488c855961d1fb1b4761e8de1e607bd5aa8c044c74578a
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
d6b6ed729e29dad2a30e237aaecea16c23995310a67e369004944512eaa0b4d4
eeb689959ff11455ada02fd3650327d834d030ae0869b1f54d7060359482133e
f07001944ae763d8646ed385143b179c625034449e94f0dabb59df58f2b56b7b
f50d5b45cb56df68824851416593c663753e7d800f7261bf14b9c602d219bd42
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
fca8cefeb2a0df7ed3a9e5202aa65d092f748a5b3800496e3bec337815d58c3b

click1.email.journalstar.com Open in urlscan Pro 74.214.203.11 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

38 Requests

95 %HTTPS

25 %IPv6

9 Domains

12 Subdomains

10 IPs

6 Countries

1056 kBTransfer

1310 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

click1.email.journalstar.com Open in urlscan Pro
74.214.203.11 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

95 %
HTTPS

25 %
IPv6

9
Domains

12
Subdomains

10
IPs

6
Countries

1056 kB
Transfer

1310 kB
Size

1
Cookies

38 HTTP transactions
0 data transactions