www.nytimes.com Open in urlscan Pro
151.101.129.164 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Submission: On May 16 via api (May 16th 2023, 2:13:39 am UTC) from TR — Scanned from DE

Summary HTTP 104 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 15 domains to perform 104 HTTP transactions. The main IP is 151.101.129.164, located in United States and belongs to FASTLY, US. The main domain is www.nytimes.com. The Cisco Umbrella rank of the primary domain is 4493.
TLS certificate: Issued by Thawte RSA CA 2018 on March 22nd 2023. Valid for: a year.

This is the only time www.nytimes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	151.101.129.164 151.101.129.164	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
11	44.211.112.71 44.211.112.71	14618 (AMAZON-AES) (AMAZON-AES)
9	151.101.1.164 151.101.1.164	54113 (FASTLY) (FASTLY)
10	151.101.193.164 151.101.193.164	54113 (FASTLY) (FASTLY)
7	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	52.3.42.214 52.3.42.214	14618 (AMAZON-AES) (AMAZON-AES)
4	143.204.215.54 143.204.215.54	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:f000:18:1fcd:351:7bc1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:c12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.234.97.192 3.234.97.192	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	20.50.2.28 20.50.2.28	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:170... 2a02:26f0:1700:38a::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:480... 2a02:26f0:480:18d::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
8	2606:4700:20:... 2606:4700:20::681a:6e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
104	24

26 151.101.129.164 (United States)

ASN54113 (FASTLY, US)

www.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static01.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
myaccount.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwcm.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 44.211.112.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-211-112-71.compute-1.amazonaws.com

a.et.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
purr.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 151.101.1.164 (United States)

ASN54113 (FASTLY, US)

samizdat-graphql.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
csp.dev.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 151.101.193.164 (United States)

ASN54113 (FASTLY, US)

g1.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
typeface.nyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.3.42.214 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-42-214.compute-1.amazonaws.com

a.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 143.204.215.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-54.fra53.r.cloudfront.net

dd.nytimes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:f000:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:c12 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.234.97.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-234-97-192.compute-1.amazonaws.com

pnytimes.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ede5db69725769d120acce5bba656972.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.50.2.28 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

collector.brandmetrics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:38a::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:18d::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::681a:6e5 (United States)

ASN13335 (CLOUDFLARENET, US)

platform.iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
iteratehq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	nytimes.com www.nytimes.com — Cisco Umbrella Rank: 4493 a.et.nytimes.com — Cisco Umbrella Rank: 6616 samizdat-graphql.nytimes.com — Cisco Umbrella Rank: 6927 als-svc.nytimes.com Failed myaccount.nytimes.com — Cisco Umbrella Rank: 12787 a.nytimes.com — Cisco Umbrella Rank: 7967 purr.nytimes.com — Cisco Umbrella Rank: 8363 dd.nytimes.com — Cisco Umbrella Rank: 11192 mwcm.nytimes.com — Cisco Umbrella Rank: 12193 csp.dev.nytimes.com — Cisco Umbrella Rank: 39808	1 MB
14	nyt.com g1.nyt.com — Cisco Umbrella Rank: 9950 static01.nyt.com — Cisco Umbrella Rank: 7579 a1.nyt.com — Cisco Umbrella Rank: 8598 typeface.nyt.com — Cisco Umbrella Rank: 36639	321 KB
10	googlesyndication.com ede5db69725769d120acce5bba656972.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 143 pagead2.googlesyndication.com — Cisco Umbrella Rank: 107	901 KB
8	iteratehq.com platform.iteratehq.com — Cisco Umbrella Rank: 7828 iteratehq.com — Cisco Umbrella Rank: 6848	32 KB
7	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 205	161 KB
3	brandmetrics.com cdn.brandmetrics.com — Cisco Umbrella Rank: 3226 collector.brandmetrics.com — Cisco Umbrella Rank: 3645	17 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1313 c.go-mpulse.net — Cisco Umbrella Rank: 625	51 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 83 www.google.com — Cisco Umbrella Rank: 2	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	21 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	53 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 7680	531 B
1	chartbeat.net pnytimes.chartbeat.net — Cisco Umbrella Rank: 7989	201 B
1	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1680	24 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	110 KB
0	akamaihd.net Failed trial-eum-clientnsv4-s.akamaihd.net Failed trial-eum-clienttons-s.akamaihd.net Failed
104	15

	Domain	Requested by
12	samizdat-graphql.nytimes.com	www.nytimes.com
10	a.et.nytimes.com	www.nytimes.com myaccount.nytimes.com
10	www.nytimes.com	www.nytimes.com
9	g1.nyt.com	www.nytimes.com g1.nyt.com
7	securepubads.g.doubleclick.net	www.nytimes.com securepubads.g.doubleclick.net www.googletagservices.com
6	iteratehq.com	platform.iteratehq.com
5	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
5	myaccount.nytimes.com	www.nytimes.com myaccount.nytimes.com
4	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	dd.nytimes.com	www.nytimes.com dd.nytimes.com myaccount.nytimes.com
3	csp.dev.nytimes.com	s.go-mpulse.net
2	platform.iteratehq.com	www.nytimes.com platform.iteratehq.com
2	typeface.nyt.com	myaccount.nytimes.com
2	cdn.brandmetrics.com	www.googletagmanager.com cdn.brandmetrics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	a.nytimes.com	www.nytimes.com dd.nytimes.com
2	static01.nyt.com	www.nytimes.com
1	www.google.com	tpc.googlesyndication.com
1	c.go-mpulse.net	s.go-mpulse.net
1	s.go-mpulse.net	myaccount.nytimes.com
1	www.googletagservices.com	securepubads.g.doubleclick.net
1	mwcm.nytimes.com	www.nytimes.com
1	collector.brandmetrics.com	cdn.brandmetrics.com
1	ede5db69725769d120acce5bba656972.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pnytimes.chartbeat.net	www.nytimes.com
1	a1.nyt.com	www.nytimes.com
1	static.chartbeat.com	www.nytimes.com
1	purr.nytimes.com	www.nytimes.com
1	www.googletagmanager.com	www.nytimes.com
0	trial-eum-clienttons-s.akamaihd.net Failed	s.go-mpulse.net
0	trial-eum-clientnsv4-s.akamaihd.net Failed	s.go-mpulse.net
0	als-svc.nytimes.com Failed	www.nytimes.com
104	34

This site contains links to these domains. Also see Links.

Domain
myaccount.nytimes.com
www.inquirer.com
www.theguardian.com
help.nytimes.com
www.nytco.com
nytmediakit.com
www.tbrandstudio.com

Subject Issuer	Validity	Valid
nytimes.com Thawte RSA CA 2018	`2023-03-22` - `2024-04-21`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
a.et.nytimes.com R3	`2023-03-17` - `2023-06-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
a.nytimes.com R3	`2023-04-17` - `2023-07-16`	3 months	crt.sh
purr.nytimes.com R3	`2023-05-08` - `2023-08-06`	3 months	crt.sh
dd.nytimes.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-08` - `2024-04-06`	a year	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2022-05-06` - `2023-06-03`	a year	crt.sh
brandmetrics.com GTS CA 1P5	`2023-05-10` - `2023-08-08`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2022-12-19` - `2023-12-30`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.brandmetrics.com Go Daddy Secure Certificate Authority - G2	`2023-05-10` - `2024-06-10`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
akstat.io DigiCert TLS RSA SHA256 2020 CA1	`2023-04-05` - `2024-04-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-06` - `2024-05-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Frame ID: 0C629538FA136FF2E6D438CEDF71602D
Requests: 64 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/prefetch-assets
Frame ID: C894B990EC91116CF1DEE338FE865325
Requests: 2 HTTP requests in this frame

Frame: https://ede5db69725769d120acce5bba656972.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F72BBED894BDD1E51E520196327528E7
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFSWELUtBAAHwwkszJ7ABAQcAD2GNN77aq66ayqJbo0lWiX9-_pyV5nN_d8VAJIUrTewa8YznE7dLWS5FqGFkoB9DuVYRtVQVtaDgzD-kuXAydIzyN60cnWR8_A9fTHIKW-Eht2UGRBq8mHcYfIfIOWHebcR4DBGXWTmB_609wOAn4g1xTGcxj8_1V5871icjlMUfsevLYU80-MM540BbsakbYDDDRP2841k3ycmskRVXhx59vJurFTsae8kzeEIzOeyW8SoTbgOvDl0HVnABiHqEL-Esu3epdoMKSRRGTyKlXwrhm10bTtwUKuCisOOfoOvxo2FgURjM8aTu3ryC-Og0U4Gwi16AlUV50-AB4wmKPHCVUhsqo&sai=AMfl-YS71ntcOcxlIalPv8dhpjEm2lD7hNjcR5kFbqC1LIlqu6-XER8vDH5JHEvOCWSlLuPC1iaaoHGeGOzNf-Giaz0hC4mCMMleGVQC23iN3pNXibybZwvdVwNjIo_zl6cq0RwyoqxdxF5kkDkhSB4&sig=Cg0ArKJSzFEn_f5jaWR3EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: FB74B1E17864E4421CB5EAB78609C52C
Requests: 6 HTTP requests in this frame

Frame: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true
Frame ID: AC3DBD40FD9152FAD615E0D7AACEC315
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DDA8F4218BD3B118772C49905AA2FA90
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AB76E8E987A04000FB53666DB8332F78
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Possible Cyberattack Disrupts The Philadelphia Inquirer - The New York Times

Detected technologies

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Page Statistics

104
Requests

97 %
HTTPS

65 %
IPv6

15
Domains

34
Subdomains

24
IPs

3
Countries

3189 kB
Transfer

8052 kB
Size

29
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccount.nytimes.com/auth/login?response_type=cookie&client_id=vi&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignId%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&asset=masthead
Title: Log in

Search URL Search Domain Scan URL

URL: https://www.inquirer.com/news/inquirer-computer-systems-kroll-forensics-20230513.html
Title: the newspaper reported

Search URL Search Domain Scan URL

URL: https://www.inquirer.com/news/philadelphia/philadelphia-inquirer-hack-cyber-disruption-20230514.html
Title: reported on Sunday

Search URL Search Domain Scan URL

URL: https://www.inquirer.com/weather/blizzard-philadelphia-snow-record-1996-winter-climate-change-weather-20210107.html
Title: 30 inches of snow on Philadelphia

Search URL Search Domain Scan URL

URL: https://www.theguardian.com/media/2023/jan/11/guardian-confirms-it-was-hit-by-ransomware-attack
Title: hit by a ransomware attack in December

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014792127-Copyright-notice
Title: © 2023 The New York Times Company

Search URL Search Domain Scan URL

URL: https://www.nytco.com/
Title: NYTCo

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015385887-Contact-Us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115015727108-Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nytco.com/careers/
Title: Work with us

Search URL Search Domain Scan URL

URL: https://nytmediakit.com/
Title: Advertise

Search URL Search Domain Scan URL

URL: https://www.tbrandstudio.com/
Title: T Brand Studio

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893428-Terms-of-service
Title: Terms of Service

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us/articles/115014893968-Terms-of-sale
Title: Terms of Sale

Search URL Search Domain Scan URL

URL: https://help.nytimes.com/hc/en-us
Title: Help

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

104 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request philadelphia-inquirer-cyberattack.html Show response
www.nytimes.com/2023/05/15/business/media/ 209 KB
65 KB 71ms
14ms Document
text/html 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

32f1c2fc4ee362e01cb22800f9d2907d7d3bfd30ae145974a2833eafb2300c33

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 517
cache-control: s-maxage=300,no-cache
content-encoding: gzip
content-length: 64608
content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Tue, 16 May 2023 02:13:31 GMT
fastly-restarts: 1
last-modified: Tue, 16 May 2023 02:04:54 GMT
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
server: nginx
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding, Fastly-SSL
x-api-version: F-F-VI
x-b3-traceid: 06255eb5e9d64ee39875ccf2ae29575b
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-cloud-trace-context: e3e69201efe23bb3bb873fc6dbf8b8d6/3616491964795137140;o=1
x-content-type-options: nosniff
x-datadome: protected
x-datadome-timer: S1684202695.555721,VS0,VE6
x-frame-options: DENY
x-gdpr: 1
x-nyt-app-webview: 0
x-nyt-data-last-modified: Tue, 16 May 2023 02:04:54 GMT
x-nyt-edge-cache: MISS-HIT
x-nyt-route: vi-story
x-origin-time: 2023-05-16 02:04:54 UTC
x-pagetype: vi-story
x-scoop-last-modified: 2023-05-15T22:52:31.675Z
x-served-by: cache-lga13629-LGA, cache-fra-eddf8230030-FRA
x-timer: S1684203212.928514,VS0,VE7
x-xss-protection: 1; mode=block

GET
H2 200 web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
g1.nyt.com/fonts/css/ 60 KB
10 KB 180ms
7ms Stylesheet
text/css 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Fri, 19 Jan 2024 14:25:45 GMT
date: Tue, 16 May 2023 02:13:32 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 10064866
x-guploader-uploadid: ADPycdu8r8EIkDKHQncby-VxhC4_p_retMia2725uERdqg3x4PWqarMbAFr8Ibt9W3TTJubkfCi_3gQtjgkfPrPzZrZXWJ9J46L7
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
content-length: 9868
x-served-by: cache-fra-eddf8230030-FRA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1684203212.119050,VS0,VE0
etag: "b79308aee772cf8921761a4fdb884fe5"
vary: Accept-Encoding
x-goog-generation: 1673991774978541
x-goog-hash: crc32c=ay5bmg==, md5=t5MIrudyz4khdhpP24hP5Q==
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 9868
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 16543

GET
H2 200 global-f449cfd9976ad673ef2b7ab5098b85be.css
www.nytimes.com/vi-assets/static-assets/ 6 KB
3 KB 7ms
7ms Stylesheet
text/css 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176

Security Headers

Name

Value

Content-Security-Policy

upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 17869815
x-guploader-uploadid: ADPycdvX-ZCr92eVvOnBmM_kXRs7MAoM2CUGFUPF9dapGCYk0OiZSImuIlTAOf-evWYxdHOP8KdbpcVXy_0G4cieuuByuQ
x-goog-stored-content-encoding: identity
x-origin-time: 2022-10-21 06:23:16 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.946233,VS0,VE0
etag: "e74f8b7c668251280cf3e52e20455a1c"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1666046870273577
content-type: text/css; charset=utf-8
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/global-f449cfd9976ad673ef2b7ab5098b85be.css
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 17257
expires: Sat, 21 Oct 2023 06:23:16 GMT
date: Tue, 16 May 2023 02:13:31 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 1968
last-modified: Fri, 21 Oct 2022 04:08:16 GMT
server: UploadServer
x-goog-hash: crc32c=jAKqfw==, md5=50+LfGaCUSgM8+UuIEVaHA==
x-gdpr: 1
x-goog-stored-content-length: 5656
accept-ranges: bytes

GET
H2 200 adslot-6cfc3a3f6d8b97c7ed5d.js Show response
www.nytimes.com/vi-assets/static-assets/ 22 KB
8 KB 18ms
17ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/adslot-6cfc3a3f6d8b97c7ed5d.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

88c02f49ec94fda86796bb949e3674af90a3b642839f424a4c13e510259a49b4

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 2110074
x-guploader-uploadid: ADPycdvg2RB0PQglziao3wPO9ZWCXIh3sHm6gwBxz6dpoSVlF5BJ325Zk33_PygIx7kL4y5De7Gp5QyiumO-uO3Y41o3
x-goog-stored-content-encoding: identity
x-origin-time: 2023-04-21 16:05:37 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.975319,VS0,VE1
etag: "de5aa7ec9e5831fb28f94291b754ad06"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1682092708267441
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/adslot-6cfc3a3f6d8b97c7ed5d.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 7201
expires: Sat, 20 Apr 2024 16:05:37 GMT
date: Tue, 16 May 2023 02:13:31 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 7837
last-modified: Fri, 21 Apr 2023 15:58:28 GMT
server: UploadServer
x-goog-hash: crc32c=/TEQzw==, md5=3lqn7J5YMfso+UKRt1StBg==
x-gdpr: 1
x-goog-stored-content-length: 22455
accept-ranges: bytes

GET
H2 200 15xp-inquirer-papers-zghm-jumbo.jpg
static01.nyt.com/images/2023/05/16/multimedia/15xp-inquirer-print-zghm/ 30 KB
30 KB 54ms
7ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/05/16/multimedia/15xp-inquirer-print-zghm/15xp-inquirer-papers-zghm-jumbo.jpg?quality=75&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d395a45f928a6940307496eb6d5819ca75e61cfdd340649f0e254edd7c39a57d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Mon, 15 May 2023 22:53:19 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 12013
x-guploader-uploadid: ADPycdsFE1HiW553vVTD8kHbBf7UbXk3U5vGUwfKxcXzyJKU2T4sGXST8CG3TmN-UdLSbJ9ehRFXO9QgUQOyZg7TTsx5upEitm4_
x-cache: HIT, HIT
fastly-io-info: ifsz=92241 idim=1024x683 ifmt=jpeg ofsz=30494 odim=1024x683 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 30494
x-served-by: cache-iad-kiad7000022-IAD, cache-fra-eddf8230030-FRA
server: UploadServer
x-timer: S1684203212.031439,VS0,VE0
etag: "OhC7KLUeDMzuchD7v65cBq8biJpxCYaaRrMZtYcNxAk"
vary: Accept
x-goog-generation: 1684191150346368
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=ckhAYw==, md5=iODlvaAMgewn/ErBWOdajQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 92241
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 44, 6

GET
H2 200 vendor-b261f5b50fd0c857de07.js Show response
www.nytimes.com/vi-assets/static-assets/ 173 KB
51 KB 7ms
7ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendor-b261f5b50fd0c857de07.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f5d4f80afc66fb8d60756e7daaf477e986ca9cd0f25325420e28baadd15c0e87

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 4174421
x-guploader-uploadid: ADPycdv0qZoAfF-B7thorgoPONeMZN6_vzgWWXzVqP1-9VTvzHxjwsGxdwl7WagvZTsz1I-cGZTr9XUC0jPJB8I0dc_ilg
x-goog-stored-content-encoding: identity
x-origin-time: 2023-03-28 18:39:55 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.039372,VS0,VE1
etag: "0e1f964af1f8b128478e4eda19557589"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1680028418821973
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendor-b261f5b50fd0c857de07.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 22007
expires: Wed, 27 Mar 2024 18:39:51 GMT
date: Tue, 16 May 2023 02:13:32 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 51463
last-modified: Tue, 28 Mar 2023 18:33:38 GMT
server: UploadServer
x-goog-hash: crc32c=RBkcUw==, md5=Dh+WSvH4sShHjk7aGVV1iQ==
x-gdpr: 1
x-goog-stored-content-length: 177285
accept-ranges: bytes

GET
H2 200 story-14483ed83d62a5e62649.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
422 KB 8ms
8ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/story-14483ed83d62a5e62649.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

45d4631a2a515a81a680ed257ca2561131a81afd8c246e9cffd08d19e4bd367c

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 38249
x-guploader-uploadid: ADPycdvRg055m5V7QDrsNQDKCcwViKfLEj2gGLTOaMZYJ5OYhnuZ_ao9jkZAFeUMnU4KuF5pRi8fGJfNL_tZZM0ZlYPa1lPFX9Sb
x-goog-stored-content-encoding: identity
x-origin-time: 2023-05-15 15:36:02 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.053183,VS0,VE2
etag: "eb64ad91adf28787788d2dd0493b6d65"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1684164901495947
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/story-14483ed83d62a5e62649.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1
expires: Tue, 14 May 2024 15:36:02 GMT
date: Tue, 16 May 2023 02:13:32 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 431526
last-modified: Mon, 15 May 2023 15:35:01 GMT
server: UploadServer
x-goog-hash: crc32c=RJgOAA==, md5=62Stka3yh4d4jS3QSTttZQ==
x-gdpr: 1
x-goog-stored-content-length: 1561030
accept-ranges: bytes

GET
H2 200 main-1ad4ce4767d07fda924f.js Show response
www.nytimes.com/vi-assets/static-assets/ 1 MB
411 KB 9ms
9ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ecd6da8a31f4ac7a6e09220679d1ff16e9e808522935a0b26c8d0cfe3dd6d5ea

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 38249
x-guploader-uploadid: ADPycduZhIRCrgZ9WjT8GAKtwDeOCYlmbiaaA4Pj9zQ4FYwYQiqVkStlEoiQwEGgC_bMAFku7obMeWYSlOVwpKX04GnnhA
x-goog-stored-content-encoding: identity
x-origin-time: 2023-05-15 15:36:02 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.100101,VS0,VE2
etag: "e6a18ada99f396749121cb58a7b0480a"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1684164901170648
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 1
expires: Tue, 14 May 2024 15:36:02 GMT
date: Tue, 16 May 2023 02:13:32 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 419266
last-modified: Mon, 15 May 2023 15:35:01 GMT
server: UploadServer
x-goog-hash: crc32c=KPr/9g==, md5=5qGK2pnzlnSRIctYp7BICg==
x-gdpr: 1
x-goog-stored-content-length: 1454644
accept-ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 406 KB
110 KB 135ms
51ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fcafc83cd2e74419abdd21dbe228b3f283659247f23927e8fb3b80cfdd8dc551

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112463
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 357ms
125ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 45ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 426
content-encoding: gzip
content-length: 20
date: Tue, 16 May 2023 02:13:32 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 3
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 462
x-nyt-audience-target-flat: EU:AM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: BY
x-samizdat-query-exe-id: 8c1a7e547a3c1cd5
x-samizdat-query-field-errors: 0
x-served-by: cache-fra-eddf8230081-FRA
x-timer: S1684203212.179805,VS0,VE0

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 149 B
895 B 141ms
141ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

7837207f1197c426c0551dcbead6be815beff78431f5c45e84014a94cfde09d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5
nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
nyt-app-type: project-vi
Content-Type: application/json

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: c5244f1afef53af1
samizdat-x-canary: false
x-served-by: cache-fra-eddf8230030-FRA
x-graphiti-gateway: 25b76dee
x-nyt-country: DE
x-timer: S1684203212.188035,VS0,VE134
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: EU:AM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 38dd24d3
x-envoy-upstream-service-time: 38
content-length: 132
last-modified: Tue, 16 May 2023 02:13:32 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET als
als-svc.nytimes.com/ 0
0

GET
H2 200 prefetch-assets Show response
myaccount.nytimes.com/auth/ Frame C894 332 B
1 KB 21ms
7ms Document
text/html 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/auth/prefetch-assets

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy / Express

Resource Hash

1bfa0c85c74803f58ec0a14c053ca3a8d2ca7e9055e718f0b5f89a763e3a94ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 285
cache-control: public, max-age=600
content-encoding: gzip
content-length: 256
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-type: text/html; charset=utf-8
date: Tue, 16 May 2023 02:13:32 GMT
etag: W/"14c-5Uign+XnmDTv7imc9KjeNxDkixA"
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding
via: 1.1 google, 1.1 varnish
x-api-version: F-X
x-cache: HIT
x-cache-hits: 2
x-cloud-trace-context: 451c18b9e52ae8c1c263dba3509d17d9
x-content-type-options: nosniff
x-datadog-parent-id: 2475770546122369404
x-datadog-sampled: 1
x-datadog-sampling-priority: 1
x-datadog-trace-id: 1313041323985789811
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 24
x-nyt-backend: lire-ui
x-nyt-edge-cache: HIT
x-powered-by: Express
x-served-by: cache-fra-eddf8230030-FRA

GET
H2 200 franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 24ms
8ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-700.91eaf6b5642463af4091160b4bbfdfcb.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 06:23:17 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 17869815
x-guploader-uploadid: ADPycduMMv-8etBF_QLtnaI0Y5YNVqBbkrVTdfH9RKMz8tHhvF73vnZXdkMZmGe8IsVibeYizebgUyzDVX5zx-V8xXLjJAX92dbf
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20276
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1684203212.177440,VS0,VE0
etag: "91eaf6b5642463af4091160b4bbfdfcb"
x-goog-generation: 1651598151054057
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=teZvhg==, md5=ker2tWQkY69AkRYLS7/fyw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20276
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 4241

GET
H2 200 franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2
g1.nyt.com/fonts/family/franklin/ 19 KB
20 KB 24ms
7ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-500.0f4aea3d462cdb64748629efcbbf36bc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 06:23:14 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 17869816
x-guploader-uploadid: ADPycdsQTVOzJvstvw9XibUb4r2EavGRoaYpno293g3PdRfhg_D53G9hTMPATQ5aSm7lUd2THAv77APBGIg9DF3ycFI57g
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 19816
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1684203212.177421,VS0,VE0
etag: "0f4aea3d462cdb64748629efcbbf36bc"
x-goog-generation: 1651598151017654
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=bdL0Mw==, md5=D0rqPUYs22R0hinvy782vA==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 19816
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 4247

GET
H2 200 cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 32ms
16ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-400.a3ed7afe3eaa0a873f3fbd379f8c491b.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 06:23:14 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 17869817
x-guploader-uploadid: ADPycds3QMInw1kHqhbsZcHD0xFwZzskTNxmDe_gswZdCjG43Yd86SZAoLzGo-6j1EBtXKY5VTcmj4qsqBl9uy5yNAH-n0e0OSAO
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 29076
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 03 May 2022 17:15:49 GMT
server: UploadServer
x-timer: S1684203212.178362,VS0,VE0
etag: "a3ed7afe3eaa0a873f3fbd379f8c491b"
x-goog-generation: 1651598149633653
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=qrdFGQ==, md5=o+16/j6qCoc/P703n4xJGw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 29076
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 518

GET
H2 200 cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2
g1.nyt.com/fonts/family/cheltenham-small/ 20 KB
20 KB 37ms
21ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham-small/cheltenham-small-normal-400.108ce298d451197b23fefceb3e36959f.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Thu, 07 Mar 2024 04:49:29 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 5952242
x-guploader-uploadid: ADPycdvK0iiOlX-GyJt523rYER2xhnq0o-wcaduwczxKgWzXqayc90BgwDk9ARxRGtFuN3SaNMB66XeMdTfDEeWK43PeNw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20136
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1684203212.178341,VS0,VE1
etag: "108ce298d451197b23fefceb3e36959f"
x-goog-generation: 1673991775386425
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=jpfQKQ==, md5=EIzimNRRGXsj/vzrPjaVnw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20136
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2
g1.nyt.com/fonts/family/franklin/ 20 KB
20 KB 36ms
20ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/franklin/franklin-normal-300.a6479a5200f9a6352bdb71589c27c9c3.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Sat, 21 Oct 2023 06:23:17 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 17869815
x-guploader-uploadid: ADPycdtfRowwXtFVfYuq6st1QAKMrH1-0KPBtuL015QlR0fp44T3dsyEAbfW3GB9u4hZR-JqiaGSgASOtjNMEZsVZM70OTebRZ-r
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 20136
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 03 May 2022 17:15:51 GMT
server: UploadServer
x-timer: S1684203212.178056,VS0,VE0
etag: "a6479a5200f9a6352bdb71589c27c9c3"
x-goog-generation: 1651598150991608
x-goog-hash: crc32c=pRBawg==, md5=pkeaUgD5pjUr23FYnCfJww==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 20136
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 3020

GET
H2 200 cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2
g1.nyt.com/fonts/family/cheltenham/ 28 KB
29 KB 37ms
21ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-italic-700.f99a0459024509f157a3352e5de4f873.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Wed, 15 May 2024 02:03:55 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 576
x-guploader-uploadid: ADPycdtI2WfhYEGXRhqs-Dx68wnCIolFgyujCcMs1p34uDfiK-U_nWYWZyKoZl6arIQ5XbM_XeFs0jvzd5NnwRcm8qkRUuQtfwOC
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 28620
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1684203212.178046,VS0,VE1
etag: "f99a0459024509f157a3352e5de4f873"
x-goog-generation: 1673991775020136
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=4NwmFQ==, md5=+ZoEWQJFCfFXozUuXeT4cw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 28620
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 1

GET
H2 200 cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2
g1.nyt.com/fonts/family/cheltenham/ 27 KB
27 KB 30ms
14ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/cheltenham/cheltenham-normal-300.7ea91ebd036309e1fe756ee3aab272da.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Thu, 25 Jan 2024 00:37:40 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 9596152
x-guploader-uploadid: ADPycdt38TCVFQs07sap3a_qPNNQhOB-oNJNkUm_5NonsSEFt4KS8xlMhMrghM6zQ_O5kimI_tkdWYmaGFdi_deDSjYNLGG5VM4c
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 27260
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 17 Jan 2023 21:42:55 GMT
server: UploadServer
x-timer: S1684203212.177996,VS0,VE0
etag: "7ea91ebd036309e1fe756ee3aab272da"
x-goog-generation: 1673991775007595
x-goog-hash: crc32c=rNQ9pA==, md5=fqkevQNjCeH+dW7jqrJy2g==
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 27260
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 2303

GET
H2 200 imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2
g1.nyt.com/fonts/family/imperial/ 26 KB
27 KB 30ms
14ms Font
application/octet-stream 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://g1.nyt.com/fonts/family/imperial/imperial-normal-400.6131cd77b6e216c7693ed925f4309ffc.woff2

Requested by

Host: g1.nyt.com
URL: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://g1.nyt.com/fonts/css/web-fonts.7705b21d4573b168a8aaebc4ff17d395d2458dca.css
Origin: https://www.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Thu, 25 Jan 2024 00:32:20 GMT
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 9596472
x-guploader-uploadid: ADPycdu8EQpQm3V7zdMFkJ8XgnencwVnT2B2YUBtaf-sewkAiBh8gRLsetmgM9V27ohK7R6xXMuURFc3DzPNRarYrc9Kgw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 26504
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Tue, 17 Jan 2023 21:42:56 GMT
server: UploadServer
x-timer: S1684203212.178016,VS0,VE0
etag: "6131cd77b6e216c7693ed925f4309ffc"
x-goog-generation: 1673991776736810
content-type: application/octet-stream
access-control-allow-origin: *
x-goog-hash: crc32c=ZzOuxA==, md5=YTHNd7biFsdpPtkl9DCf/A==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000,immutable
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 26504
accept-ranges: bytes
x-nyt-pagetype: web-font
timing-allow-origin: *
x-cache-hits: 4116

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 74 KB
25 KB 153ms
67ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/adslot-6cfc3a3f6d8b97c7ed5d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8476c19a793223cf577fa31b53fb7b69d0e765c5b5b0099444c80ed42d06678b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25291
x-xss-protection: 0
server: cafe
etag: 558 / 19493 / m202305090101 / config-hash: 14293715167463316945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 May 2023 02:13:32 GMT

GET
H2 200 vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~edbcf66a-f8d17d18d5bf81a0c15b.js Show response
www.nytimes.com/vi-assets/static-assets/ 45 KB
15 KB 8ms
7ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~edbcf66a-f8d17d18d5bf81a0c15b.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8bf215be986357511cfca58e796434dbf348ee60f21d785a5ec54a1b2bf86aad

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 587258
x-guploader-uploadid: ADPycduRz25Y8yDmC31-upoJsh9dW_9PS9LgYzIWfyBMhvGqUZvpC7Np5YhLbb6IblBy6CKW0xk2eIborsplvviGqMKoEdT1mycX
x-goog-stored-content-encoding: identity
x-origin-time: 2023-05-09 07:14:21 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.295967,VS0,VE1
etag: "43c291b8f09c16e8d0f62d9520c31af0"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1683591396271609
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~bestsellers~byline~capsule~collections~explainer~home~liveAsset~markets~paidpost~revie~edbcf66a-f8d17d18d5bf81a0c15b.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 6404
expires: Wed, 08 May 2024 07:05:54 GMT
date: Tue, 16 May 2023 02:13:32 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 14389
last-modified: Tue, 09 May 2023 00:16:36 GMT
server: UploadServer
x-goog-hash: crc32c=TXHOfA==, md5=Q8KRuPCcFujQ9i2VIMMa8A==
x-gdpr: 1
x-goog-stored-content-length: 46523
accept-ranges: bytes

GET
H2 200 vendors~capsule~clientSideCapsule~collections~explainer~freeaccess~getstarted~liveAsset~newsletter~n~dea1a302-752e5194e56fc395d187.js Show response
www.nytimes.com/vi-assets/static-assets/ 14 KB
4 KB 9ms
8ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~capsule~clientSideCapsule~collections~explainer~freeaccess~getstarted~liveAsset~newsletter~n~dea1a302-752e5194e56fc395d187.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

f4b522f455abe5aae3832433f34821ba1552e656f2524a7aea18279a22b2f252

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 386980
x-guploader-uploadid: ADPycdvw4RZXezMrejdjITAJcO1ANkaVHtNVP_eLZP9seJbVAGc-CnkLBPBobIoiFnhxf4s7zYA_U0tr56VNg_0e2H61pZiQ1s7z
x-goog-stored-content-encoding: identity
x-origin-time: 2023-05-11 14:43:52 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.296062,VS0,VE1
etag: "8a8cb8bbc04ae0be76700655ce67f438"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1683816008922303
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~capsule~clientSideCapsule~collections~explainer~freeaccess~getstarted~liveAsset~newsletter~n~dea1a302-752e5194e56fc395d187.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 4281
expires: Fri, 10 May 2024 14:43:52 GMT
date: Tue, 16 May 2023 02:13:32 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 3943
last-modified: Thu, 11 May 2023 14:40:09 GMT
server: UploadServer
x-goog-hash: crc32c=M+nfFg==, md5=ioy4u8BK4L52cAZVzmf0OA==
x-gdpr: 1
x-goog-stored-content-length: 14485
accept-ranges: bytes

GET
H2 200 vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~4be5fe75-42b58fe7b420be09e32b.js Show response
www.nytimes.com/vi-assets/static-assets/ 66 KB
14 KB 9ms
9ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~4be5fe75-42b58fe7b420be09e32b.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

64098b72e717e14b496cfe7bc5fae3fa69350faeb129dd24ae340b559e75be19

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 983087
x-guploader-uploadid: ADPycdvPDQ6bGjg1wfxcHb0ET0wPGCMPzRXFhQD7b9Hm0gUOGlyvNGchagHuYBjtV1DlW5NSFApXqYOEMa3tstRLfP62
x-goog-stored-content-encoding: identity
x-origin-time: 2023-05-04 17:08:45 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203212.296152,VS0,VE1
etag: "ff8ec682b48f08cde068cd75f0e60bfb"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1683219691132837
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/vendors~audio~byline~capsule~clientSideCapsule~collections~explainer~liveAsset~paidpost~slideshow~st~4be5fe75-42b58fe7b420be09e32b.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 9753
expires: Fri, 03 May 2024 17:08:45 GMT
date: Tue, 16 May 2023 02:13:32 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 13128
last-modified: Thu, 04 May 2023 17:01:31 GMT
server: UploadServer
x-goog-hash: crc32c=3FOAXA==, md5=/47GgrSPCM3gaM118OYL+w==
x-gdpr: 1
x-goog-stored-content-length: 67528
accept-ranges: bytes

GET
H2 200 unified-lire.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame C894 475 KB
158 KB 7ms
7ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=20949ce

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/prefetch-assets

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

77e822361c3aa2d5526e4e63321ad64e96484912db2ce003b13e648626aa8700

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/prefetch-assets
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Fri, 12 May 2023 20:36:06 GMT
date: Tue, 16 May 2023 02:13:32 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-api-version: F-X
age: 512
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 26
content-length: 160575
x-served-by: cache-fra-eddf8230030-FRA
x-nyt-backend: lire-ui
server: envoy
etag: "jvTPMA"
content-type: application/javascript
x-cloud-trace-context: 8707304872b0424cbaeb3d2f3ae09b88
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 2

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 427
content-encoding: gzip
content-length: 20
date: Tue, 16 May 2023 02:13:32 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 4
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 462
x-nyt-audience-target-flat: EU:AM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: BY
x-samizdat-query-exe-id: a588eb9aeebbb037
x-samizdat-query-field-errors: 0
x-served-by: cache-fra-eddf8230081-FRA
x-timer: S1684203213.625917,VS0,VE0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 427
content-encoding: gzip
content-length: 20
date: Tue, 16 May 2023 02:13:32 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 5
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 462
x-nyt-audience-target-flat: EU:AM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: BY
x-samizdat-query-exe-id: a23a1906852c4e42
x-samizdat-query-field-errors: 0
x-served-by: cache-fra-eddf8230081-FRA
x-timer: S1684203213.673171,VS0,VE0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 427
content-encoding: gzip
content-length: 20
date: Tue, 16 May 2023 02:13:32 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 6
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 462
x-nyt-audience-target-flat: EU:AM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: BY
x-samizdat-query-exe-id: 83ac15a25572d80d
x-samizdat-query-field-errors: 0
x-served-by: cache-fra-eddf8230081-FRA
x-timer: S1684203213.740723,VS0,VE0

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 7ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 427
content-encoding: gzip
content-length: 20
date: Tue, 16 May 2023 02:13:32 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 7
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 462
x-nyt-audience-target-flat: EU:AM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: BY
x-samizdat-query-exe-id: aeb28b4c3500c5ad
x-samizdat-query-field-errors: 0
x-served-by: cache-fra-eddf8230081-FRA
x-timer: S1684203213.760203,VS0,VE1

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 105 B
965 B 142ms
142ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

62ecb2c76b4179b7ae15e6cf85ed81b63fed0e7838897e3171a2af6952948f33

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 0
x-nyt-pass-reason: PRVT
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: 90ef77fca94e7138
samizdat-x-canary: false
x-served-by: cache-fra-eddf8230030-FRA
x-graphiti-gateway: 25b76dee
x-nyt-country: DE
x-timer: S1684203213.633616,VS0,VE136
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: private, no-store
x-nyt-audience-target-flat: EU:AM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: cb5d0017
x-envoy-upstream-service-time: 39
last-modified: Tue, 16 May 2023 02:13:32 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 63 B
970 B 171ms
171ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

de2fb7fd3a533c10e58a8054b788190cfd242b5b95be9db2a5d7882f5112abd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 0
age: 0
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: b79aa53df0018d6f
samizdat-x-canary: false
x-served-by: cache-fra-eddf8230030-FRA
x-graphiti-gateway: 25b76dee
x-nyt-country: DE
x-timer: S1684203213.681062,VS0,VE164
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: EU:AM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Tue, 16 May 2023 02:13:32 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: a77efebf
x-envoy-upstream-service-time: 62
content-length: 91
last-modified: Tue, 16 May 2023 02:13:31 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 comments-fa7fd6389cbb548c7183.js Show response
www.nytimes.com/vi-assets/static-assets/ 41 KB
13 KB 7ms
7ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nytimes.com/vi-assets/static-assets/comments-fa7fd6389cbb548c7183.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

7ea3acac1a3cd7beeb6ced9e02e024c0b67ee6657468e074a6f9156f09c8ccb8

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
content-encoding: gzip
age: 386980
x-guploader-uploadid: ADPycdvKdPSNKTFVuE2qq8WTChv5dw_1EDXgIMIR07HrGKXJM5ELaZ0I_SnGxc5HjPxK_-wsKNGQ4tev-DdoS-WtPNn3jfHzs4OE
x-goog-stored-content-encoding: identity
x-origin-time: 2023-05-11 14:43:52 UTC
x-served-by: cache-fra-eddf8230030-FRA
x-timer: S1684203213.702021,VS0,VE1
etag: "d2bb0a70b487e687bde678ec0e947b9d"
vary: Accept-Encoding, Fastly-SSL
x-goog-generation: 1683816007682457
content-type: application/javascript
onion-location: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/vi-assets/static-assets/comments-fa7fd6389cbb548c7183.js
cache-control: public,max-age=31536000
x-nyt-app-webview: 0
x-nyt-route: vi-assets
x-nyt-edge-cache: HIT
x-cache-hits: 4342
expires: Fri, 10 May 2024 14:43:52 GMT
date: Tue, 16 May 2023 02:13:32 GMT
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-api-version: F-X
x-cache: HIT
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
content-length: 12401
last-modified: Thu, 11 May 2023 14:40:07 GMT
server: UploadServer
x-goog-hash: crc32c=XpRZCA==, md5=0rsKcLSH5oe95njsDpR7nQ==
x-gdpr: 1
x-goog-stored-content-length: 41867
accept-ranges: bytes

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ 2 KB
2 KB 400ms
144ms XHR
application/json 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://a.nytimes.com/svc/nyt/data-layer?assetUrl=https%3A%2F%2Fwww.nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&caller_id=nyt-vi&jkcb=1684203212718&referrer=&sourceApp=nyt-vi

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-42-214.compute-1.amazonaws.com

Software

envoy /

Resource Hash

d5c3476d794fe506d400950ba78f255326f5ba73984268cbddf980d94c01295d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-nyti-upstream: gke
date: Tue, 16 May 2023 02:13:33 GMT
x-envoy-decorator-operation: a.nytimes.com:443/*
via: 1.1 google
strict-transport-security: max-age=63072000; preload; includeSubdomains
content-encoding: gzip
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 35
access-control-allow-headers: Content-Type, x-requested-by

GET
H2 200 purr-cache
purr.nytimes.com/v1/ 0
0 376ms
125ms Fetch
text/html 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://purr.nytimes.com/v1/purr-cache

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-211-112-71.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:33 GMT
via: 1.1 google
x-envoy-decorator-operation: purr.nytimes.com:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
server: envoy
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: 375d0e52878a933085cc0e149e3d7771
access-control-allow-credentials: true
x-envoy-upstream-service-time: 25
content-length: 0

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 42 KB
8 KB 506ms
505ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

d7a5cbb5437cb04729a5ef0a4596c87951a418bef9d284965fd7eb481daa3229

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 1
x-nyt-pass-reason: PRVT
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: 3ac753741fec8cf2
samizdat-x-canary: false
x-served-by: cache-fra-eddf8230030-FRA
x-graphiti-gateway: 25b76dee
x-nyt-country: DE
x-timer: S1684203213.748426,VS0,VE499
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Fastly-Unique-Id, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: private, no-store
x-nyt-audience-target-flat: EU:AM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Tue, 16 May 2023 02:13:33 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: e776ee03
x-envoy-upstream-service-time: 96
last-modified: Tue, 16 May 2023 02:13:33 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 1
accept-ranges: bytes
timing-allow-origin: *

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 16 KB
4 KB 654ms
653ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

d540c486edda595d67ce0699d5ca0b921cfd6af7d6be32758fd35fa85bc5f49e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 0
x-nyt-pass-reason: PRVT
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: ec639310f57a8542
samizdat-x-canary: false
x-served-by: cache-fra-eddf8230030-FRA
x-graphiti-gateway: 25b76dee
x-nyt-country: DE
x-timer: S1684203213.768247,VS0,VE646
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, x-nyt-is-anonymous, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: private, no-store
x-nyt-audience-target-flat: EU:AM
x-nyt-edge-cache: MISS
x-cache-hits: 0
x-samizdat-query-sup-code
date: Tue, 16 May 2023 02:13:33 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: MISS
samizdat-x-instance: 203fd74e
x-envoy-upstream-service-time: 242
last-modified: Tue, 16 May 2023 02:13:33 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 tags.js Show response
dd.nytimes.com/ 266 KB
55 KB 97ms
8ms Script
text/javascript 143.204.215.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-54.fra53.r.cloudfront.net

Software

Apache /

Resource Hash

078b159fb8403c40be85c805a1ee088fec7f3e2ad5db26ac94d22ddfd00c50cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront), 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
date: Tue, 16 May 2023 01:25:41 GMT
x-amz-cf-pop: FRA60-P2, FRA53-C1
age: 2872
x-cache: Hit from cloudfront
content-length: 55493
last-modified: Fri, 05 May 2023 08:25:33 GMT
server: Apache
etag: "42845-5faee086486b0-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: TO-0WXSxztPk1JGr5GY6t3eeDSCi-TkMnh62tgnxtth7-jlhkDTG5w==
expires: Tue, 16 May 2023 02:25:41 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/ 402 KB
124 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4dc80fcaf6db01fa29ced797dbb0947bb3bb95b1a88f893f389cf17144166075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 14:02:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43891
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127184
x-xss-protection: 0
server: cafe
etag: 3263738860219486170
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 14 May 2024 14:02:02 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 80 B
86 B 125ms
47ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18a0b7208b72e6fc37e28e4cc5edb23b7bda172f0bf9574c7c385790b44b1578

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62
x-xss-protection: 0
expires: Tue, 16 May 2023 02:13:33 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 133ms
41ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 16 May 2023 00:35:39 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 5874
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Tue, 16 May 2023 02:35:39 GMT

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 70 KB
24 KB 48ms
8ms Script
application/x-javascript 2600:9000:2057:f000:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f000:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: a4e403c7245b00375232364f36d09d16a96488154a2414d40ce211e4693ef8d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 03:24:56 GMT
content-encoding: gzip
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
last-modified: Thu, 08 Dec 2022 17:02:37 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
age: 82117
etag: W/"639218ad-11856"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: 70atmDXbp1EMAkOn9iXU8LO0UaEnEEPUYejaYLC8xhx09rOL_OW32w==
expires: Tue, 16 May 2023 03:24:56 GMT

GET
H2 200 show-ads.js Show response
a1.nyt.com/analytics/ 45 B
683 B 17ms
6ms Script
text/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://a1.nyt.com/analytics/show-ads.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Thu, 13 Apr 2023 05:00:40 GMT
date: Tue, 16 May 2023 02:13:33 GMT
content-encoding: gzip
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 77054
x-guploader-uploadid: ADPycduQ4dVgD4_gc-w-jr1N4uVUC2C_toCIkWUbquDhGnrcLQLbqbybeWh__r_Wk_OAEQMPGpXD9_npxgFi-wf_YXFvWQ
x-cache: HIT
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 65
x-served-by: cache-fra-eddf8230030-FRA
last-modified: Wed, 22 Dec 2021 23:30:41 GMT
server: UploadServer
x-timer: S1684203213.220002,VS0,VE0
etag: "1d291da792456bd015b664ee1119a5e0"
vary: Accept-Encoding
x-goog-generation: 1640215841852360
x-goog-hash: crc32c=nM1/Pw==, md5=HSkdp5JFa9AVtmTuERml4A==
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=86400
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 45
accept-ranges: bytes
x-nyt-pagetype: nyt-dti-analytic
timing-allow-origin: *
x-cache-hits: 1344

GET
H2 200 nyt.js Show response
cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/ 4 KB
2 KB 36ms
16ms Script
text/javascript 2606:4700:20::681a:c12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P528B3&gtm_auth=tfAzqo1rYDLgYhmTnSjPqw&gtm_preview=env-130&gtm_cookies_win=x
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c21a976bd2fa363568a31c73de29c8e071abac667139623ae743dce1bda9b14

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 16 May 2023 01:32:20 GMT
server: cloudflare
age: 2473
cf-polished: origSize=4725
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvkAJ08nq25Uoo9%2BoiqK0s5sip0j8rPkkS9oYWHm4Y1P%2FUyxhnBDMKCIahKWctRPGAlOS84f0JEtuJd0VCHd2Ouk7nB464Jlpw7lpH%2BKmivMoHrYuNNg8%2BLz%2BA2Q0%2BAzejZotc%2Fl5G%2FL%2FFh4ME%2Fpo0U%2F"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7c801a22be819191-FRA
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

POST
H2 200 / Show response
dd.nytimes.com/js/ 235 B
621 B 30ms
13ms XHR
application/json 143.204.215.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: dd.nytimes.com
URL: https://dd.nytimes.com/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-54.fra53.r.cloudfront.net

Software

DataDome /

Resource Hash

553288eed723a7e44eb33ba63a7c467ab476cb2415ebb4efc2fe850980dc4e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 16 May 2023 02:13:33 GMT
via: 1.1 48391c4ed2c51e95dcabcb70cf613126.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 235
x-amz-cf-id: 51eI5fKvJHXW5lVF28JFmErRXJ9-h7_hTqEm1FUAULWXqzMKYMC49A==
expires: 0

GET
H2 200 65568.js Show response
cdn.brandmetrics.com/scripts/bundle/ 46 KB
15 KB 15ms
15ms Script
text/javascript 2606:4700:20::681a:c12
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/tag/85a1ebf79602421aa1c2c2f24d32cb6c/nyt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:c12 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e237a44eed41e29709e03583ee2fe24a14be4bfd4f9f6904d56e67e5f770293

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:33 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 16 May 2023 01:32:20 GMT
server: cloudflare
age: 2473
cf-polished: origSize=47597
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dkIQcU7BOgmH9%2B1MXdtQmiLZYBNt417hUFM7AP26zxpoYIiSa5EQIXIyzqX21HtZX%2FA%2BrsDoUIYjVo2oUZ5SobYA9OfqeMwOXuLWdDy6bcyxIFlb8Y6WcByOb29uCEJXwJvQMtX68UvnwFByk8UaTp3a"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 7c801a237f3e9191-FRA
request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937

GET
H2 200 ping
pnytimes.chartbeat.net/ 43 B
201 B 996ms
109ms Image
image/gif 3.234.97.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pnytimes.chartbeat.net/ping?h=nytimes.com&p=nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&u=CDv4mmxPVEGB8bc0s&d=nytimes.com&g=16698&g0=business%2CMedia%2Cbusiness_desk&g1=Michael%20Levenson&n=1&f=00001&c=0&x=0&m=0&y=5808&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&b=1498&t=BhXOynBjp5AFBQj7uTB8lyZdCtQmpq&V=139&i=Possible%20Cyberattack%20Disrupts%20The%20Philadelphia%20Inquirer&tz=0&_acct=anon&sn=1&sv=Buq-SoDzVb3ID_5uypWha71CoQcoR&sd=1&im=06679ff3&_
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.234.97.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-234-97-192.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Tue, 16 May 2023 02:13:34 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 852ms
49ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 842ms
49ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nytimes.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
11 KB 163ms
163ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1158425939208516&correlator=3485425487598089&eid=31074542&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&npa=1&iu_parts=29390238%2Cnyt%2Cbusiness%2Cmedia&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C728x90%7C970x90%7C970x250%7C1605x300&fluid=height&ifi=1&adks=1508954645&sfv=1-0-40&prev_scp=div%3Dtop%26pos%3Dtop%26request_time%3D1493&cust_params=als_test_clientside%3Dempty_empty_empty_20230516021333%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1684202694807%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Dphiladelphiainquirer%252Cphiladelphiadailynews%26geo%3Dphiladelphiapa%26des%3Dnewspapers%252Cprimariesandcaucuses%252Ccomputersandtheinternet%252Ccyberattacksandhackers%252Cnewsandnewsmedia%252Celectionsmayors%26auth%3Dmichaellevenson%26coll%3Dusnews%252Cmedia%252Cbusiness%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dbusiness%26si_section%3Dbusiness%26id%3D100000008907690%26pt%3Dnt1%252Cnt10%252Cnt12%252Cnt13%252Cnt15%252Cnt16%252Cnt18%252Cnt2%252Cnt21%252Cnt4%252Cnt5%252Cnt6%252Cnt7%252Cnt8%252Cnt9%252Cpt11%252Cpt20%252Cpt3%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_capitalone%252Cneg_chanel%252Cneg_ibm%252Cneg_mastercard%252Cneg_chan2%252Cneg_hms%252Cneg_google%252Cneg_ms_safe%252Cneg_mtb%252Cneg_debeer%252Ccc_business_lead_boards%252Cpolitics_sentiment%252Cgs_tech%252Cneg_kaypemg%252Cggl_wrk_collab%252Cneg_ts%252Cgb_spam_edu%252Cneg_bp%252Cgs_tech_computing%252Cgs_politics%252Cgs_politics_misc%252Cgs_business%252Cgb_spam_newsent%252Cgv_crime%252Cgs_news_and_weather%252Cgs_t%26is_viral%3Dmedium%26tt%3D44%252C66%252C329%26mt%3DMT10%26abra_dfp%3Dmkt_dfp_hd_paywall_zip_0_control%252Cdfp_prebid_price_0722_0_control%252Cdfp_messaging_flexframe_ctr_0_control%252Cdfp_liveads_0323_2_4repupdates%252Cdfp_amzn_0_control%252Cdfp_als_home_1_als%252Cdfp_als_1_als%252Cdfp_adslot4v2_1_external%26sov%3D3%26page_view_id%3DMo75xDhyfv7HZ77XO2vqw74b%26purr%3Dnpa%26uap%3Dbrowser%26aid%3D9RyNDfhD8j2YZ7m5LUtOVy&sc=1&cookie_enabled=1&abxe=1&dt=1684203213475&lmt=1684202694&dlt=1684203211946&idt=1437&adxs=0&adys=76&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&frm=20&vis=1&psz=1600x90&msz=1600x0&fws=4&ohw=1600&ga_vid=1998052796.1684203213&ga_sid=1684203213&ga_hid=2103884309&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8180ddbdbf3f7a1a99ce120bd1e8989f02e820e6e22d7d74bbda7049b596c905

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11482
x-xss-protection: 0
google-lineitem-id: 6273174912
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138429501285
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 530 B
295 B 74ms
74ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1158425939208516&correlator=3485425487598089&eid=31074542&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&npa=1&iu_parts=29390238%2Cnyt%2Cbusiness%2Cmedia&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=150x50&ifi=2&adks=3004980766&sfv=1-0-40&prev_scp=div%3Dsponsor%26pos%3Dsponsor%26request_time%3D1496&cust_params=als_test_clientside%3Dempty_empty_empty_20230516021333%26edn%3Dus%26test%3Dprojectvi%26ver%3Dvi%26template%3Darticle%26hasVideo%3Dfalse%26vp%3Dlarge%26als_test%3D1684202694807%26prop%3Dnyt%26plat%3Dweb%26brandsensitive%3Dfalse%26org%3Dphiladelphiainquirer%252Cphiladelphiadailynews%26geo%3Dphiladelphiapa%26des%3Dnewspapers%252Cprimariesandcaucuses%252Ccomputersandtheinternet%252Ccyberattacksandhackers%252Cnewsandnewsmedia%252Celectionsmayors%26auth%3Dmichaellevenson%26coll%3Dusnews%252Cmedia%252Cbusiness%26artlen%3Dmedium%26ledemedsz%3Dnone%26typ%3Dart%26section%3Dbusiness%26si_section%3Dbusiness%26id%3D100000008907690%26pt%3Dnt1%252Cnt10%252Cnt12%252Cnt13%252Cnt15%252Cnt16%252Cnt18%252Cnt2%252Cnt21%252Cnt4%252Cnt5%252Cnt6%252Cnt7%252Cnt8%252Cnt9%252Cpt11%252Cpt20%252Cpt3%26gscat%3Dneg_ibmtest%252Cneg_citi_aa%252Cneg_capitalone%252Cneg_chanel%252Cneg_ibm%252Cneg_mastercard%252Cneg_chan2%252Cneg_hms%252Cneg_google%252Cneg_ms_safe%252Cneg_mtb%252Cneg_debeer%252Ccc_business_lead_boards%252Cpolitics_sentiment%252Cgs_tech%252Cneg_kaypemg%252Cggl_wrk_collab%252Cneg_ts%252Cgb_spam_edu%252Cneg_bp%252Cgs_tech_computing%252Cgs_politics%252Cgs_politics_misc%252Cgs_business%252Cgb_spam_newsent%252Cgv_crime%252Cgs_news_and_weather%252Cgs_t%26is_viral%3Dmedium%26tt%3D44%252C66%252C329%26mt%3DMT10%26abra_dfp%3Dmkt_dfp_hd_paywall_zip_0_control%252Cdfp_prebid_price_0722_0_control%252Cdfp_messaging_flexframe_ctr_0_control%252Cdfp_liveads_0323_2_4repupdates%252Cdfp_amzn_0_control%252Cdfp_als_home_1_als%252Cdfp_als_1_als%252Cdfp_adslot4v2_1_external%26sov%3D3%26page_view_id%3DMo75xDhyfv7HZ77XO2vqw74b%26purr%3Dnpa%26uap%3Dbrowser%26aid%3D9RyNDfhD8j2YZ7m5LUtOVy&sc=1&cookie_enabled=1&abxe=1&dt=1684203213484&lmt=1684202694&dlt=1684203211946&idt=1437&adxs=-12245933&adys=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&frm=20&vis=1&psz=150x16&msz=0x0&fws=132&ohw=1600&ga_vid=1998052796.1684203213&ga_sid=1684203213&ga_hid=2103884309&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b63b6bbcc3f57b2e0b1da66222f7151a45275589fc35276f6c8336ab616dc51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 265
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ede5db69725769d120acce5bba656972.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F72B 6 KB
3 KB 170ms
46ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ede5db69725769d120acce5bba656972.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 May 2023 02:13:34 GMT
expires: Wed, 15 May 2024 02:13:34 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 231ms
231ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
208 B 48ms
47ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&aip=1&a=2103884309&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&dr=&ul=en-us&de=UTF-8&dt=Possible%20Cyberattack%20Disrupts%20The%20Philadelphia%20Inquirer%20-%20The%20New%20York%20Times&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAACgBM~&jid=743257609&gjid=1954746650&cid=1998052796.1684203213&tid=UA-58630905-2&_gid=1537897244.1684203214&_r=1&_slc=1&gtm=45He35a0n71P528B3&cg1=business&cg2=media&cg3=article&cg4=news&cd1=https%3A%2F%2Fwww.nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&cd2=https%3A%2F%2Fwww.nytimes.com%2F2023%2F05%2F15%2Fbusiness%2Fmedia%2Fphiladelphia-inquirer-cyberattack.html&cd3=&cd4=Business&cd9=9&cd10=null&cd12=Media&cd13=null&cd14=business_desk&cd15=earned&cd16=referring_links&cd17=100000008907690&cd18=Michael%20Levenson&cd19=Possible%20Cyberattack%20Disrupts%20The%20Philadelphia%20Inquirer&cd20=&cd21=Article&cd23=Business&cd25=Media&cd26=2023&cd27=2023-05-15-16&cd28=Monday&cd29=16&cd30=1684191151675&cd32=U.S.%20News%2CMedia%2CBusiness&cd33=SECTION%2CSECTION%2CSECTION&cd34=NEWS&cd36=15xp-inquirer&cd37=820&cd38=Express&cd42=nyt-vi&cd43=Newspapers%2CPrimaries%20and%20Caucuses%2CComputers%20and%20the%20Internet%2CCyberattacks%20and%20Hackers%2CNews%20and%20News%20Media%2CElections%2C%20Mayors&cd44=Philadelphia%20Inquirer%2CPhiladelphia%20Daily%20News&cd46=Philadelphia%20(Pa)&cd48=May&cd49=medium_800_1199&cd51=nyt-vi&cd52=&cd53=Express&cd54=business_desk&cd55=0&cd56=anon&cd57=0&cd58=0&cd59=&cd60=&cd63=9RyNDfhD8j2YZ7m5LUtOVy&cd65=anon&cd67=0&cd95=&cd122=&cd123=&cd124=&cd125=&cd126=&cd127=&cd129=NaN&cd135=&cd139=&cd141=&cd142=&cd162=&cd163=&cd164=9RyNDfhD8j2YZ7m5LUtOVy&z=92930951

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 May 2023 02:13:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.nytimes.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 c.js Show response
collector.brandmetrics.com/ 0
143 B 746ms
23ms Script
text/javascript 20.50.2.28
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://collector.brandmetrics.com/c.js?siteid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com&rnd=5948771
Requested by: Host: cdn.brandmetrics.com
URL: https://cdn.brandmetrics.com/scripts/bundle/65568.js?sid=4486dfe2-780e-4dfa-a60a-2a948887658f&toploc=www.nytimes.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.50.2.28 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

request-context: appId=cid-v1:5c986aee-9723-4541-b38e-d4ac73c46937
date: Tue, 16 May 2023 02:13:33 GMT
content-length: 0
content-type: text/javascript;charset=utf-8

POST
H2 200 v2 Show response
samizdat-graphql.nytimes.com/graphql/ 2 KB
2 KB 8ms
7ms XHR
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

37b9387d833bf722a00c5c1b4fead00a7b33fc6336e89adb052990cd06ec468d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

nyt-token: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+/oUCTBmD/cLdmcecrnBMHiU/pxQCn2DDyaPKUOXxi4p0uUSZQzsuq1pJ1m5z1i0YGPd1U1OeGHAChWtqoxC7bFMCXcwnE1oyui9G1uobgpm1GdhtwkR7ta7akVTcsF8zxiXx7DNXIPd2nIJFH83rmkZueKrC4JVaNzjvD+Z03piLn5bHWU6+w+rA+kyJtGgZNTXKyPh6EC6o5N+rknNMG5+CdTq35p8f99WjFawSvYgP9V64kgckbTbtdJ6YhVP58TnuYgr12urtwnIqWP9KSJ1e5vmgf3tunMqWNm6+AnsqNj8mCLdCuc5cEB74CwUeQcP2HQQmbCddBy2y0mEwIDAQAB
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
nyt-app-type: project-vi
content-type: application/json
accept: */*
Referer: https://www.nytimes.com/
nyt-app-version: 0.0.5

Response headers

content-encoding: gzip
x-nyt-meridiem: AM
x-b3-traceid: 0
age: 2908
x-samizdat-query-field-errors: 0
x-samizdat-query-exe-id: 4148e6894928f25d
samizdat-x-canary: false
x-served-by: cache-fra-eddf8230030-FRA
x-graphiti-gateway: 25b76dee
x-nyt-country: DE
x-timer: S1684203214.594929,VS0,VE1
x-nyt-continent: EU
vary: Accept-Encoding, Samizdat-X-Personalize, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-nyt-region: BY
access-control-expose-headers: x-nyt-audience-target-flat, x-nyt-continent, x-nyt-country, x-nyt-region, x-nyt-meridiem, x-nyt-gmt-offset
cache-control: max-age=30
x-nyt-audience-target-flat: EU:AM
x-nyt-edge-cache: HIT
x-cache-hits: 3
x-samizdat-query-sup-code
date: Tue, 16 May 2023 02:13:33 GMT
via: 1.1 google, 1.1 varnish
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-cache: HIT
samizdat-x-instance: b7c1eaf7
x-envoy-upstream-service-time: 33
content-length: 919
last-modified: Tue, 16 May 2023 00:31:27 GMT
server: envoy
samizdat-x-kubernetes-namespace: v1
x-fetch-attempts: 1
access-control-allow-credentials: true
x-datadog-trace-id: 0
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 / Show response
mwcm.nytimes.com/capi/metered_assets/ 70 KB
17 KB 407ms
393ms Fetch
application/json 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://mwcm.nytimes.com/capi/metered_assets/?plat=web&mc=0&gr=METER_LIMIT&mr=0&ma=0&counted=false&granted=false&gwtype=REGIWALL&us=anon&context-type=&areas=barOne&areas=truncator&areas=gateway

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

30347ed0802ac3130c87145f3b77faba08e66e63034abf5bd8c8db0c6aeb38a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: capi-prd.growth-mc.nyti.nyt.net:443/*
x-cache: MISS
x-envoy-upstream-service-time: 288
x-served-by: cache-fra-eddf8230030-FRA
server: envoy
x-cmots-campaign-names: {"barOne":"MAG_web_nonsub_all_monthly-sale_1","gateway":"MAG_web_nonsub_all_monthly-sale_1","truncator":"MAG-web_all_non-mobile-all_welcome-killset"}
x-timer: S1684203214.649128,VS0,VE387
vary: x-nyt-user-status, x-nyt-country, x-nyt-continent, x-nyt-device, X-NYT-Currency, x-nyt-last-known-type, Accept-Encoding, Fastly-SSL, Accept-Encoding,x-nyt-country, Origin
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.nytimes.com
x-cloud-trace-context: d1e0d7bc8bb9f142d96758949a21f8a8
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-nyt-route: mwcm-muassets
x-nyt-edge-cache: MISS
accept-ranges: bytes
access-control-allow-headers: Content-Type, x-requested-by, *
x-cache-hits: 0

GET
H2 200 standalone-client.bundle.js Show response
myaccount.nytimes.com/unified_lire/js/ 37 KB
15 KB 8ms
8ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/unified_lire/js/standalone-client.bundle.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/story-14483ed83d62a5e62649.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

d5f8b49f4a86c373ebc042668cecf8e106af349c8c95ee43780d5d674927aa42

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Fri, 12 May 2023 20:40:56 GMT
date: Tue, 16 May 2023 02:13:33 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-api-version: F-X
age: 423
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 19
content-length: 14532
x-served-by: cache-fra-eddf8230030-FRA
x-nyt-backend: lire-ui
server: envoy
etag: "jvTPMA"
content-type: application/javascript
x-cloud-trace-context: 614fb64fd0b8d1a298c50035de5bd6cc
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 1

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FB74 0
0 76ms
76ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssFSWELUtBAAHwwkszJ7ABAQcAD2GNN77aq66ayqJbo0lWiX9-_pyV5nN_d8VAJIUrTewa8YznE7dLWS5FqGFkoB9DuVYRtVQVtaDgzD-kuXAydIzyN60cnWR8_A9fTHIKW-Eht2UGRBq8mHcYfIfIOWHebcR4DBGXWTmB_609wOAn4g1xTGcxj8_1V5871icjlMUfsevLYU80-MM540BbsakbYDDDRP2841k3ycmskRVXhx59vJurFTsae8kzeEIzOeyW8SoTbgOvDl0HVnABiHqEL-Esu3epdoMKSRRGTyKlXwrhm10bTtwUKuCisOOfoOvxo2FgURjM8aTu3ryC-Og0U4Gwi16AlUV50-AB4wmKPHCVUhsqo&sai=AMfl-YS71ntcOcxlIalPv8dhpjEm2lD7hNjcR5kFbqC1LIlqu6-XER8vDH5JHEvOCWSlLuPC1iaaoHGeGOzNf-Giaz0hC4mCMMleGVQC23iN3pNXibybZwvdVwNjIo_zl6cq0RwyoqxdxF5kkDkhSB4&sig=Cg0ArKJSzFEn_f5jaWR3EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 16 May 2023 02:13:33 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FB74 170 KB
53 KB 581ms
50ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3e707799c4b8c1017aaed1c78432af2cc213ea88229312c1b2d621aa0ade9ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53845
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1684150324481819"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 May 2023 02:13:34 GMT

GET
H2 200 11630177469707697292
tpc.googlesyndication.com/simgad/ Frame FB74 860 KB
861 KB 564ms
39ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11630177469707697292?

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f785103d37279dbca96c26f2335d1a5ad90637fa73881d8d369ddb70fa7d7a47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 02:32:21 GMT
x-content-type-options: nosniff
age: 258073
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 880445
x-xss-protection: 0
last-modified: Thu, 13 Apr 2023 19:07:19 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 12 May 2024 02:32:21 GMT

POST
H2 200 track
a.et.nytimes.com/ 0
0 127ms
127ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

OPTIONS
H2 200 v2
samizdat-graphql.nytimes.com/graphql/ Frame 0
0 8ms
7ms Preflight 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://samizdat-graphql.nytimes.com/graphql/v2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,nyt-app-type,nyt-app-version,nyt-token
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-headers: content-type,nyt-app-type,nyt-app-version,nyt-token
access-control-allow-methods: GET,POST
access-control-allow-origin: https://www.nytimes.com
access-control-expose-headers: x-nyt-audience-target-flat,x-nyt-continent,x-nyt-country,x-nyt-region,x-nyt-meridiem,x-nyt-gmt-offset
access-control-max-age: 300
age: 428
content-encoding: gzip
content-length: 20
date: Tue, 16 May 2023 02:13:33 GMT
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
timing-allow-origin: *
vary: Origin, Access-Control-Request-Headers, Accept-Encoding, Access-Control-Request-Method
via: 1.1 google, 1.1 varnish
x-cache: HIT
x-cache-hits: 8
x-envoy-decorator-operation: graphql-v1.samizdat.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 462
x-nyt-audience-target-flat: EU:AM
x-nyt-continent: EU
x-nyt-country: DE
x-nyt-edge-cache: HIT
x-nyt-meridiem: AM
x-nyt-region: BY
x-samizdat-query-exe-id: b350d506708783cf
x-samizdat-query-field-errors: 0
x-served-by: cache-fra-eddf8230081-FRA
x-timer: S1684203214.586991,VS0,VE0

GET
H2 200 enter-email Show response
myaccount.nytimes.com/auth/iframe/ Frame AC3D 19 KB
9 KB 400ms
400ms Document
text/html 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/unified_lire/js/standalone-client.bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy / Express

Resource Hash

60fa562c00c6af1ae11f4197146c31285d0666fa4f8fc7e4d1cc111c87a34b3c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src https://www.google.com .captcha-delivery.com; connect-src 'self' .nytimes.com https://sentry.io .datadome.co https://.go-mpulse.net; font-src https://typeface.nyt.com; img-src 'self' data: .nytimes.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' .nytimes.com .nyt.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://sc-static.net https://js.datadome.co https://.go-mpulse.net; style-src 'unsafe-inline' .nytimes.com https://www.google-analytics.com; object-src 'none'; form-action 'self' https://www.google-analytics.com; frame-ancestors .nytimes.com https://shared-ui-dot-nyt-wfvi-dev.appspot.com; block-all-mixed-content ; upgrade-insecure-requests ; report-uri https://csp.dev.nytimes.com/report
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: private, no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
content-security-policy: default-src 'self'; frame-src https://www.google.com *.captcha-delivery.com; connect-src 'self' *.nytimes.com https://sentry.io *.datadome.co https://*.go-mpulse.net; font-src https://typeface.nyt.com; img-src 'self' data: *.nytimes.com https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nytimes.com *.nyt.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://sc-static.net https://js.datadome.co https://*.go-mpulse.net; style-src 'unsafe-inline' *.nytimes.com https://www.google-analytics.com; object-src 'none'; form-action 'self' https://www.google-analytics.com; frame-ancestors *.nytimes.com https://shared-ui-dot-nyt-wfvi-dev.appspot.com; block-all-mixed-content ; upgrade-insecure-requests ; report-uri https://csp.dev.nytimes.com/report
content-type: text/html; charset=utf-8
date: Tue, 16 May 2023 02:13:34 GMT
etag: W/"4dc9-skeFSGnQr06Luhu/94GjORrIkis"
expires: 0
pragma: no-cache
resp-details: [[it:lui]]
server: envoy
strict-transport-security: max-age=63072000; preload; includeSubdomains
vary: Accept-Encoding
via: 1.1 google, 1.1 varnish
x-api-version: F-X
x-cache: MISS
x-cache-hits: 0
x-cloud-trace-context: f08aa049e451d10179d687e1a9e3aa02
x-content-type-options: nosniff
x-datadog-parent-id: 8480718334076579630
x-datadog-sampled: 1
x-datadog-sampling-priority: 0
x-datadog-trace-id: 3490371309086930562
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-envoy-upstream-service-time: 36
x-nyt-backend: lire-ui
x-nyt-edge-cache: MISS
x-powered-by: Express
x-served-by: cache-fra-eddf8230030-FRA

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame FB74 0
0 77ms
76ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstBjGmqvHRh4ghTubwuNcl3P-5mRjuyDc_5qydrVK3lGHpUJeU5wjjgddbBfMe1MyUN0vyfRqr2mqPM1RD-ym9h98raVB8ODWVYy9k4S0xsrlDuPOOK26pKCdmr2pDKAoS0rlAOiFGIUwaJo93ChaeKgwqBFpcxlxHuNVwS1eGtstZGQW7ooh3NY7-GFXkdYyaX59YMGb4qmhq9tXWcnMbbHUszfoZbop1BZQ-I2R0rOG7VMGjgMfe3T-dTXFoNU4d5afSjhtYbCjnQNhWvvyUcrFJrU6LhDCyOaEnWgA9WhpjcJY7A0dxhk65f_9x21S1DoEjp_5_ehsVm8zkn_w&sai=AMfl-YQTcdd8LYA3o6l5Xl8AJZIpxNJAUNEYYtUaaGRukc9M4Gt-DgfhAwgeomCKHOD1VW-cHDdzdq4Vl34RF_e7_hUL8kZSyYQsD3BlcIDqgCtZ8D-EYqOhVcs9mveZu7r6FqlaqrX_37Wy3edc1BE&sig=Cg0ArKJSzKJwlvglJNrdEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 16 May 2023 02:13:34 GMT

GET
DATA 200
OK truncated
/ Frame FB74 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d22e01a3c0af23e3fbaa6482070f1b9579aa45e92260270f1b02b81cc3f9d3bb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 unified-lire.bundle.js Show response
myaccount.nytimes.com/lire_ui/js/ Frame AC3D 475 KB
158 KB 7ms
7ms Script
application/javascript 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.nytimes.com/lire_ui/js/unified-lire.bundle.js?v=20949ce

Requested by

Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

envoy /

Resource Hash

77e822361c3aa2d5526e4e63321ad64e96484912db2ce003b13e648626aa8700

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Fri, 12 May 2023 20:36:06 GMT
date: Tue, 16 May 2023 02:13:34 GMT
content-encoding: gzip
via: 1.1 google, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
x-envoy-decorator-operation: lire-ui.auth.nyti.nyt.net:443/*
x-api-version: F-X
age: 515
content-security-policy-report-only: upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
x-cache: HIT
x-envoy-upstream-service-time: 26
content-length: 160575
x-served-by: cache-fra-eddf8230030-FRA
x-nyt-backend: lire-ui
server: envoy
etag: "jvTPMA"
content-type: application/javascript
x-cloud-trace-context: 8707304872b0424cbaeb3d2f3ae09b88
cache-control: public, max-age=600
x-nyt-edge-cache: HIT
accept-ranges: bytes
x-cache-hits: 3

GET
H2 200 ATH8A-MAMN8-XPXCH-N5KAX-8D239 Show response
s.go-mpulse.net/boomerang/ Frame AC3D 205 KB
49 KB 39ms
7ms Script
application/javascript 2a02:26f0:1700:38a::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:1700:38a::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
content-encoding: br
last-modified: Fri, 28 Apr 2023 00:03:08 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

POST
H2 200 track
a.et.nytimes.com/ Frame AC3D 0
0 129ms
129ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 tags.js Show response
dd.nytimes.com/ Frame AC3D 266 KB
55 KB 8ms
8ms Script
text/javascript 143.204.215.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/tags.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-54.fra53.r.cloudfront.net

Software

Apache /

Resource Hash

078b159fb8403c40be85c805a1ee088fec7f3e2ad5db26ac94d22ddfd00c50cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront), 1.1 8b5bc0831e6dab612582614c3009efa6.cloudfront.net (CloudFront)
date: Tue, 16 May 2023 01:25:41 GMT
x-amz-cf-pop: FRA60-P2, FRA53-C1
age: 2873
x-cache: Hit from cloudfront
content-length: 55493
last-modified: Fri, 05 May 2023 08:25:33 GMT
server: Apache
etag: "42845-5faee086486b0-gzip"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=3600, public
accept-ranges: bytes
x-amz-cf-id: 7Yfwv5SFUYL_guxsqHQqiOU8oDLXRATSMv5EF8dqqcGy3oNUQ1mvKg==
expires: Tue, 16 May 2023 02:25:41 GMT

POST
H2 200 track
a.et.nytimes.com/ Frame AC3D 0
0 140ms
140ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 data-layer Show response
a.nytimes.com/svc/nyt/ Frame AC3D 1 KB
1 KB 357ms
140ms Fetch
application/json 52.3.42.214
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://a.nytimes.com/svc/nyt/data-layer?sourceApp=nyt-lire&referrer=https%3A%2F%2Fwww.nytimes.com%2F&assetUrl=https%3A%2F%2Fmyaccount.nytimes.com%2Fauth%2Fiframe%2Fenter-email%3Fresponse_type%3Dcookie%26client_id%3Dfreex%26redirect_uri%3Dhttps%253A%252F%252Fwww.nytimes.com%252Fsubscription%252Fonboarding-offer%253FcampaignID%253D7JFJX%2526EXIT_URI%253Dhttps%25253A%25252F%25252Fwww.nytimes.com%25252F2023%25252F05%25252F15%25252Fbusiness%25252Fmedia%25252Fphiladelphia-inquirer-cyberattack.html%26display%3DMKT_SubCon_Regiwall_Msg_Test_0423_0_control%26asset%3DRegiWall%26application%3DFree_Experience%26preloaded%3Dtrue%23lire-ui-684766

Requested by

Host: dd.nytimes.com
URL: https://dd.nytimes.com/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.3.42.214 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-3-42-214.compute-1.amazonaws.com

Software

envoy /

Resource Hash

e15d5e53ff831ab62230377a57905b2a76c75a1ab8d17c36f8ef457fce15ecd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-nyti-upstream: gke
date: Tue, 16 May 2023 02:13:35 GMT
x-envoy-decorator-operation: a.nytimes.com:443/*
via: 1.1 google
strict-transport-security: max-age=63072000; preload; includeSubdomains
content-encoding: gzip
server: envoy
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://myaccount.nytimes.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 31
access-control-allow-headers: Content-Type, x-requested-by

POST
H2 200 / Show response
dd.nytimes.com/js/ Frame AC3D 240 B
625 B 16ms
16ms XHR
application/json 143.204.215.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dd.nytimes.com/js/

Requested by

Host: dd.nytimes.com
URL: https://dd.nytimes.com/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.215.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-215-54.fra53.r.cloudfront.net

Software

DataDome /

Resource Hash

54f547f453126d2b6cecfc7ce6f0a21d062df83492cdd8bf1ede0eeb800e1f04

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 16 May 2023 02:13:34 GMT
via: 1.1 48391c4ed2c51e95dcabcb70cf613126.cloudfront.net (CloudFront)
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: DataDome
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-type: application/json;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
content-length: 240
x-amz-cf-id: wgBeMXzsFBebnNYHkxn2KQmf45_SMiGOD8x95b_ZZRC9ARSrV6H-1Q==
expires: 0

POST
H2 200 track
a.et.nytimes.com/ 0
0 126ms
125ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 nyt-franklin-500-normal.woff
typeface.nyt.com/fonts/ Frame AC3D 29 KB
29 KB 28ms
7ms Font
font/woff 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://typeface.nyt.com/fonts/nyt-franklin-500-normal.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

ae62969b5b189bb28c67dbcee8666abe3e9f498d17a79a68c56e1069d7d63123

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://myaccount.nytimes.com/
Origin: https://myaccount.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Wed, 17 Apr 2024 02:03:41 GMT
date: Tue, 16 May 2023 02:13:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 2419793
x-guploader-uploadid: ADPycdvOyGPu9RAk-ISQxuQsAPd-7PISWzjE96HPPnha_V22PVpgoQ9WVpakSAWKx8Khm1EkkNcvPgcSNro_E2_SNwZdp2TTX8gK
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 29324
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Mon, 16 Nov 2020 14:58:37 GMT
server: UploadServer
x-timer: S1684203215.867724,VS0,VE0
etag: "728e9527fef73904783dd2561029d091"
x-goog-generation: 1605538717313763
content-type: font/woff
access-control-allow-origin: *
x-goog-hash: crc32c=GFrw3g==, md5=co6VJ/73OQR4PdJWECnQkQ==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 29324
accept-ranges: bytes
x-nyt-pagetype: nyt-fonts-legacy-asset
timing-allow-origin: *
x-cache-hits: 2

GET
H2 200 nyt-franklin-700-normal.woff
typeface.nyt.com/fonts/ Frame AC3D 29 KB
29 KB 27ms
6ms Font
font/woff 151.101.193.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://typeface.nyt.com/fonts/nyt-franklin-700-normal.woff

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

60994a4c022df26635bb5ccdb7a22cf32a6486ee25a4648cebdfce0ef398a0fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

Referer: https://myaccount.nytimes.com/
Origin: https://myaccount.nytimes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Tue, 30 Apr 2024 23:21:32 GMT
date: Tue, 16 May 2023 02:13:34 GMT
via: 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 1219922
x-guploader-uploadid: ADPycduTiiGDC_rMfAl8399OaMm9q85G4ebg0fW8a9IZddt8IG7gcgJUnULJze97Mt4Me4LYBGlLz11JfVy0e7XMr_GYG7co2Gbc
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
content-length: 29504
x-served-by: cache-fra-eddf8230033-FRA
last-modified: Mon, 16 Nov 2020 14:58:37 GMT
server: UploadServer
x-timer: S1684203215.867647,VS0,VE0
etag: "2c984913a2cbf4fb7c2f5cb3cb768ec7"
x-goog-generation: 1605538717322939
content-type: font/woff
access-control-allow-origin: *
x-goog-hash: crc32c=0c1ISA==, md5=LJhJE6LL9Pt8L1yzy3aOxw==
access-control-expose-headers: Content-Type
cache-control: public,max-age=31536000
access-control-allow-methods: GET, OPTIONS
x-goog-stored-content-length: 29504
accept-ranges: bytes
x-nyt-pagetype: nyt-fonts-legacy-asset
timing-allow-origin: *
x-cache-hits: 2

POST
H2 200 track
a.et.nytimes.com/ Frame AC3D 0
0 134ms
134ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ Frame AC3D 6 KB
2 KB 60ms
37ms XHR
application/json 2a02:26f0:480:18d::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=ATH8A-MAMN8-XPXCH-N5KAX-8D239&d=myaccount.nytimes.com&t=5614011&v=1.720.0&sl=0&si=e2b0bb5d-275b-429c-9333-d433290e75fe-ruqbim&plugins=ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:480:18d::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e4348e537d4ce271a62950543ffa1e53c48df2e7727fcc97568bffdd23b17b52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://myaccount.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Tue, 16 May 2023 02:13:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1567

GET
H2 200 .status
a.et.nytimes.com// 0
0 129ms
129ms Fetch
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com//.status
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

accept: */*
Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
content-type: text/plain;charset=UTF-8

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 144ms
60ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305090101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a00a6e0e6b94ea6c48f56623acd2dc9c81117c1c82e233434c5170d9eb970319

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11292
x-xss-protection: 0

GET
H2 200 loader.js Show response
platform.iteratehq.com/ 1 KB
1 KB 37ms
12ms Script
application/javascript 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/loader.js

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8319c824c1f3f053803abef05170a1f96d506b6a6628e0d1016ea1b7e15de89

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
x-amz-version-id: sxbh0sX1Uu_9VWD90bhaukCR16JbmzF2
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: 4AC4BNZJ6FC3FJRK
age: 250
x-amz-server-side-encryption: AES256
x-amz-id-2: jWmjEar/qVErw9A1yEYKjyoJ8oFYKl6JEEc7Em7efHDZhbieweLgiGLtniInfUKCr/xUwUlyC/uZ7+of0v0v43XFbKKgnmtO
last-modified: Wed, 10 May 2023 19:20:45 GMT
server: cloudflare
etag: W/"8c061118fbe1f3981a379fa8bf00aa91"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5xUydEpnbQpA4tmlpFMQfd5QHCAk6s3GRBN56JUNSQG4DajdnE%2Fsnd9TWnE2SAUsSAm%2BTyAPcw44zBZMCxkYA7QdDS6t2T%2Fp5TCYUwz7oiocaEjQeWRY61Xf19XoAMdZAx1TIcSm22a0TogTGvbVw9Sgjk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 7c801a2d2b9f18ef-FRA

GET
H2 200 match-prod-2ba9e5cdc9d92a535fcf.js Show response
platform.iteratehq.com/ 85 KB
30 KB 18ms
18ms Script
application/javascript 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.iteratehq.com/match-prod-2ba9e5cdc9d92a535fcf.js

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe8914b592cfb54f22c6e9257dbd956efeeae4909f1328233dfe706be71c34d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:34 GMT
x-amz-version-id: b33MITr7SVI4DDhNP4LfAri2wMAOFhLe
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains
x-amz-request-id: FWB6AC5H7K0FAZP2
age: 456563
x-amz-server-side-encryption: AES256
x-amz-id-2: bzl1myNwyfJt0xEWGvNRMX9T63ms4GC3K2vBcVGDQBPMaPf8wbml34ypweq4pz9jNjVbNtEXO/U=
last-modified: Wed, 10 May 2023 19:20:43 GMT
server: cloudflare
etag: W/"74caba77682b49745a5ab63f20fc5cde"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uQ0sex67W362Cr9ARlw%2Bk97t3NcPX%2BCgrbZPJFL4OnFU482aYO%2BhOrUcV1m39tQdELJbiIySuCo22xfEaPKcjT%2F5u07bgjQHg7CZU1K4AufDosEGCvxhu64X3N%2Bod%2BXWdL2q8zCUSx8CjVBRyIul4LkA6p0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 7c801a2d4ba918ef-FRA

GET
H2 200 15xp-inquirer-papers-zghm-jumbo.jpg
static01.nyt.com/images/2023/05/16/multimedia/15xp-inquirer-print-zghm/ 30 KB
30 KB 7ms
7ms Image
image/webp 151.101.129.164
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static01.nyt.com/images/2023/05/16/multimedia/15xp-inquirer-print-zghm/15xp-inquirer-papers-zghm-jumbo.jpg?quality=75&auto=webp

Requested by

Host: www.nytimes.com
URL: https://www.nytimes.com/vi-assets/static-assets/main-1ad4ce4767d07fda924f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.164 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

d395a45f928a6940307496eb6d5819ca75e61cfdd340649f0e254edd7c39a57d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Mon, 15 May 2023 22:53:19 GMT
date: Tue, 16 May 2023 02:13:34 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; preload; includeSubdomains
age: 12016
x-guploader-uploadid: ADPycdsFE1HiW553vVTD8kHbBf7UbXk3U5vGUwfKxcXzyJKU2T4sGXST8CG3TmN-UdLSbJ9ehRFXO9QgUQOyZg7TTsx5upEitm4_
x-cache: HIT, HIT
fastly-io-info: ifsz=92241 idim=1024x683 ifmt=jpeg ofsz=30494 odim=1024x683 ofmt=webp
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
fastly-stats: io=1
content-length: 30494
x-served-by: cache-iad-kiad7000022-IAD, cache-fra-eddf8230030-FRA
server: UploadServer
x-timer: S1684203215.960391,VS0,VE0
etag: "OhC7KLUeDMzuchD7v65cBq8biJpxCYaaRrMZtYcNxAk"
vary: Accept
x-goog-generation: 1684191150346368
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=ckhAYw==, md5=iODlvaAMgewn/ErBWOdajQ==
cache-control: max-age=604800; stale-if-error=86400; stale-while-revalidate=30, public
x-goog-stored-content-length: 92241
accept-ranges: bytes
timing-allow-origin: *
x-cache-hits: 44, 7

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 165ms
125ms Preflight 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 7c801a2dd9d03a8b-FRA
content-length: 0
date: Tue, 16 May 2023 02:13:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZQJvCzYa4rjc%2FoR4j57JKczjKnqRObcDKElt5DnFzlvd6LjT3%2FEEwfUR%2BgJjve%2B%2F0v8qVTH1W2BRx8T89PR8GrBjn2uYVoY%2BYTkATLneyKIytG6WJW9jaEBbCpE9Nm0HBOr8CeW2RmkTxz8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 298 B
548 B 113ms
112ms Fetch
application/json 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-2ba9e5cdc9d92a535fcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c95b34052e96f082ba294b3902b068b4c6747d5aa9ec0e861f17e2d00df6f40

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNTQ0MTI5MzQxfQ.UI13nEXGs0udbZxhjyFLruAEed42XwFO4fZlCqOgY1o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 16 May 2023 02:13:35 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WvMRYRfFDYgg7BWEmEEm%2FASXDR0rBbCFS4r4SDGYZupIkQ%2FB7f6%2BTMVQOA%2BY2zvYv2INJzUnEyHVe%2FTXJE%2Fa8fs85e6FmK3x954xx2qcSAiosHjUsWeRwEVsnpHpjOqghBlRKzMgC0DYBv4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7c801a2e9a4c3a8b-FRA

POST
H2 403 report
csp.dev.nytimes.com/ Frame AC3D 0
0 35ms
7ms Other
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.dev.nytimes.com/report
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/csp-report

Response headers

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 May 2023 02:13:35 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DDA8 13 KB
5 KB 39ms
38ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 27498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 18:35:17 GMT
expires: Tue, 14 May 2024 18:35:17 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AB76 783 B
1 KB 138ms
50ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

905a1747cfb4eb206d903082f18671c25ed8648a953ff47488ba264db741a3f6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-osqNZyXtS63FCN0iQR93bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nytimes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-osqNZyXtS63FCN0iQR93bQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 May 2023 02:13:35 GMT
expires: Tue, 16 May 2023 02:13:35 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 track
a.et.nytimes.com/ Frame AC3D 0
0 125ms
125ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: myaccount.nytimes.com
URL: https://myaccount.nytimes.com/auth/iframe/enter-email?response_type=cookie&client_id=freex&redirect_uri=https%3A%2F%2Fwww.nytimes.com%2Fsubscription%2Fonboarding-offer%3FcampaignID%3D7JFJX%26EXIT_URI%3Dhttps%253A%252F%252Fwww.nytimes.com%252F2023%252F05%252F15%252Fbusiness%252Fmedia%252Fphiladelphia-inquirer-cyberattack.html&display=MKT_SubCon_Regiwall_Msg_Test_0423_0_control&asset=RegiWall&application=Free_Experience&preloaded=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H3 200 P5-LUlKWgeVE-8P4rcqghB-z6blpBMZONJN7JkJDv9g.js Show response
pagead2.googlesyndication.com/bg/ Frame DDA8 37 KB
14 KB 116ms
38ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/P5-LUlKWgeVE-8P4rcqghB-z6blpBMZONJN7JkJDv9g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f9f8b52529681e544fbc3f8adcaa0841fb3e9b96904c64e34937b264243bfd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 21:34:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 189555
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14670
x-xss-protection: 0
last-modified: Mon, 08 May 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 May 2024 21:34:20 GMT

POST
H2 403 report
csp.dev.nytimes.com/ Frame AC3D 0
0 6ms
6ms Other
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.dev.nytimes.com/report
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/csp-report

Response headers

GET getdns.txt
trial-eum-clientnsv4-s.akamaihd.net/eum/ Frame AC3D 0
0

POST
H2 403 report
csp.dev.nytimes.com/ Frame AC3D 0
0 7ms
7ms Other
text/html 151.101.1.164
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.dev.nytimes.com/report
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.164 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://myaccount.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/csp-report

Response headers

GET getdns.txt
trial-eum-clienttons-s.akamaihd.net/eum/ Frame AC3D 0
0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AB76 0
0 72ms
72ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305090101&jk=1158425939208516&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DDA8 0
10 B 38ms
37ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?1OYJmQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Tue, 16 May 2023 02:13:35 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FB74 42 B
174 B 75ms
74ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvT53nvTeM5Ot1gid-G0MjukAEsdFJ9KD_tT0LKoEanOGo3yC5DIjE7ONTEkPMVFksvMBsTR35rbLBYp6DWQy1oVcYOhMhJ-5eHH_RJBxERJeUpdgJX&sig=Cg0ArKJSzHpm_bpYjV-OEAE&id=lidar2&mcvt=1000&p=76,315,326,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230515&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1508954645&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684203213724&rpt=680&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 May 2023 02:13:35 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 64 B
349 B 107ms
107ms Fetch
application/json 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-2ba9e5cdc9d92a535fcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NDYyZTZjZjU5YzVkNzAwMDFlYmM4NDgiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjg0MjAzMjE1fQ.SMKvSzfJ5HTKv4l3qZ2zzfTF0Rrd9VeN2WD79KxTB7g
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 16 May 2023 02:13:35 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YugT7rhmSfrHRHNekegETG2Uk4NNhRZEK6XjTzsiDJ%2FYSqfDCWkN%2BSVodtGMTLO2GYPquHYAOY%2F2bCiHAbfauO2EsFXY8deLOfCedD6JNNcSPS%2B%2Bo77wYpXXcA6g%2FUSVXY8pc7cHGHcA108%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7c801a315c173a8b-FRA

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 107ms
107ms Preflight 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 7c801a30bba33a8b-FRA
content-length: 0
date: Tue, 16 May 2023 02:13:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xj82BCoJMoEcbQtg3nGEZTSkZdYCbQq%2FdWrlliGU3Eo78bVKxygsiuX5rqB%2BuNEabEKKGmX1jukI4u0O7VNCH5HaUx%2B6joETV02BBFV0JXkKpBIm6h9QcBP0gOpGp6xVwpLhxrEP2G1ut5I%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 75ms
75ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305090101&jk=1158425939208516&bg=!t7SltODNAAYldGN0BXQ7ADkAdvg8WsFoTDDdijfEASD0RN3_rCDizu8ppXsW3nAw-3mAHMH78yBGv9FRosc6rZTU1V_omu09v-QCAAAAOlIAAAADaAEHCgB1KAaAI0S4lz9DKBVBAzFBxBr0qWYeYheLuj2kn-VutGqp5jCMw_UFrqWSj88HIlFSMNEE7G7n4ncAssWd7ACGy_BuCoLlLkg7luV637ZmbgCaBGcwNvYl7o3VciskyjvfdgyHubuMvdxb204uwiofgrOBQtJmmQKoe4If6vw9ql5kuPDko-WyoFKVfmYB8YockLVoTWbmzCRPcVoXt6txuQsTaA6oSQEFqW8dSn4TVUizyAdJTs7LAR6PY2xaLgj8XPmM4f1f7OkQa4a5i0pVPPOXHuH6cjR3RYZYgSEyFxW41wIxhXDpBAJGaMR0yepBqQoSIMcATWn1ZqX5p9piEhD2koDkgkkipzcgf7QtQ1RIzWDAFZBUTzN175HJeSBIvaP-KQOcFzGK1cD5WF8cxIV3XQmLeEmAWQMp9nLvk7hGFruBqK-xc_JnVzI6c-tjZFNDz0fzrG0pBoX_UYnoRSFZu6wK03NQNu3GYnaHuPVGc3deCA1ujM9gC3M1AhO9PbdSfd1MNqanQ-yoBeWAS-jhukf7JaEud4WyZtU75qLuRIwcL5NcUwucNJIXy4L-kEk3Op0Sc08qG_hjVGNFb4-KjVaZYNwTUwrK9yRJfOQJ2RwYNJF5v5F88ZlX5e3hke-RHAKRE-FHeOuZKO1Q52zzvv7M0lJ9_QCHJm5fJ9VRaEMEfR7Ek2c1h6WqYoB8NZ_vv1B0gqRxzl-Ha2KCZ-oFZuJZNJ13vtY_Rkbg-G6v8O-aU7uOXoMM57XF_wZuygVHu20SHekMGJHCVImkvv3ehv4ffKY7eAts54qtdRGwWyQ64xezSvqCNjOOyQnFhz8ko1M4EXvaIiOLnIcDtNFvWvivQb3--pUk6s0Gt7F4XQC4psXlTx4Grgcj8QwkPxqHg6RILlVUpTNpehhh6TfehvmcZhLt7xe9sCPACN6AhAzvgt6nA4dMu4miTX3Auwmbkyu7-6hnqlQIjUqWawOudcWxJtUjPmtETSf-ibTn3qHihYAQpGhiODJpm9HZfgcBkEJydlLwIuVj8pDBMtfVMepEesOSq_AE1FF7NCU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nytimes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

POST
H2 200 embed Show response
iteratehq.com/api/v1/surveys/ 52 B
331 B 119ms
119ms Fetch
application/json 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Requested by

Host: platform.iteratehq.com
URL: https://platform.iteratehq.com/match-prod-2ba9e5cdc9d92a535fcf.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

289c1db052503062ac304a0042a74d133fe41a306a36b2a6af0d9a7bf2ccb574

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NDYyZTZjZjU5YzVkNzAwMDFlYmM4NDgiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjg0MjAzMjE1fQ.SMKvSzfJ5HTKv4l3qZ2zzfTF0Rrd9VeN2WD79KxTB7g
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 16 May 2023 02:13:36 GMT
strict-transport-security: max-age=0; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWcZXYMkVGQR4S8wYIrdWxxP8hF8iJjq4aleB53VpXuLVBPDvBzIHYCUXhehlnTQorPZrxWGmU6tmkmxVrbQuJGTwvgAWpeJPRBy3eBCLuwUz%2BaIgTYs%2Bh%2B45F8MfnxcoC7jRhhiYHZv49o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7c801a35bf013a8b-FRA

OPTIONS
H2 200 embed
iteratehq.com/api/v1/surveys/ Frame 0
0 113ms
113ms Preflight 2606:4700:20::681a:6e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://iteratehq.com/api/v1/surveys/embed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://www.nytimes.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 7c801a350e8b3a8b-FRA
content-length: 0
date: Tue, 16 May 2023 02:13:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E3lC6%2FIb9UNkD34V3wyxLIiHbvSTXSGh9CEgqxr6E9Rlgs28HCvQ%2BJTV5SYNxx1gyyLQvbDLNlm821DyzvCXmzPWEUvBuU3q6X6pl7ZMZGVYflmxKhI6rX0AZ6S4Fj%2FwfjXknu1PgkLirII%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 track
a.et.nytimes.com/ 0
0 126ms
126ms Ping
text/plain 44.211.112.71
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://a.et.nytimes.com/track
Requested by: Host: www.nytimes.com
URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 44.211.112.71 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-211-112-71.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.nytimes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: als-svc.nytimes.com
URL: https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F6b1ca15a-7d4f-5a46-97c6-c32801377471&typ=&prop=nyt&plat=web

Domain: trial-eum-clientnsv4-s.akamaihd.net
URL: https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p2y47tlqn

Domain: trial-eum-clienttons-s.akamaihd.net
URL: https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p2y47tlqn

Verdicts & Comments Add Verdict or Comment

136 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html	1970-01-20 11:50:03	Name: nyt.et.dd Value: iv=E437DE4ED2DD4C3CAEA68A0396D0DAE7&val=BQej30Ytd1FrF2SebheP+2kUDpNujHfwcRSc21PCQZjpHBMNTtnN11c3WBVxmaF/7eVv7L++mSuI+X0X6tSnJQRtnp723qxktPsJEFex8gXvz3OE+bSDPq6KBylL591dASYmQ9ZW93CV3qPzZ8J/Mw8iqMBEJoDEK6kHHhhNEKXVtnjKcROwEZDZf+qWxU//gDFoqDX+mnACSBNNF6YHCQ==
.nytimes.com/	1970-01-20 20:35:39	Name: nyt-a Value: 9RyNDfhD8j2YZ7m5LUtOVy
.nytimes.com/	1970-01-20 11:50:24	Name: nyt-gdpr Value: 1
.nytimes.com/	1970-01-20 20:35:39	Name: nyt-purr Value: cfhspnahhudnhuns
.nytimes.com/	1970-01-20 11:50:24	Name: nyt-us Value: 0
.nytimes.com/	1970-01-20 11:50:24	Name: nyt-geo Value: DE
.nytimes.com/	1969-12-31 23:59:59	Name: nyt-b3-traceid Value: 635ce870a9494680be6c1ff316d601d1
.et.nytimes.com/	1970-01-20 11:50:05	Name: sessionActive Value: true
.et.nytimes.com/	1970-01-20 20:35:39	Name: sessionIndex Value: 1\|1684203212428\|9RyNDfhD8j2YZ7m5LUtOVy\|1684203212428
.nytimes.com/	1970-01-20 21:19:33	Name: purr-cache Value: <K0<r<C_<G_<S0<a0
a.nytimes.com/	1969-12-31 23:59:59	Name: jkidd-s Value: referrer=&landing=&start=1684203213034&isNew=1&pageIndex=1
a.nytimes.com/	1970-01-20 20:35:39	Name: jkidd-p Value: prevPage=&currPage=
a.nytimes.com/	1970-01-20 11:51:21	Name: b2b_cig_opt Value: %7B%22isCorpUser%22%3Afalse%7D
a.nytimes.com/	1970-01-20 11:51:21	Name: edu_cig_opt Value: %7B%22isEduUser%22%3Afalse%7D
a.nytimes.com/	1970-01-20 20:35:39	Name: nyt-jkidd Value: uid=0&lastRequest=1684203213034&activeDays=%5B0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C1%5D&adv=1&a7dv=1&a14dv=1&a21dv=1&lastKnownType=anon&newsStartDate=&entitlements=
.nytimes.com/	1970-01-20 21:18:51	Name: _cb Value: CDv4mmxPVEGB8bc0s
.nytimes.com/	1970-01-20 21:18:51	Name: _chartbeat2 Value: .1684203213360.1684203213360.1.Buq-SoDzVb3ID_5uypWha71CoQcoR.1
.nytimes.com/	1970-01-20 11:50:05	Name: _cb_svref Value: null
.www.nytimes.com/	1970-01-20 20:35:39	Name: datadome Value: 5GrYssmG_e~d9FH_rgiO0v31A~J4p8tRJEIlVGFqFIgUOI0A77pnIs8WCFn6m5zT0_YWE-JjLiMs-NAu4K4O4YQj2cX_~zZpJ9yDCHtepTjd2FRS-qa7~J3-J6a-ltQR
.nytimes.com/	1970-01-20 21:26:03	Name: walley Value: GA1.2.1998052796.1684203213
.nytimes.com/	1970-01-20 11:51:29	Name: walley_gid Value: GA1.2.1537897244.1684203214
.nytimes.com/	1970-01-20 11:50:03	Name: _gat_UA-58630905-2 Value: 1
.nytimes.com/	1970-01-20 21:11:39	Name: __gads Value: ID=2d611f946045765b:T=1684203213:S=ALNI_Ma8d0ElaANr4YGaAjBeKtyfi827sw
.nytimes.com/	1970-01-20 21:11:39	Name: __gpi Value: UID=00000c15d29e65bc:T=1684203213:RT=1684203213:S=ALNI_MZyysoIqlLbgPyZU6Sq_JigczEtcQ
.doubleclick.net/	1970-01-20 21:11:39	Name: IDE Value: AHWqTUnHyyHPQQpSFRhreJuFOl4B0jJGMEPpK9M6BGqqxR4quXBvFGv3LvthQ28f4ik
.et.nytimes.com/	1970-01-20 11:51:29	Name: et-ppvid Value: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html=Mo75xDhyfv7HZ77XO2vqw74b^https://myaccount.nytimes.com/auth/iframe/enter-email=UmoG1OsqAQkLMPyIjaXAvEmL
.myaccount.nytimes.com/	1970-01-20 20:35:39	Name: datadome Value: hwXmnFdrpqz6MgR34PKJnKS_e1wL-UNQKEgE_p~J6wLpA4O2Ha7b6g0RuyB07ezLCP2vx~fYqcZosiv80gAFObWEBS9-34sXh3cPHa6u08ERl97yPWBqhPzV-28eZXp
.nytimes.com/	1970-01-20 12:00:08	Name: RT Value: "z=1&dm=nytimes.com&si=aa6976da-158d-4ee1-85e8-44d653530ed7&ss=lhpn3x6t&sl=1&tt=gp&bcn=%2F%2F0217991e.akstat.io%2F&ld=ih"
.nytimes.com/	1970-01-20 21:26:03	Name: iter_id Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhaWQiOiI2NDYyZTZjZjU5YzVkNzAwMDFlYmM4NDgiLCJjb21wYW55X2lkIjoiNWMwOThiM2QxNjU0YzEwMDAxMmM2OGY5IiwiaWF0IjoxNjg0MjAzMjE1fQ.SMKvSzfJ5HTKv4l3qZ2zzfTF0Rrd9VeN2WD79KxTB7g

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://myaccount.nytimes.com/auth/prefetch-assets Message: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
security	error	URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239(Line 9) Message: Refused to connect to 'https://0217991e.akstat.io/' because it violates the following Content Security Policy directive: "connect-src 'self' .nytimes.com https://sentry.io .datadome.co https://*.go-mpulse.net".
network	error	URL: https://csp.dev.nytimes.com/report Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239(Line 9) Message: Refused to connect to 'https://trial-eum-clientnsv4-s.akamaihd.net/eum/getdns.txt?c=p2y47tlqn' because it violates the following Content Security Policy directive: "connect-src 'self' .nytimes.com https://sentry.io .datadome.co https://*.go-mpulse.net".
security	error	URL: https://s.go-mpulse.net/boomerang/ATH8A-MAMN8-XPXCH-N5KAX-8D239(Line 9) Message: Refused to connect to 'https://trial-eum-clienttons-s.akamaihd.net/eum/getdns.txt?c=p2y47tlqn' because it violates the following Content Security Policy directive: "connect-src 'self' .nytimes.com https://sentry.io .datadome.co https://*.go-mpulse.net".
network	error	URL: https://csp.dev.nytimes.com/report Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://csp.dev.nytimes.com/report Message: Failed to load resource: the server responded with a status of 403 ()
javascript	error	URL: https://www.nytimes.com/2023/05/15/business/media/philadelphia-inquirer-cyberattack.html Message: Access to XMLHttpRequest at 'https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F6b1ca15a-7d4f-5a46-97c6-c32801377471&typ=&prop=nyt&plat=web' from origin 'https://www.nytimes.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://als-svc.nytimes.com/als?uri=nyt%3A%2F%2Farticle%2F6b1ca15a-7d4f-5a46-97c6-c32801377471&typ=&prop=nyt&plat=web Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report;
Strict-Transport-Security	max-age=63072000; preload; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.et.nytimes.com
a.nytimes.com
a1.nyt.com
adservice.google.com
adservice.google.de
als-svc.nytimes.com
c.go-mpulse.net
cdn.brandmetrics.com
collector.brandmetrics.com
csp.dev.nytimes.com
dd.nytimes.com
ede5db69725769d120acce5bba656972.safeframe.googlesyndication.com
g1.nyt.com
iteratehq.com
mwcm.nytimes.com
myaccount.nytimes.com
pagead2.googlesyndication.com
platform.iteratehq.com
pnytimes.chartbeat.net
purr.nytimes.com
s.go-mpulse.net
samizdat-graphql.nytimes.com
securepubads.g.doubleclick.net
static.chartbeat.com
static01.nyt.com
tpc.googlesyndication.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
typeface.nyt.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.nytimes.com
als-svc.nytimes.com
trial-eum-clientnsv4-s.akamaihd.net
trial-eum-clienttons-s.akamaihd.net
143.204.215.54
151.101.1.164
151.101.129.164
151.101.193.164
20.50.2.28
2600:9000:2057:f000:18:1fcd:351:7bc1
2606:4700:20::681a:6e5
2606:4700:20::681a:c12
2a00:1450:4001:802::2008
2a00:1450:4001:809::2001
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:813::2001
2a00:1450:4001:829::2004
2a00:1450:4001:82b::2002
2a00:1450:4001:830::2002
2a02:26f0:1700:38a::11a6
2a02:26f0:480:18d::11a6
3.234.97.192
44.211.112.71
52.3.42.214
078b159fb8403c40be85c805a1ee088fec7f3e2ad5db26ac94d22ddfd00c50cf
09bff184ea094a06e46d7f26512fd7b245304078a27f1ba8084488cbcf7704de
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0b904723c5938b523c9ae329ba2b763681cb1de225c8f202d11012cbfd533f1f
18a0b7208b72e6fc37e28e4cc5edb23b7bda172f0bf9574c7c385790b44b1578
1bfa0c85c74803f58ec0a14c053ca3a8d2ca7e9055e718f0b5f89a763e3a94ef
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
284b0236a4042298beab7fbd92e85285533473c1316488a1fd2e0aa3522f607a
289c1db052503062ac304a0042a74d133fe41a306a36b2a6af0d9a7bf2ccb574
2ccd0ce11738369585c6f39ed2cde7b3b3b1c25c12fc30047218aa201d6add76
30347ed0802ac3130c87145f3b77faba08e66e63034abf5bd8c8db0c6aeb38a1
32f1c2fc4ee362e01cb22800f9d2907d7d3bfd30ae145974a2833eafb2300c33
37b9387d833bf722a00c5c1b4fead00a7b33fc6336e89adb052990cd06ec468d
3c95b34052e96f082ba294b3902b068b4c6747d5aa9ec0e861f17e2d00df6f40
3f9f8b52529681e544fbc3f8adcaa0841fb3e9b96904c64e34937b264243bfd8
45d4631a2a515a81a680ed257ca2561131a81afd8c246e9cffd08d19e4bd367c
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
48c17df8a89e5c3acb4127a265cce50218716f0dfdf7ad265267d4a013f01b2f
4b63b6bbcc3f57b2e0b1da66222f7151a45275589fc35276f6c8336ab616dc51
4dc80fcaf6db01fa29ced797dbb0947bb3bb95b1a88f893f389cf17144166075
54f547f453126d2b6cecfc7ce6f0a21d062df83492cdd8bf1ede0eeb800e1f04
553288eed723a7e44eb33ba63a7c467ab476cb2415ebb4efc2fe850980dc4e32
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57bc281be64ff5ec8e3c2258640df6097a32f08ac5a2c346f214300eb430f176
60994a4c022df26635bb5ccdb7a22cf32a6486ee25a4648cebdfce0ef398a0fa
60fa562c00c6af1ae11f4197146c31285d0666fa4f8fc7e4d1cc111c87a34b3c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62ecb2c76b4179b7ae15e6cf85ed81b63fed0e7838897e3171a2af6952948f33
64098b72e717e14b496cfe7bc5fae3fa69350faeb129dd24ae340b559e75be19
6e237a44eed41e29709e03583ee2fe24a14be4bfd4f9f6904d56e67e5f770293
77e822361c3aa2d5526e4e63321ad64e96484912db2ce003b13e648626aa8700
7837207f1197c426c0551dcbead6be815beff78431f5c45e84014a94cfde09d5
7c21a976bd2fa363568a31c73de29c8e071abac667139623ae743dce1bda9b14
7e600a56d48ef1c596bf57dab35afecd2d31a8d2672b045efdde1fec1a0f0f07
7ea3acac1a3cd7beeb6ced9e02e024c0b67ee6657468e074a6f9156f09c8ccb8
8180ddbdbf3f7a1a99ce120bd1e8989f02e820e6e22d7d74bbda7049b596c905
8476c19a793223cf577fa31b53fb7b69d0e765c5b5b0099444c80ed42d06678b
88c02f49ec94fda86796bb949e3674af90a3b642839f424a4c13e510259a49b4
8aa1e610b22079cb84a89491850b86860036e3f2c9750a367d839b9a6a63d306
8bf215be986357511cfca58e796434dbf348ee60f21d785a5ec54a1b2bf86aad
905a1747cfb4eb206d903082f18671c25ed8648a953ff47488ba264db741a3f6
a00a6e0e6b94ea6c48f56623acd2dc9c81117c1c82e233434c5170d9eb970319
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4e403c7245b00375232364f36d09d16a96488154a2414d40ce211e4693ef8d4
ae62969b5b189bb28c67dbcee8666abe3e9f498d17a79a68c56e1069d7d63123
b32e3879c83af441e675efa49587cb894bdd3c10420475f79879fbfb7a69766b
b5221e0636a97505ae38720d4ef182d35be5fb47d2628428db4fc918ab7ee30e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d22e01a3c0af23e3fbaa6482070f1b9579aa45e92260270f1b02b81cc3f9d3bb
d395a45f928a6940307496eb6d5819ca75e61cfdd340649f0e254edd7c39a57d
d540c486edda595d67ce0699d5ca0b921cfd6af7d6be32758fd35fa85bc5f49e
d5c3476d794fe506d400950ba78f255326f5ba73984268cbddf980d94c01295d
d5f8b49f4a86c373ebc042668cecf8e106af349c8c95ee43780d5d674927aa42
d7a5cbb5437cb04729a5ef0a4596c87951a418bef9d284965fd7eb481daa3229
d8319c824c1f3f053803abef05170a1f96d506b6a6628e0d1016ea1b7e15de89
de2fb7fd3a533c10e58a8054b788190cfd242b5b95be9db2a5d7882f5112abd9
e15d5e53ff831ab62230377a57905b2a76c75a1ab8d17c36f8ef457fce15ecd4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4348e537d4ce271a62950543ffa1e53c48df2e7727fcc97568bffdd23b17b52
e444fdaa833e612d239cf21a335b8322ad8cb7c7ba697ec978bdb454f5059519
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ea939bd13d79a17cc436d4c3e102d4060cb7ebf0e8e61918f3d034580dff02b9
ecd6da8a31f4ac7a6e09220679d1ff16e9e808522935a0b26c8d0cfe3dd6d5ea
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3e707799c4b8c1017aaed1c78432af2cc213ea88229312c1b2d621aa0ade9ef
f4b522f455abe5aae3832433f34821ba1552e656f2524a7aea18279a22b2f252
f5d4f80afc66fb8d60756e7daaf477e986ca9cd0f25325420e28baadd15c0e87
f785103d37279dbca96c26f2335d1a5ad90637fa73881d8d369ddb70fa7d7a47
fcafc83cd2e74419abdd21dbe228b3f283659247f23927e8fb3b80cfdd8dc551
fe8914b592cfb54f22c6e9257dbd956efeeae4909f1328233dfe706be71c34d3

www.nytimes.com Open in urlscan Pro 151.101.129.164 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

104 Requests

97 %HTTPS

65 %IPv6

15 Domains

34 Subdomains

24 IPs

3 Countries

3189 kBTransfer

8052 kBSize

29 Cookies

15 Outgoing links

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.nytimes.com Open in urlscan Pro
151.101.129.164 Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

97 %
HTTPS

65 %
IPv6

15
Domains

34
Subdomains

24
IPs

3
Countries

3189 kB
Transfer

8052 kB
Size

29
Cookies

104 HTTP transactions
1 data transactions