subscribe.duluthnewstribune.com Open in urlscan Pro
107.154.76.234 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://link.duluthnewstribune.com/click/30371758.81400/aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tLz9vZnJncF9pZD04NjIlMkM...
Effective URL:
https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_cam...
Submission: On January 30 via api (January 30th 2023, 4:42:42 pm UTC) from US — Scanned from DE

Summary HTTP 122 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 38 IPs in 5 countries across 28 domains to perform 122 HTTP transactions. The main IP is 107.154.76.234, located in District Heights, United States and belongs to INCAPSULA, US. The main domain is subscribe.duluthnewstribune.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 1st 2022. Valid for: a year.

This is the only time subscribe.duluthnewstribune.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	107.20.71.201 107.20.71.201	14618 (AMAZON-AES) (AMAZON-AES)
18	107.154.76.234 107.154.76.234	19551 (INCAPSULA) (INCAPSULA)
2	2a04:4e42:200... 2a04:4e42:200::485	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:400d:80e::200a	15169 (GOOGLE) (GOOGLE)
3	13.32.12.51 13.32.12.51	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:400d:802::200a	15169 (GOOGLE) (GOOGLE)
4	2606:2800:233... 2606:2800:233:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:400d:80e::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:400d:80d::2004	15169 (GOOGLE) (GOOGLE)
1	2600:9000:210... 2600:9000:2104:1200:1d:8f09:740:93a1	16509 (AMAZON-02) (AMAZON-02)
3	13.225.78.57 13.225.78.57	16509 (AMAZON-02) (AMAZON-02)
1	143.204.215.25 143.204.215.25	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:400... 2a04:4e42:400::282	54113 (FASTLY) (FASTLY)
1	65.9.66.35 65.9.66.35	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:400d:80c::200e	15169 (GOOGLE) (GOOGLE)
1 2	142.251.208.134 142.251.208.134	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:3400:1b:e643:4ac0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:116b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:806::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
7	52.216.62.24 52.216.62.24	16509 (AMAZON-02) (AMAZON-02)
1	104.16.133.24 104.16.133.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
3	2a00:1450:402... 2a00:1450:4025:401::9d	15169 (GOOGLE) (GOOGLE)
1	54.209.91.188 54.209.91.188	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:2800:133... 2606:2800:133:206e:1315:22a5:2006:24fd	15133 (EDGECAST) (EDGECAST)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400d:807::2002	15169 (GOOGLE) (GOOGLE)
1	104.26.4.15 104.26.4.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	13.248.139.42 13.248.139.42	16509 (AMAZON-02) (AMAZON-02)
10	52.28.223.216 52.28.223.216	16509 (AMAZON-02) (AMAZON-02)
1	13.225.78.20 13.225.78.20	16509 (AMAZON-02) (AMAZON-02)
3	13.32.110.94 13.32.110.94	16509 (AMAZON-02) (AMAZON-02)
15	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
1 2	64.4.245.84 64.4.245.84	() ()
122	38

1 107.20.71.201 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-71-201.compute-1.amazonaws.com

link.duluthnewstribune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 107.154.76.234 (District Heights, United States)

ASN19551 (INCAPSULA, US)
PTR: 107.154.76.234.ip.incapdns.net

subscribe.duluthnewstribune.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80e::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.12.51 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-12-51.vie50.r.cloudfront.net

cdn.auth0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:802::200a (Ireland)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:2800:233:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

loader-cdn.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.wgchrrammzv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mircheigeshoa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.godiciardstia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:80e::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:400d:80d::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2104:1200:1d:8f09:740:93a1 (United States)

ASN16509 (AMAZON-02, US)

login.forumcomm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.225.78.57 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-57.fra2.r.cloudfront.net

js.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-25.fra53.r.cloudfront.net

static.forumcomm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::282 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.35 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-35.fra56.r.cloudfront.net

cdn.us.auth0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:80c::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.208.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s42-in-f6.1e100.net

8975227.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:3400:1b:e643:4ac0:93a1 (United States)

ASN16509 (AMAZON-02, US)

scripts.attributionapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:116b (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.confiant-integrations.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:806::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.216.62.24 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.133.24 (None, )

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4025:401::9d (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.209.91.188 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-209-91-188.compute-1.amazonaws.com

track.attributionapp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.4.15 (United States)

ASN13335 (CLOUDFLARENET, US)

api-mg2.db-ip.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.139.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae1d37305401c759d.awsglobalaccelerator.com

payments.braintree-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.28.223.216 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com

client-analytics.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.78.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-20.fra2.r.cloudfront.net

checkout.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.32.110.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-110-94.vie50.r.cloudfront.net

assets.braintreegateway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c6.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.4.245.84 (None, ) 1 redirects

ASN- ()

b.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dub.stats.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	duluthnewstribune.com 1 redirects link.duluthnewstribune.com subscribe.duluthnewstribune.com	387 KB
18	paypal.com 1 redirects checkout.paypal.com — Cisco Umbrella Rank: 14523 www.paypal.com — Cisco Umbrella Rank: 2392 t.paypal.com — Cisco Umbrella Rank: 3176 c.paypal.com — Cisco Umbrella Rank: 5826 b.stats.paypal.com dub.stats.paypal.com c6.paypal.com	342 KB
16	braintreegateway.com js.braintreegateway.com — Cisco Umbrella Rank: 7624 client-analytics.braintreegateway.com — Cisco Umbrella Rank: 8525 assets.braintreegateway.com — Cisco Umbrella Rank: 17113	150 KB
8	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 70	43 KB
7	amazonaws.com s3.amazonaws.com	42 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	398 KB
6	doubleclick.net 1 redirects 8975227.fls.doubleclick.net — Cisco Umbrella Rank: 142690 pubads.g.doubleclick.net — Cisco Umbrella Rank: 429 stats.g.doubleclick.net — Cisco Umbrella Rank: 78	2 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 21 region1.google-analytics.com — Cisco Umbrella Rank: 2456	21 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 34 maps.googleapis.com — Cisco Umbrella Rank: 361	190 KB
4	google.de www.google.de — Cisco Umbrella Rank: 5986 adservice.google.de — Cisco Umbrella Rank: 8741	1 KB
4	auth0.com cdn.auth0.com — Cisco Umbrella Rank: 8212 cdn.us.auth0.com — Cisco Umbrella Rank: 275686	272 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	205 KB
2	braintree-api.com payments.braintree-api.com — Cisco Umbrella Rank: 9500	2 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 107	239 B
2	confiant-integrations.net cdn.confiant-integrations.net — Cisco Umbrella Rank: 1347	93 KB
2	attributionapp.com scripts.attributionapp.com — Cisco Umbrella Rank: 75341 track.attributionapp.com — Cisco Umbrella Rank: 61406	50 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	136 KB
2	forumcomm.com login.forumcomm.com static.forumcomm.com — Cisco Umbrella Rank: 108862	14 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 359	18 KB
1	db-ip.com api-mg2.db-ip.com — Cisco Umbrella Rank: 22694	759 B
1	godiciardstia.com cdn.godiciardstia.com — Cisco Umbrella Rank: 48934	48 KB
1	mircheigeshoa.com cdn.mircheigeshoa.com — Cisco Umbrella Rank: 48158	21 KB
1	msecnd.net az416426.vo.msecnd.net — Cisco Umbrella Rank: 2032	22 KB
1	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2284	2 KB
1	townnews.com bloximages.chicago2.vip.townnews.com — Cisco Umbrella Rank: 18312	2 KB
1	wgchrrammzv.com cdn.wgchrrammzv.com — Cisco Umbrella Rank: 35842	2 KB
1	polyfill.io polyfill.io — Cisco Umbrella Rank: 1353	603 B
1	azureedge.net loader-cdn.azureedge.net — Cisco Umbrella Rank: 25660	12 KB
122	28

	Domain	Requested by
18	subscribe.duluthnewstribune.com	subscribe.duluthnewstribune.com
10	client-analytics.braintreegateway.com	js.braintreegateway.com assets.braintreegateway.com
8	www.paypal.com	js.braintreegateway.com www.paypal.com
7	s3.amazonaws.com	subscribe.duluthnewstribune.com
7	www.google.com	subscribe.duluthnewstribune.com www.gstatic.com www.google.com
5	c.paypal.com	www.paypal.com c.paypal.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com subscribe.duluthnewstribune.com
4	maps.googleapis.com	subscribe.duluthnewstribune.com maps.googleapis.com
3	assets.braintreegateway.com	js.braintreegateway.com
3	www.google.de	subscribe.duluthnewstribune.com
3	stats.g.doubleclick.net	www.google-analytics.com
3	js.braintreegateway.com	subscribe.duluthnewstribune.com
3	fonts.gstatic.com	fonts.googleapis.com www.google.com
3	www.googletagmanager.com	subscribe.duluthnewstribune.com www.googletagmanager.com cdn.godiciardstia.com
3	cdn.auth0.com	subscribe.duluthnewstribune.com cdn.auth0.com
2	payments.braintree-api.com	js.braintreegateway.com
2	www.facebook.com	subscribe.duluthnewstribune.com
2	cdn.confiant-integrations.net	www.googletagmanager.com cdn.confiant-integrations.net
2	8975227.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	connect.facebook.net	subscribe.duluthnewstribune.com connect.facebook.net
2	cdn.jsdelivr.net	subscribe.duluthnewstribune.com
1	c6.paypal.com
1	dub.stats.paypal.com	www.paypal.com
1	b.stats.paypal.com	1 redirects
1	t.paypal.com
1	checkout.paypal.com	js.braintreegateway.com
1	api-mg2.db-ip.com	cdn.mircheigeshoa.com
1	adservice.google.de	adservice.google.com
1	adservice.google.com	8975227.fls.doubleclick.net
1	cdn.godiciardstia.com	loader-cdn.azureedge.net
1	cdn.mircheigeshoa.com	loader-cdn.azureedge.net
1	az416426.vo.msecnd.net	loader-cdn.azureedge.net
1	track.attributionapp.com	scripts.attributionapp.com
1	www.paypalobjects.com	subscribe.duluthnewstribune.com
1	bloximages.chicago2.vip.townnews.com	subscribe.duluthnewstribune.com
1	region1.google-analytics.com	www.googletagmanager.com
1	cdn.wgchrrammzv.com	loader-cdn.azureedge.net
1	pubads.g.doubleclick.net	subscribe.duluthnewstribune.com
1	scripts.attributionapp.com	subscribe.duluthnewstribune.com
1	cdn.us.auth0.com	cdn.auth0.com
1	polyfill.io	loader-cdn.azureedge.net
1	static.forumcomm.com	subscribe.duluthnewstribune.com
1	login.forumcomm.com	cdn.auth0.com
1	loader-cdn.azureedge.net	subscribe.duluthnewstribune.com
1	fonts.googleapis.com	subscribe.duluthnewstribune.com
1	link.duluthnewstribune.com	1 redirects
122	47

This site contains links to these domains. Also see Links.

Domain
www.duluthnewstribune.com
www.facebook.com
twitter.com
www.instagram.com
apps.apple.com
play.google.com

Subject Issuer	Validity	Valid
*.inforum.com Go Daddy Secure Certificate Authority - G2	`2022-08-01` - `2023-09-02`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.auth0.com Amazon	`2022-03-26` - `2023-04-24`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2022-10-25` - `2023-10-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.forumcomm.com Amazon	`2022-11-07` - `2023-12-06`	a year	crt.sh
checkout.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-07-28` - `2023-08-28`	a year	crt.sh
static.forumcomm.com Amazon	`2022-11-15` - `2023-12-13`	a year	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-10` - `2024-01-11`	a year	crt.sh
*.us.auth0.com Amazon	`2022-04-25` - `2023-05-24`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-08` - `2023-02-06`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.attributionapp.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-14` - `2023-03-16`	a year	crt.sh
*.confiant-integrations.net GTS CA 1P5	`2023-01-27` - `2023-04-27`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
sni2bf2bgl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-31` - `2023-11-02`	a year	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2022-12-06` - `2023-12-05`	a year	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-11` - `2023-04-11`	a year	crt.sh
www.paypalobjects.com DigiCert SHA2 Extended Validation Server CA	`2022-10-13` - `2023-11-13`	a year	crt.sh
track.attributionapp.com R3	`2023-01-13` - `2023-04-13`	3 months	crt.sh
sni2bf2fgl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-31` - `2023-11-02`	a year	crt.sh
sni2bf2egl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2022-10-31` - `2023-11-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-01-09` - `2023-04-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-17` - `2023-05-17`	a year	crt.sh
payments.braintree-api.com DigiCert SHA2 Extended Validation Server CA	`2022-09-15` - `2023-10-16`	a year	crt.sh
client-analytics.braintreegateway.com DigiCert SHA2 High Assurance Server CA	`2022-03-16` - `2023-04-16`	a year	crt.sh
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2022-11-09` - `2023-12-10`	a year	crt.sh

This page contains 14 frames:

Primary Page: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Frame ID: 5926FE447C0035DFC765430E00F2C102
Requests: 87 HTTP requests in this frame

Frame: https://login.forumcomm.com/authorize?client_id=GO9zp0OgwGlShDT4ahD4DvgXbO7Mv6cJ&response_type=token&scope=openid%20profile%20email&redirect_uri=https%3A%2F%2Fsubscribe.duluthnewstribune.com&state=oNbAkdqkIEgyH0zP8A-E721v6U5gxE5G&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xMS4zIn0%3D
Frame ID: EC9B031EA470705ABC53989C0B8D1955
Requests: 1 HTTP requests in this frame

Frame: https://8975227.fls.doubleclick.net/activityi;dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember
Frame ID: 5E500B360F67125A4F6818145BD91349
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember
Frame ID: 0029DC727D0DD25CAE93F747D171CD15
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc_R8QcAAAAANg5O-hZ4xZUc2xGnhxcC4N5w4T0&co=aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&badge=bottomleft&cb=9d4eu9qrawhk
Frame ID: BE3DC7F228FA3CCA18217B807E7CB38D
Requests: 8 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember
Frame ID: 7C828C1ED828E068A6926C7228BA5DFD
Requests: 1 HTTP requests in this frame

Frame: https://checkout.paypal.com/web/3.85.2/html/dispatch-frame.min.html
Frame ID: 9A9A326CA1422DB053F7647A1DB8793A
Requests: 1 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.85.2/html/hosted-fields-frame.min.html
Frame ID: 95BEE105566C0400BA352A4705EC6012
Requests: 2 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.85.2/html/hosted-fields-frame.min.html
Frame ID: 56CC48E839F179AEC02BAD9DE9102604
Requests: 1 HTTP requests in this frame

Frame: https://assets.braintreegateway.com/web/3.85.2/html/hosted-fields-frame.min.html
Frame ID: 04EA5B98DD77B41DE9E8614269E552CA
Requests: 1 HTTP requests in this frame

Frame: https://www.paypal.com/smart/buttons?fundingSource=paypal&style.label=paypal&style.layout=horizontal&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.350&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jb21wb25lbnRzPWJ1dHRvbnMmY3VycmVuY3k9VVNEJnZhdWx0PXRydWUmaW50ZW50PXRva2VuaXplJmNsaWVudC1pZD1BYlpsZlN1YUF3c0VfNG9JR0J2Tlk2YTRLWUZJS3otQXh3d2V1NlVVbGJOdWNtTFhycmFCYzBaZzZxamoybU1CR3F0WHpMcmMtY2l0MHpDRyIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX21hc3V1Z2RwaGJld3pmd2lzZ3hoZmh2Ym13cmpoaiJ9fQ&clientID=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&sdkCorrelationID=074a9a938a3b2&storageID=uid_fb58088579_mty6ndi6nda&sessionID=uid_cf7894a49c_mty6ndi6nda&buttonSessionID=uid_3918bbdfff_mty6ndi6nda&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=billing_setup&currency=USD&intent=tokenize&commit=true&vault=true&renderedButtons.0=paypal&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Frame ID: 2E612C012FAA3EB934F032858F957590
Requests: 6 HTTP requests in this frame

Frame: data://truncated
Frame ID: F4A662CC876123D48CB9D8B0355747A9
Requests: 1 HTTP requests in this frame

Frame: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
Frame ID: 3F88E4E1370D25F776FD8FF17578054C
Requests: 5 HTTP requests in this frame

Frame: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS
Frame ID: 628207747FCFA458B216E92176833389
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Duluth News Tribune

Page URL History Show full URLs

https://link.duluthnewstribune.com/click/30371758.81400/aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tLz9... HTTP 302
https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_mediu... Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Braintree (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.braintreegateway\.com

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Auth0 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/auth0(?:-js)?/([\d.]+)/auth0(?:.min)?\.js

Auth0 Lock (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/lock/([\d.]+)/lock(?:.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

122
Requests

99 %
HTTPS

53 %
IPv6

28
Domains

47
Subdomains

38
IPs

5
Countries

2473 kB
Transfer

8320 kB
Size

30
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.duluthnewstribune.com/?ajs_aid=cec6f91a-0781-439b-b799-f48518d17e53

Search URL Search Domain Scan URL

URL: https://www.duluthnewstribune.com/terms/?ajs_aid=cec6f91a-0781-439b-b799-f48518d17e53
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.duluthnewstribune.com/newsletter?ajs_aid=cec6f91a-0781-439b-b799-f48518d17e53
Title: Sign up for Newsletters

Search URL Search Domain Scan URL

URL: https://www.duluthnewstribune.com/account/e-paper?ajs_aid=cec6f91a-0781-439b-b799-f48518d17e53
Title: Read the e-paper

Search URL Search Domain Scan URL

URL: https://www.facebook.com/duluthnews/

Search URL Search Domain Scan URL

URL: https://twitter.com/duluthnews

Search URL Search Domain Scan URL

URL: https://www.instagram.com/duluthnews/

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/duluth-news-tribune/id1494367136

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.whiz.duluthnewstribune

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://link.duluthnewstribune.com/click/30371758.81400/aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tLz9vZnJncF9pZD04NjIlMkM4NjMmP3V0bV9tYXJrZXQ9ZHVsdXRobmV3c3RyaWJ1bmUmdXRtX3NvdXJjZT1lbWFpbCZ1dG1fbWVkaXVtPXByb21vX3NlbmQmdXRtX2NhbXBhaWduPTJfZG9sbGFyc19mb3JfNl9tb250aHNfamFuXzIzJnV0bV9jb250ZW50PTZfbW9udGhzXzJfZG9sbGFyX29mZmVyX3Byb21vXzFfYW1fMDEzMDIwMjM/6079d208caa652008f559453C15863b42 HTTP 302
https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://8975227.fls.doubleclick.net/activityi;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember HTTP 302
https://8975227.fls.doubleclick.net/activityi;dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember

Request Chain 115

https://b.stats.paypal.com/v2/counter.cgi?p=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS HTTP 302
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS

122 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
subscribe.duluthnewstribune.com/
Redirect Chain

https://link.duluthnewstribune.com/click/30371758.81400/aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tLz9vZnJncF9pZD04NjIlMkM4NjMmP3V0bV9tYXJrZXQ9ZHVsdXRobmV3c3RyaWJ1bmUmdXRtX3NvdXJjZT1lbWFpb...
https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_do...

526 KB
59 KB

812ms
539ms

Document
text/html

107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),

Reverse DNS

107.154.76.234.ip.incapdns.net

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

7c0fd9f7c2f9509aedca0e1fa2cd5286dc2459bbeebf797941226248fe5bf5d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .subconadmin.com https://.subconadmin.com .mg2cms.com https://.mg2cms.com

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-security-policy: frame-ancestors *.subconadmin.com https://*.subconadmin.com *.mg2cms.com https://*.mg2cms.com
content-type: text/html; charset=utf-8
date: Mon, 30 Jan 2023 16:42:36 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-cdn: Imperva
x-host-name: AWSPRDWEB10
x-iinfo: 7-18064657-18064666 NNNN CT(94 190 0) RT(1675096955274 42) q(0 0 3 0) r(4 5) U5
x-powered-by: ASP.NET
x-sp-host-name: AWSPRDWEB10

Redirect headers

connection: close
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 30 Jan 2023 16:42:35 GMT
location: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
server: Sailthru
x-robots-tag: noindex

GET
H2 200 flatpickr.min.css
cdn.jsdelivr.net/npm/flatpickr/dist/ 16 KB
3 KB 128ms
41ms Stylesheet
text/css 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/flatpickr/dist/flatpickr.min.css

Requested by

Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1b34a42552c96f10e4dfaaa4a367276b03868aacff63c1ac42ffe331352bc754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 30 Jan 2023 16:42:36 GMT
x-content-type-options: nosniff
content-encoding: gzip
age: 11832
x-jsd-version: 4.6.13
x-cache: MISS, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3035
x-served-by: cache-fra-eddf8230109-FRA, cache-hhn-etou8220074-HHN
x-jsd-version-type: version
etag: W/"3f26-J8BN8VjBcy9mnostEH/TFP6t00A"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 flatpickr Show response
cdn.jsdelivr.net/npm/ 49 KB
15 KB 127ms
41ms Script
application/javascript 2a04:4e42:200::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/flatpickr

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

1eeab1cb779471a0b0aaa93dd91c2eb1aa537d696f01ab05ea9dabc55e8525a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 30 Jan 2023 16:42:36 GMT
x-content-type-options: nosniff
content-encoding: gzip
age: 14561
x-jsd-version: 4.6.13
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 14501
x-served-by: cache-fra-eddf8230067-FRA, cache-hhn-etou8220074-HHN
x-jsd-version-type: version
etag: W/"c5f7-fVv7+SYe2JucqEJIf3pkZJZHRLk"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.css
subscribe.duluthnewstribune.com/styles/ 118 KB
20 KB 243ms
242ms Stylesheet
text/css 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/styles/bootstrap.css
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 09cff25adf02e25fcdaac9140d0cfcf36060315f16e71031056b5570c6551a03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:36 GMT
content-encoding: gzip
last-modified: Wed, 12 Oct 2022 13:07:32 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"1d6c9-183cc4eae20"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
x-iinfo: 7-18064657-18064733 NNNY CT(97 197 0) RT(1675096955274 588) q(0 0 0 -1) r(1 2) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes

GET
H2 200 alertify.min.css
subscribe.duluthnewstribune.com/styles/ 20 KB
4 KB 146ms
146ms Stylesheet
text/css 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/styles/alertify.min.css
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b16536ac8f4dc22595142244daba17fd653cbeb18ab213d5e73a07df55f78264

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:36 GMT
content-encoding: gzip
last-modified: Wed, 12 Oct 2022 13:07:32 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"509f-183cc4eae20"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
x-iinfo: 7-18064657-18064735 NNNY CT(97 196 0) RT(1675096955274 592) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes

GET
H2 200 style_simple.css
subscribe.duluthnewstribune.com/styles/ 135 KB
22 KB 244ms
243ms Stylesheet
text/css 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7b6b21c3940c64005b788c31f0b332e032ee4623155a1706dcf19c1263b5ac8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:36 GMT
content-encoding: gzip
last-modified: Wed, 12 Oct 2022 13:07:32 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"21d92-183cc4eae20"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
x-iinfo: 7-18064657-18064737 NNNY CT(94 193 0) RT(1675096955274 595) q(0 0 0 -1) r(1 2) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
920 B 211ms
83ms Stylesheet
text/css 2a00:1450:400d:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Rokkitt:wght@400;700;900&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7a66f21721f4518d1ff299c661e3b857092b0c38ad9f8bc4a37ecbd15e87dbf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 30 Jan 2023 16:42:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 16:42:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 30 Jan 2023 16:42:36 GMT

GET
H2 200 auth0.min.js Show response
cdn.auth0.com/js/auth0/9.11/ 138 KB
37 KB 246ms
123ms Script
application/javascript 13.32.12.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.auth0.com/js/auth0/9.11/auth0.min.js
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.12.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-12-51.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2ae5aed8aab32ad79a23003eee65fec603ddbeed83b296ba4735ff840e12b005

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: aSext1FIqk1MhYvH8ktwHiqmr.lxzw4N
content-encoding: gzip
via: 1.1 dcb9765526b3272617b95932c8fefee2.cloudfront.net (CloudFront)
date: Mon, 30 Jan 2023 15:02:35 GMT
last-modified: Mon, 05 Aug 2019 03:28:22 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 6001
etag: W/"8aaeb19bcc97ce84037e05d32a8214b1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=10800,public
x-amz-replication-status: COMPLETED
x-amz-cf-id: iHx8QZX3CeiKD7_19HMQzYUCZMzAYZdXhzkVChWEBLSv_Ecc7mH8Bw==

GET
H2 200 lock.min.js Show response
cdn.auth0.com/js/lock/11.25/ 816 KB
230 KB 246ms
122ms Script
application/javascript 13.32.12.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.auth0.com/js/lock/11.25/lock.min.js
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.12.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-12-51.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0c66c855006ab2ae4f702be94152ccc855d729ee985a3676d7e046763430e431

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: b6t533h85wWWf7_z_bLRmFxvZTyg8KX4
content-encoding: gzip
via: 1.1 dcb9765526b3272617b95932c8fefee2.cloudfront.net (CloudFront)
date: Mon, 30 Jan 2023 13:49:15 GMT
last-modified: Tue, 14 Jul 2020 10:52:03 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 10402
etag: W/"787121ba6999ff8d3156411e5d29542c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=10800,public
x-amz-replication-status: COMPLETED
x-amz-cf-id: 5UxLWRUPeo-efc2UV8O5MJfTlLBVSO__A9hn56WX2hxBC1QqaVlM-w==

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 166 KB
55 KB 248ms
107ms Script
text/javascript 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyCu2stHA_Wgp5c31U3hCuMMMr0Bw5E6dyo&libraries=places

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

mafe /

Resource Hash

4ae104b640aede82496b9e34d9a59c2e0f33d5d2ca1f264cb0ab23fd3f2372fa

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:36 GMT
content-encoding: gzip
server: mafe
vary: Accept-Language
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
server-timing: gfet4t7; dur=48
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55664
x-xss-protection: 0
expires: Mon, 30 Jan 2023 17:12:36 GMT

GET
H2 200 build.js Show response
subscribe.duluthnewstribune.com/build/ 905 KB
212 KB 246ms
245ms Script
application/javascript 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 443ae6d19eccb96c833d38664cc77797a6e37b9c3939c08161aebb02f6138cf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:36 GMT
content-encoding: gzip
last-modified: Wed, 12 Oct 2022 13:07:30 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"e25f2-183cc4ea650"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
x-iinfo: 7-18064657-18064666 PNNN RT(1675096955274 688) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes

GET
H2 200 loader.min.js Show response
loader-cdn.azureedge.net/prod/forum/ 42 KB
12 KB 161ms
40ms Script
application/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://loader-cdn.azureedge.net/prod/forum/loader.min.js
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD4) /
Resource Hash: 9df8b934c46e43688d69296a2d49a0f29ef40a15394ab4be7a48ee800d06e731

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 30 Jan 2023 16:42:36 GMT
content-encoding: gzip
content-md5: BMw4JDF2Cf21CoeljLr35A==
age: 24548
x-cache: HIT
content-length: 12028
x-ms-lease-status: unlocked
last-modified: Wed, 02 Nov 2022 08:02:08 GMT
server: ECAcc (frc/4CD4)
etag: 0x8DABCA88A64FB44
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 8473f13a-701e-0004-7190-347ab9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 _Incapsula_Resource Show response
subscribe.duluthnewstribune.com/ 139 KB
20 KB 147ms
146ms Script
application/javascript 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=757817091
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: /
Resource Hash: 1cd788dc815a0928f0eddc114f265d2c1e4393a94143b494260dc5343fa8b4fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

cache-control: no-cache, no-store
content-encoding: gzip
x-robots-tag: noindex
content-length: 20008
content-type: application/javascript

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 221 KB
77 KB 268ms
75ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5VHGMKS

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5c9cd98489d234940675ac308ea383341b6118387324ff5dba79c7b98b8cef3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78684
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 30 Jan 2023 16:42:37 GMT

GET
H2 200 qFdu35qfgYFjGy5hukqqhw5XeRgdi1ryd_LAMU5fIH2httAyI4R2vGo4.woff2
fonts.gstatic.com/s/rokkitt/v29/ 17 KB
18 KB 235ms
53ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/rokkitt/v29/qFdu35qfgYFjGy5hukqqhw5XeRgdi1ryd_LAMU5fIH2httAyI4R2vGo4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Rokkitt:wght@400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df29ab7936e6e6ec6f3f2a0a49d712646d7f73c34c95af836ad799fa2233f032

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://subscribe.duluthnewstribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 23 Jan 2023 23:25:08 GMT
x-content-type-options: nosniff
age: 580649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17840
x-xss-protection: 0
last-modified: Mon, 18 Jul 2022 19:35:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 23 Jan 2024 23:25:08 GMT

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 202ms
93ms XHR
application/json 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCu2stHA_Wgp5c31U3hCuMMMr0Bw5E6dyo&libraries=places

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://subscribe.duluthnewstribune.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 908 B
898 B 214ms
76ms Script
text/javascript 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?onload=recaptchaInit&size=invisible&render=explicit

Requested by

Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7a0679f3f5a4488b98ad0911486a5457d9e3fc9a38badc143e749cf7ee735c9f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 578
x-xss-protection: 1; mode=block
expires: Mon, 30 Jan 2023 16:42:37 GMT

GET
H2 200 authorize Show response
login.forumcomm.com/ Frame EC9B 1 KB
2 KB 800ms
640ms Document
text/html 2600:9000:2104:1200:1d:8f09:740:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://login.forumcomm.com/authorize?client_id=GO9zp0OgwGlShDT4ahD4DvgXbO7Mv6cJ&response_type=token&scope=openid%20profile%20email&redirect_uri=https%3A%2F%2Fsubscribe.duluthnewstribune.com&state=oNbAkdqkIEgyH0zP8A-E721v6U5gxE5G&response_mode=web_message&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xMS4zIn0%3D

Requested by

Host: cdn.auth0.com
URL: https://cdn.auth0.com/js/auth0/9.11/auth0.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2104:1200:1d:8f09:740:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

cloudflare /

Resource Hash

648dfea57b2801d0c0ea1eb931c1026734c1b9054f8c5dca3d35b50430238797

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 791ba97069209290-FRA
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 30 Jan 2023 16:42:38 GMT
ot-baggage-auth0-request-id: 791ba97069209290
ot-tracer-sampled: true
ot-tracer-spanid: 3917877531cb2cd3
ot-tracer-traceid: 1df8ebab611e38f3
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000
traceparent: 00-00000000000000001df8ebab611e38f3-3917877531cb2cd3-01
tracestate: auth0-request-id=791ba97069209290,auth0=true
vary: Accept-Encoding
via: 1.1 bf5caee39117de5337c47c748b716e80.cloudfront.net (CloudFront)
x-amz-cf-id: pPeASv8p7xaESjsiJgXshPOwAUve5YAa8l8ZyGlvON7inmc_-M1MQw==
x-amz-cf-pop: AMS1-C1
x-auth0-requestid: 5671681f2914eea40d95
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-ratelimit-limit: 300
x-ratelimit-remaining: 299
x-ratelimit-reset: 1675096958

GET
H2 200 client.min.js Show response
js.braintreegateway.com/web/3.85.2/js/ 42 KB
13 KB 172ms
45ms Script
application/javascript 13.225.78.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.85.2/js/client.min.js

Requested by

Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.57 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-57.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

4a3569fc82e8fef2a9125e05232c934b475e8c895e2454de87877d78da71a325

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding: gzip
via: 1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront)
date: Mon, 30 Jan 2023 13:12:05 GMT
x-amz-cf-pop: FRA2-C2
age: 12663
x-cache: Hit from cloudfront
last-modified: Fri, 20 Jan 2023 21:56:59 GMT
server: nginx
etag: W/"63cb0e2b-a838"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-id: qTcZckn0l_cB3eXXtOTF8sPrq9HP5H7UCgHAVoQekKtQamDsy_toDg==
expires: Tue, 31 Jan 2023 13:11:34 GMT

GET
H2 200 hosted-fields.min.js Show response
js.braintreegateway.com/web/3.85.2/js/ 63 KB
18 KB 178ms
52ms Script
application/javascript 13.225.78.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.85.2/js/hosted-fields.min.js

Requested by

Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.57 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-57.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

392c1cfd7dba03273c21a643e0aa17b3374383d575c55e6b23c99f873227ae32

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 13:45:48 GMT
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding: gzip
via: 1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 10609
x-cache: Hit from cloudfront
last-modified: Fri, 20 Jan 2023 21:57:02 GMT
server: nginx
etag: W/"63cb0e2e-fa56"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-id: LRNMJb8f7HfgVtN6btMLrFsI_ugowNRkomz2QhxNK8F-ex58Rbw8FQ==
expires: Tue, 31 Jan 2023 13:45:48 GMT

GET
H2 200 paypal-checkout.min.js Show response
js.braintreegateway.com/web/3.85.2/js/ 55 KB
15 KB 177ms
51ms Script
application/javascript 13.225.78.57
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.braintreegateway.com/web/3.85.2/js/paypal-checkout.min.js

Requested by

Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.57 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-57.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

106cc265f34c25113c1c57a7b606878708cbb4205a66e82f495cd40014b24258

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 14:27:32 GMT
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-encoding: gzip
via: 1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 8105
x-cache: Hit from cloudfront
last-modified: Fri, 20 Jan 2023 21:57:00 GMT
server: nginx
etag: W/"63cb0e2c-da27"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-id: j9Z6CuXQEQxL5SHCQzzvOrBArtL91ZNxNMePt-QpjuWSbkZN1BNLQg==
expires: Tue, 31 Jan 2023 14:27:32 GMT

GET
H2 200 US Show response
subscribe.duluthnewstribune.com/address/getStates/ 2 KB
1 KB 183ms
183ms XHR
application/json 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/address/getStates/US
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca1f76f3e333116f0ed5ae78dbce5c9c407d50d21530beb81e9cc0db1fa4cfac

Request headers

Accept: */*
X-TrackingCode: {"utm_medium":"promo_send","utm_source":"email","utm_campaign":"2_dollars_for_6_months_jan_23","utm_content":"6_months_2_dollar_offer_promo_1_am_01302023","utm_term":"duluthnewstribune_promo_nonmember"}
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-version: 3.16.0
date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
x-sp-host-name: AWSPRDWEB10
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-iinfo: 7-18064657-18064666 PNNN RT(1675096955274 1226) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10

POST
H2 200 / Show response
subscribe.duluthnewstribune.com/offer/getOffers/ 6 KB
2 KB 264ms
263ms XHR
application/json 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/offer/getOffers/
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7e51ad247ed033aabcf348d5cfb60952c173b5b4e9a72ba18f564cb8a16a48d9

Request headers

Accept: */*
X-TrackingCode: {"utm_medium":"promo_send","utm_source":"email","utm_campaign":"2_dollars_for_6_months_jan_23","utm_content":"6_months_2_dollar_offer_promo_1_am_01302023","utm_term":"duluthnewstribune_promo_nonmember"}
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-version: 3.16.0
date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
x-sp-host-name: AWSPRDWEB10
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-iinfo: 7-18064657-18064737 PNNy RT(1675096955274 1229) q(0 0 0 -1) r(2 2) U5
x-host-name: AWSPRDWEB10

GET
H2 200 duluthnewstribune.png
static.forumcomm.com/images/620x220/ 12 KB
12 KB 164ms
44ms Image
image/png 143.204.215.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.forumcomm.com/images/620x220/duluthnewstribune.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-25.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5525155484aef569c783dcb2e9d0de43eadb0a85178d0361c34dd1ef115af43a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:38:26 GMT
via: 1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
last-modified: Mon, 16 Aug 2021 21:25:10 GMT
server: AmazonS3
x-amz-cf-pop: FRA53-C1
age: 252
etag: "ac16c3db3824ab9b3807b1f20a9249dc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 12199
x-amz-cf-id: _9-O8Colq9g9SEUpyCmK7k8AT_XgCg2ZYsWjMwauboTnXpfFk-ye9Q==

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
603 B 135ms
41ms Script
text/javascript 2a04:4e42:400::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?flags=gated&features=es5%2CCustomEvent%2CArray.from%2CArray.isArray%2CArray.prototype.filter%2CArray.prototype.find%2CArray.prototype.findIndex%2CArray.prototype.forEach%2CArray.prototype.indexOf%2CArray.prototype.keys%2CArray.prototype.lastIndexOf%2CArray.prototype.map%2CArray.prototype.reduce%2CDate.prototype.toISOString%2CDocumentFragment%2CDocumentFragment.prototype.append%2CDocumentFragment.prototype.prepend%2CElement%2CElement.prototype.after%2CElement.prototype.append%2CElement.prototype.before%2CElement.prototype.classList%2CElement.prototype.cloneNode%2CElement.prototype.closest%2CElement.prototype.dataset%2CElement.prototype.matches%2CElement.prototype.placeholder%2CElement.prototype.prepend%2CElement.prototype.remove%2CElement.prototype.replaceWith%2CElement.prototype.toggleAttribute%2CEvent%2CJSON%2CMap%2CNumber.parseInt%2CNumber.parseFloat%2CObject.assign%2CObject.create%2CObject.defineProperties%2CObject.defineProperty%2CObject.entries%2CObject.getOwnPropertyDescriptor%2CObject.getOwnPropertyNames%2CObject.is%2CObject.keys%2CObject.values%2CPromise%2CPromise.prototype.finally%2CSet%2CString.prototype.trim%2CXMLHttpRequest%2Cdocument.getElementsByClassName%2Cdocument.currentScript%2Cdocument.querySelector%2Cfetch%2CgetComputedStyle%2ClocalStorage%2CArray.prototype.some%2CDate.now%2CEvent.focusin%2CEventSource%2CFunction.prototype.bind%2CFunction.prototype.name%2CHTMLDocument%2CNodeList.prototype.forEach%2CNodeList.prototype.%40%40iterator%2CNode.prototype.contains%2CObject.getPrototypeOf%2CObject.setPrototypeOf%2CRegExp.prototype.flags%2CString.prototype.%40%40iterator%2CString.prototype.startsWith%2CString.prototype.endsWith%2Cconsole%2Cconsole.debug%2Cconsole.error%2Cconsole.info%2Cconsole.log%2Cdocument%2Cdocument.head%2Cdocument.visibilityState%2Clocation.origin%2CrequestIdleCallback%2Cscreen.orientation%2CmatchMedia%2CURL

Requested by

Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/forum/loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Origin: https://subscribe.duluthnewstribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
date: Mon, 30 Jan 2023 16:42:37 GMT
age: 1743236
detected-user-agent: Chrome/109.0.5414
server-timing: HIT, fastly;desc="Edge time";dur=1, HIT, fastly;desc="Edge time";dur=1
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 94
referrer-policy: origin-when-cross-origin
last-modified: Tue, 10 Jan 2023 11:07:47 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
content-type: text/javascript; charset=UTF-8
normalized-user-agent: chrome/109.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 en.js Show response
cdn.auth0.com/js/lock/11.25.1/ 6 KB
3 KB 48ms
47ms Script
application/javascript 13.32.12.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.auth0.com/js/lock/11.25.1/en.js
Requested by: Host: cdn.auth0.com
URL: https://cdn.auth0.com/js/lock/11.25/lock.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.12.51 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-12-51.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 70212eacf2b641df77cb7f0b97262908d1f8abde30a8b77b1a7cd8ef7031ab7a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-amz-version-id: qIAQzzJ.pD93KVstNbm_W.GXOnij8Nlm
content-encoding: gzip
via: 1.1 dcb9765526b3272617b95932c8fefee2.cloudfront.net (CloudFront)
date: Mon, 30 Jan 2023 09:53:01 GMT
last-modified: Tue, 14 Jul 2020 10:52:03 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-C2
age: 25986
etag: W/"572cf148365b46b1764bce1465485227"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=2628000,public
x-amz-replication-status: COMPLETED
x-amz-cf-id: f3euAL8ShJMp1toIxkl9Qv4EEQjJaIWB2cLBi9Qjo_zzyxWngsHsRw==

GET
H2 200 GO9zp0OgwGlShDT4ahD4DvgXbO7Mv6cJ.js Show response
cdn.us.auth0.com/client/ 688 B
1 KB 190ms
41ms Script
application/x-javascript 65.9.66.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.us.auth0.com/client/GO9zp0OgwGlShDT4ahD4DvgXbO7Mv6cJ.js?t1675096957336

Requested by

Host: cdn.auth0.com
URL: https://cdn.auth0.com/js/lock/11.25/lock.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.66.35 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-35.fra56.r.cloudfront.net

Software

cloudflare /

Resource Hash

7d77b850d78c8ff02a573b154fff90efef82dbdc2d45508be82b1ebb33180cff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: EXPIRED
tracestate: auth0-request-id=791ba3443d709b8f
x-auth0-requestid: fddbeae4c01c97835ca2
date: Mon, 30 Jan 2023 16:41:42 GMT
via: 1.1 f358cf5f46d10c349187abd5e20e06ce.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 55
x-cache: Hit from cloudfront
server: cloudflare
ot-tracer-sampled: true
traceparent: 00-6e668e2e761291ee-000000000000000069e92916112ce419-01
etag: W/"2b0-G9nOolqi3r6RJL7ayymn8f1mIgI"
ot-tracer-traceid: 69e92916112ce419
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=60, stale-while-revalidate=60, stale-if-error=86400
ot-baggage-auth0-request-id: 791ba3443d709b8f
cf-ray: 791ba3443d709b8f-FRA
x-amz-cf-id: -tRCcp7nfJrB5ZrV08l90b6c_nmT8AyFpsfeVHqpHP-h6ENtd3MPQA==
ot-tracer-spanid: 6e668e2e761291ee

GET
H2 200 _Incapsula_Resource
subscribe.duluthnewstribune.com/ 1 B
35 B 39ms
39ms Image
text/plain 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscribe.duluthnewstribune.com/_Incapsula_Resource?SWKMTFSR=1&e=0.6849194050912881
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 1
content-type: text/plain

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 138ms
41ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

39cc6c78632abb08815246e75d23371d17c0106cfb4156297f74366c8404b533

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 30 Jan 2023 16:42:37 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27815
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: GJ/bgOQga2F8d8nF9YObmO+kwbImVZur20EoEKQgt02a96/M/5KXRAdaduKG0QUPSxXq3LixQttZX9TjWCFsrg==
x-fb-trip-id: 2050670934
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 177ms
52ms Script
text/javascript 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VHGMKS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 30 Jan 2023 16:21:44 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 1253
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Mon, 30 Jan 2023 18:21:44 GMT

GET
H2

200

activityi;dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fo... Show response
8975227.fls.doubleclick.net/ Frame 5E50
Redirect Chain

https://8975227.fls.doubleclick.net/activityi;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3...
https://8975227.fls.doubleclick.net/activityi;dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsu...

760 B
573 B

95ms
86ms

Document
text/html

142.251.208.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://8975227.fls.doubleclick.net/activityi;dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VHGMKS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.208.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s42-in-f6.1e100.net

Software

cafe /

Resource Hash

86b01550e0622b6eb30bc7645539c099493a3c210fc297547bdc05e7f58a5012

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 397
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 16:42:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 16:42:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://8975227.fls.doubleclick.net/activityi;dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 attribution.js Show response
scripts.attributionapp.com/v2/ 188 KB
49 KB 146ms
46ms Script
text/javascript 2600:9000:206f:3400:1b:e643:4ac0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://scripts.attributionapp.com/v2/attribution.js
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:3400:1b:e643:4ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 106fb417f17d07a860ebd1466dd44c0f30c754560e24e4f85ce5b4b560fd6bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 07 Dec 2022 03:21:52 GMT
content-encoding: gzip
via: 1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
x-amz-version-id: RQJy8VcmP_6sFxDTdxAdYQVJJmnH7jfb
last-modified: Thu, 13 Jan 2022 13:37:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 4713645
etag: W/"474a32856b401757baa407bb96ebb13f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=315360000, no-transform, public
x-amz-cf-id: fdIlZUWb6FWjP8Y4YjVEkli81Pc6jZx47kg2MOBXCZmMVrw8Ha-BEQ==

GET
H2 200 config.js Show response
cdn.confiant-integrations.net/cUnQ-tYNZ95Jh3EezVQMDpKuEDk/gpt_and_prebid/ 110 KB
25 KB 158ms
72ms Script
text/javascript 2606:4700::6812:116b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/cUnQ-tYNZ95Jh3EezVQMDpKuEDk/gpt_and_prebid/config.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VHGMKS
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24b57c02d8670f2a0f99ed9fff32356387a07f56a37bbc62ceba1c1e91712cc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 30 Jan 2023 16:27:12 GMT
server: cloudflare
x-amz-request-id: 66GTRQ6W2R2AADYF
age: 236
etag: W/"93a1d7f2f5174e45ba94f0f698521a5d"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
cf-ray: 791ba970bcdb9208-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: V7dgFzhyPK1WPIBbSZho1Kc8gZ1nRa1oosFVSbuCepr/guKPppbo/PrKqje7ggs/Yow+WyJCrlk=

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 215 KB
76 KB 84ms
84ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-Z15KJQ29H1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5VHGMKS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c7c0db0c265da2d9d030ebe6ece087febca214f35bfa99c579f22bc5873d4b38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 30 Jan 2023 16:42:37 GMT

GET
H2 200 DFPAudiencePixel;ord=4866957953595.719;dc_seg=487073367
pubads.g.doubleclick.net/activity;dc_iu=/7021/ 42 B
542 B 214ms
87ms Image
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pubads.g.doubleclick.net/activity;dc_iu=/7021/DFPAudiencePixel;ord=4866957953595.719;dc_seg=487073367?

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 loader-config.json Show response
cdn.wgchrrammzv.com/prod/forum/ 4 KB
2 KB 162ms
41ms Fetch
application/json 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.wgchrrammzv.com/prod/forum/loader-config.json
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/forum/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4D05) /
Resource Hash: 8b66f48278fb986f0f07a7827e508cdf1228e1f6a3960915ee2f8451112a256b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
content-md5: 7fTtE6xsd7EtSwyK6Rvr1Q==
age: 24548
x-cache: HIT
content-length: 1274
x-ms-lease-status: unlocked
last-modified: Wed, 02 Nov 2022 08:16:24 GMT
server: ECAcc (frc/4D05)
etag: 0x8DABCAA882C7919
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 5830bcb0-f01e-0068-6f90-34912e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ 405 KB
162 KB 191ms
53ms Script
text/javascript 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=recaptchaInit&size=invisible&render=explicit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Origin: https://subscribe.duluthnewstribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31078
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165279
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Jan 2024 08:04:39 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
265 B 136ms
48ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-Z15KJQ29H1&gtm=2oe1p0&_p=1823083802&cid=1950005521.1675096958&ul=en-us&sr=1600x1200&uaW=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1675096957&sct=1&seg=0&dl=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember&dt=Duluth%20News%20Tribune&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-Z15KJQ29H1&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 659058557951167 Show response
connect.facebook.net/signals/config/ 376 KB
108 KB 41ms
41ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/659058557951167?v=2.9.92&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3725ef48f5d7b22d88fbb28285c411fdd8004795717e9c49a45c849528224190

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 30 Jan 2023 16:42:37 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 110023
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: 5mZ0lSE8+OGUrcLczVzPMiCh0xBzGKlGC55ytpGqO6DvLFekqfYpaDOg6rnDG2jbyKJ+7a8QjtvQNHEiggGcMQ==
x-fb-trip-id: 2050670934
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 getSubscriptionCost Show response
subscribe.duluthnewstribune.com/subscription/ 93 B
690 B 205ms
205ms XHR
application/json 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/subscription/getSubscriptionCost
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 8f9d77c779ee8d0f2d47977d8dde3417d807a02fb9e53855f3d5ba3cfd683402

Request headers

Accept: */*
X-TrackingCode: {"utm_medium":"promo_send","utm_source":"email","utm_campaign":"2_dollars_for_6_months_jan_23","utm_content":"6_months_2_dollar_offer_promo_1_am_01302023","utm_term":"duluthnewstribune_promo_nonmember"}
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-version: 3.16.0
date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
x-sp-host-name: AWSPRDWEB10
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-iinfo: 7-18064657-18064737 PNYy RT(1675096955274 1506) q(0 0 0 -1) r(2 2) U5
x-host-name: AWSPRDWEB10

GET
H/1.1 200
OK NTDUNT_Logo.png
s3.amazonaws.com/cms.forumcomm/ 9 KB
10 KB 405ms
140ms Image
image/png 52.216.62.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cms.forumcomm/NTDUNT_Logo.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.62.24 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4f4ace5760fd2511c5c9716b6be5bc050dc9b8b16a5ad0f45b2209e05df1e551

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:38 GMT
x-amz-meta-imageid: 123
Last-Modified: Thu, 28 Apr 2022 14:26:29 GMT
Server: AmazonS3
x-amz-request-id: J260SY3F6SY0Z6RE
ETag: "06dcf04364160ecd836aaddf5209820f"
Content-Type: image/png
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 9358
x-amz-id-2: gHbWyohD8Qgy7FAvGaIV5+uw4niZS2sTQqh8iPvJ3djvpxxZS2tYXphBUsz2gK/IVaIbBd7lYX4=

GET
H2 200 5d28f031899f8.image.png
bloximages.chicago2.vip.townnews.com/certification66.bloxcms.com/content/tncms/assets/v3/editorial/3/30/330ad932-a4e5-11e9-863f-f316fdf5f72a/ 2 KB
2 KB 197ms
50ms Image
image/webp 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/certification66.bloxcms.com/content/tncms/assets/v3/editorial/3/30/330ad932-a4e5-11e9-863f-f316fdf5f72a/5d28f031899f8.image.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c868ec0a6a6feb68b3d764eb0324882539c6ceed96e815ae9a83ea985fab32fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 26942333
cf-polished: origFmt=png, origSize=3341
content-disposition: inline; filename="5d28f031899f8.webp"
content-length: 1560
cf-bgj: imgq:85,h2pri
last-modified: Fri, 12 Jul 2019 20:40:17 GMT
server: cloudflare
x-vcache: MISS
etag: "5d28f031-d0d"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 791ba9725cfd90ac-FRA
expires: Fri, 24 Mar 2023 19:11:34 GMT

GET
H/1.1 200
OK QuestionMark-22x21.5.png
s3.amazonaws.com/cms.forumcomm/ 616 B
1 KB 404ms
139ms Image
image/png 52.216.62.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cms.forumcomm/QuestionMark-22x21.5.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.62.24 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 6d770303dedbfeb897525ab66c5ca7eaf31da2c805486949898fc542908db53e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:38 GMT
x-amz-meta-imageid: 123
Last-Modified: Mon, 22 Nov 2021 17:24:50 GMT
Server: AmazonS3
x-amz-request-id: J26EBKSPR09EAWNA
ETag: "7284c572894c8b8c69ae1c06af78b3e1"
Content-Type: image/png
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 616
x-amz-id-2: /aZZLpXDxGGqKk7dFSRzn6vkvAKg7R39niGo+WWLIw3rEN6Qyg8HF4K7QLpXUdf+FVQz2Kkvzy0=

GET
H2 200 pp-logo-100px.png
www.paypalobjects.com/webstatic/mktg/Logo/ 2 KB
2 KB 190ms
40ms Image
image/png 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/Logo/pp-logo-100px.png

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.2.133 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f3c5832c691778a79fe79620991e47f0004d096f937161136f46fdfdad9f1d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
via: 1.1 varnish, 1.1 varnish
x-content-type-options: nosniff
strict-transport-security: max-age=31557600
x-cache: HIT, HIT
fastly-io-info: ifsz=4647 idim=100x26 ifmt=png ofsz=1841 odim=100x26 ofmt=png
paypal-debug-id: 116762a060f84
fastly-stats: io=1
dc: ccg11-origin-www-1.paypal.com
content-length: 1841
x-served-by: cache-sjc10075-SJC, cache-hhn-etou8220086-HHN
traceparent: 00-0000000000000000000116762a060f84-1ee3886451689934-01
x-timer: S1675096958.822492,VS0,VE0
etag: "XLenWAKLSnAXUHbYwLzPnWrn7zsJLzIJTJlE5T8nY3o"
content-type: image/png
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
x-cache-hits: 252, 20

GET
H2 200 applepay.png
subscribe.duluthnewstribune.com/img/ 2 KB
3 KB 143ms
141ms Image
image/png 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscribe.duluthnewstribune.com/img/applepay.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 34dbe0c9bb6ca6343024f431f136f55315d91db5dfc43be93499652fede431ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
last-modified: Wed, 12 Oct 2022 13:07:30 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"879-183cc4ea650"
x-powered-by: ASP.NET
content-type: image/png
x-iinfo: 7-18064657-18064666 PNNN RT(1675096955274 1574) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes
content-length: 2169

GET
H2 200 googlepay.png
subscribe.duluthnewstribune.com/img/ 33 KB
34 KB 151ms
149ms Image
image/png 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscribe.duluthnewstribune.com/img/googlepay.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 510b0d3f2370083584fbfdc0d2978f0858beec21b1311e5d01c80780f207f3cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
last-modified: Wed, 12 Oct 2022 13:07:30 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"8562-183cc4ea650"
x-powered-by: ASP.NET
content-type: image/png
x-iinfo: 7-18064657-18064733 PNNy RT(1675096955274 1579) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes
content-length: 34146

GET
H/1.1 200
OK facebook-64x64.jpg
s3.amazonaws.com/cms.forumcomm/ 5 KB
5 KB 404ms
139ms Image
image/jpeg 52.216.62.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cms.forumcomm/facebook-64x64.jpg
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.62.24 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: adbafddcae5c63de02cb1f7786956f8f1f5bbfec1fedf98b13224a6995d832f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:38 GMT
x-amz-meta-imageid: 123
Last-Modified: Thu, 02 Dec 2021 15:11:54 GMT
Server: AmazonS3
x-amz-request-id: J26FP7PQP4ZZP1HP
ETag: "c6683d35d9ad62d6b35f4b2574582c66"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 4629
x-amz-id-2: sgPfMYmTcmf6wpFaoKWcxR0nES0KhA2FK3ZGDxDla44jXO6/q24FnR23x9CZgveSAm2yw8qAhSY=

GET
H/1.1 200
OK twitter-64x64.jpg
s3.amazonaws.com/cms.forumcomm/ 4 KB
5 KB 401ms
137ms Image
image/jpeg 52.216.62.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cms.forumcomm/twitter-64x64.jpg
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.62.24 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 0a7cd92c980e820d3064ace1159a3e6be8c160f8d11e299558ab3c3574db8914

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:38 GMT
x-amz-meta-imageid: 123
Last-Modified: Thu, 02 Dec 2021 15:11:39 GMT
Server: AmazonS3
x-amz-request-id: J26B5TT2EVGS9Q8F
ETag: "8619bbd818caf65b575c8f23cdd6f1cb"
Content-Type: image/jpeg
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 4583
x-amz-id-2: aNG1oS1xcCaK8CF3GlLygC7sdJjyF4o1B+CIl/J1bAPczn+Q9kbHm75RJev+7miP2Di/qqjpBi0=

GET
H/1.1 200
OK instagram-logo-64x64.png
s3.amazonaws.com/cms.forumcomm/ 7 KB
7 KB 400ms
135ms Image
image/png 52.216.62.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cms.forumcomm/instagram-logo-64x64.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.62.24 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 2949750aadafc472d1039eeba65ded9b96ff4da450eabccfb13bcdca1219498a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:38 GMT
x-amz-meta-imageid: 123
Last-Modified: Tue, 01 Feb 2022 22:48:55 GMT
Server: AmazonS3
x-amz-request-id: J26B3MAPC280TH6C
ETag: "03961f9c9b9b08f588792f4621e6131c"
Content-Type: image/png
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 6744
x-amz-id-2: AX7siMRxMmQ2kAg6VpPNqM/sfFmi04NMQjPeiC+BjpxbdvCD3NmDTvFtkPwBEjkgkGRORZD2M6c=

GET
H/1.1 200
OK apple-app-store-logo-160x60.png
s3.amazonaws.com/cms.forumcomm/ 7 KB
7 KB 393ms
139ms Image
image/png 52.216.62.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cms.forumcomm/apple-app-store-logo-160x60.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.62.24 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 80962ef1a0f4bc95fc4bac325bbfcc391dc701c2e89c304eb647c256d7d62583

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:38 GMT
x-amz-meta-imageid: 123
Last-Modified: Thu, 02 Dec 2021 15:12:33 GMT
Server: AmazonS3
x-amz-request-id: J2619KD92P289F3Z
ETag: "cad01681361df35eab189e6bbea45403"
Content-Type: image/png
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 6685
x-amz-id-2: 0mkb6fO8kFhQ/b+RXu1bEDabgU9gK+M/IzDsmKbTxEpIuZvgjPrXIF8k16GkOt1pLRUQ35ZoCT0=

GET
H/1.1 200
OK google-app-store-logo-160x60.png
s3.amazonaws.com/cms.forumcomm/ 7 KB
7 KB 129ms
128ms Image
image/png 52.216.62.24
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/cms.forumcomm/google-app-store-logo-160x60.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.62.24 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: e9cdf28b62df59bca53a06f6d2afbd81da3045e8f8def1f5ac370497ae59fd30

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:39 GMT
x-amz-meta-imageid: 123
Last-Modified: Thu, 02 Dec 2021 15:12:35 GMT
Server: AmazonS3
x-amz-request-id: 24EK1AD9HMMA44B9
ETag: "fcd18445b45bf8e4d243b2003c77d96b"
Content-Type: image/png
Cache-Control: max-age=604800
Accept-Ranges: bytes
Content-Length: 7234
x-amz-id-2: fHaWOGjjbc28m/Di2ksPw2PfiG5V9R6nPVvSbwtgzwDYHnBF723543tdzbK84NRDM/4va/tPnh4=

GET
H2 200 apple-icon.svg
subscribe.duluthnewstribune.com/img/ 1 KB
1 KB 151ms
150ms Image
image/svg+xml 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscribe.duluthnewstribune.com/img/apple-icon.svg
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 26e79ccb25e9dd44ea28d12a67c5700f39d283f078dac70d287c6625b2fa2c92

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
last-modified: Wed, 12 Oct 2022 13:07:30 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"4a3-183cc4ea650"
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: image/svg+xml
x-iinfo: 7-18064657-18064735 PNNy RT(1675096955274 1587) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes

GET
H2 200 fbIcon.png
subscribe.duluthnewstribune.com/img/ 1 KB
2 KB 172ms
171ms Image
image/png 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscribe.duluthnewstribune.com/img/fbIcon.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4fd1192135e7bb8f65d1220d492bdf97260eb699b8de3d5b13c32dee76e0eb99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
last-modified: Wed, 12 Oct 2022 13:07:30 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"45f-183cc4ea650"
x-powered-by: ASP.NET
content-type: image/png
x-iinfo: 7-18064657-18064825 NNNY CT(94 192 0) RT(1675096955274 1612) q(0 0 0 -1) r(1 1) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes
content-length: 1119

GET
H2 200 googleIcon.png
subscribe.duluthnewstribune.com/img/ 2 KB
2 KB 472ms
471ms Image
image/png 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscribe.duluthnewstribune.com/img/googleIcon.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 30fa2094f726c9e4a2c520398c3fd07868e2c921789ba95bd875695d48f31141

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:38 GMT
last-modified: Wed, 12 Oct 2022 13:07:30 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"6ad-183cc4ea650"
x-powered-by: ASP.NET
content-type: image/png
x-iinfo: 7-18064657-18064827 NNNN CT(96 197 0) RT(1675096955274 1618) q(0 0 3 -1) r(4 4) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes
content-length: 1709

GET
H2 200 select_dropdown.png
subscribe.duluthnewstribune.com/img/ 984 B
2 KB 231ms
230ms Image
image/png 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://subscribe.duluthnewstribune.com/img/select_dropdown.png
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5b74726d50ad888710f49a50c91351aee827fa48698bfec35bcf48db8350bef9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/styles/style_simple.css?dateStamp=1665593879000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
last-modified: Wed, 12 Oct 2022 13:07:30 GMT
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-sp-host-name: AWSPRDWEB10
etag: W/"3d8-183cc4ea650"
x-powered-by: ASP.NET
content-type: image/png
x-iinfo: 7-18064657-18064737 PNNy RT(1675096955274 1620) q(0 1 1 -1) r(2 2) U5
cache-control: public, max-age=2592000
x-host-name: AWSPRDWEB10
accept-ranges: bytes
content-length: 984

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
158 B 74ms
74ms XHR
text/plain 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1823083802&t=pageview&_s=1&dl=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember&ul=en-us&de=UTF-8&dt=Duluth%20News%20Tribune&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=1060025432&gjid=1785789562&cid=1950005521.1675096958&tid=UA-778232-77&_gid=1812599132.1675096958&_r=1&_slc=1&gtm=2wg1p05VHGMKS&z=1242704492

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
69 B 73ms
72ms XHR
text/plain 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1823083802&t=pageview&_s=1&dl=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember&ul=en-us&de=UTF-8&dt=Duluth%20News%20Tribune&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=1113230074&gjid=953706466&cid=1950005521.1675096958&tid=UA-41542537-2&_gid=1812599132.1675096958&_r=1&_slc=1&gtm=2wg1p05VHGMKS&z=196835153

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
360 B 162ms
48ms XHR
text/plain 2a00:1450:4025:401::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-778232-32&cid=1950005521.1675096958&jid=1408343849&gjid=2079408421&_gid=1812599132.1675096958&_u=YCDAiEABBAAAAGAAI~&z=2025528481

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:401::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 52ms
52ms Image
image/gif 2a00:1450:400d:80c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=1823083802&t=pageview&_s=1&dl=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember&ul=en-us&de=UTF-8&dt=Duluth%20News%20Tribune&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAiEABBAAAACAAI~&jid=1408343849&gjid=2079408421&cid=1950005521.1675096958&tid=UA-778232-32&_gid=1812599132.1675096958&gtm=2wg1p05VHGMKS&z=746732364

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 11:05:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 20247
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK p Show response
track.attributionapp.com/ 0
345 B 401ms
128ms XHR
application/json 54.209.91.188
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://track.attributionapp.com/p

Requested by

Host: scripts.attributionapp.com
URL: https://scripts.attributionapp.com/v2/attribution.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.209.91.188 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-209-91-188.compute-1.amazonaws.com

Software

Cowboy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 30 Jan 2023 16:42:37 GMT
Via: 1.1 vegur
X-Content-Type-Options: nosniff
Server: Cowboy
Access-Control-Allow-Methods: OPTIONS, GET, POST, DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: Authorization, Content-Type
Content-Length: 0

GET
H2 200 ai.0.js Show response
az416426.vo.msecnd.net/scripts/a/ 94 KB
22 KB 171ms
42ms Script
application/x-javascript 2606:2800:133:206e:1315:22a5:2006:24fd
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/forum/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CD6) /
Resource Hash: 5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
x-ms-meta-lastmodified: 2020-10-01 19:31:04
content-md5: HdY95yzx9wIyQkVEGES+Ew==
age: 442
x-cache: HIT
content-length: 22495
x-ms-lease-status: unlocked
last-modified: Thu, 11 Mar 2021 07:46:59 GMT
server: ECAcc (frc/4CD6)
etag: 0x8D8E461DA1A5889
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 264ef88f-001e-009a-13c8-3471e9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800
x-ms-version: 2009-09-19
expires: Mon, 30 Jan 2023 17:12:37 GMT

GET
H2 200 fp.min.js Show response
cdn.mircheigeshoa.com/prod/forum/ 63 KB
21 KB 166ms
39ms Script
application/javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mircheigeshoa.com/prod/forum/fp.min.js
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/forum/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CDA) /
Resource Hash: 0633be0754d8f21391eacd07f177335f08a1daabbba04ddc696283a27b0c005a

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Origin: https://subscribe.duluthnewstribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
content-md5: K/jSSuKoyjNzEYPSaUOAbA==
age: 25736
x-cache: HIT
content-length: 21209
x-ms-lease-status: unlocked
last-modified: Tue, 21 Jun 2022 08:55:04 GMT
server: ECAcc (frc/4CDA)
etag: 0x8DA5363BBBA9AF9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: ebd7b81c-201e-00b0-168d-34b677000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 g2i.min.js Show response
cdn.godiciardstia.com/prod/forum/ 219 KB
48 KB 160ms
40ms Script
application/x-javascript 2606:2800:233:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.godiciardstia.com/prod/forum/g2i.min.js
Requested by: Host: loader-cdn.azureedge.net
URL: https://loader-cdn.azureedge.net/prod/forum/loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/4CEB) /
Resource Hash: 8cd76a979805baeb5eb2686bb5aaeccf8da8eaf8734f9a09da24dc0eecf2a948

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Origin: https://subscribe.duluthnewstribune.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: gzip
content-md5: Y4QilDUJklOOm7DMZKvb+A==
age: 4858
x-cache: HIT
content-length: 48952
x-ms-lease-status: unlocked
last-modified: Mon, 03 Oct 2022 08:56:02 GMT
server: ECAcc (frc/4CEB)
etag: 0x8DAA51D196D8514
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2322480f-c01e-002e-5bbe-34a5a9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: max-age=43200
x-ms-version: 2009-09-19

GET
H2 200 wrap.js Show response
cdn.confiant-integrations.net/gptprebidnative/202212211045/ 216 KB
68 KB 56ms
55ms Script
application/javascript 2606:4700::6812:116b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.confiant-integrations.net/gptprebidnative/202212211045/wrap.js
Requested by: Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/cUnQ-tYNZ95Jh3EezVQMDpKuEDk/gpt_and_prebid/config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 21 Dec 2022 15:47:15 GMT
server: cloudflare
x-amz-request-id: 2MRA9N6NXTHYB266
age: 3450937
etag: W/"fa407ba001f2ac06196124f41d523471"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 791ba971fecd9208-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: cB1ab4DnUkDZGmtvBe9R/PgOxG41ZYhVouRRA0ed8IExf6IWMjyrBWdCCwiYBzg6/apLlUu5Gok=

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 150ms
41ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=659058557951167&ev=PageView&dl=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember&rl=&if=false&ts=1675096957740&sw=1600&sh=1200&v=2.9.92&r=stable&ec=0&o=30&fbp=fb.1.1675096957739.530529930&it=1675096957579&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 30 Jan 2023 16:42:37 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 54ms
49ms XHR
text/plain 2a00:1450:4025:401::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-778232-77&cid=1950005521.1675096958&jid=1060025432&gjid=1785789562&_gid=1812599132.1675096958&_u=YADAAEAAAAAAACAAI~&z=885979587

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:401::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D... Show response
adservice.google.com/ddm/fls/i/ Frame 0029 759 B
773 B 213ms
86ms Document
text/html 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember

Requested by

Host: 8975227.fls.doubleclick.net
URL: https://8975227.fls.doubleclick.net/activityi;dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7de545455ab7b288e80c799da8deb896a21df65b1a760f62ea33e9fe2ca5d8a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://8975227.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 398
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 16:42:37 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 49ms
48ms XHR
text/plain 2a00:1450:4025:401::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-41542537-2&cid=1950005521.1675096958&jid=1113230074&gjid=953706466&_gid=1812599132.1675096958&_u=YCDACEABBAAAACAAI~&z=2108107789

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:401::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame BE3D 42 KB
22 KB 146ms
144ms Document
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc_R8QcAAAAANg5O-hZ4xZUc2xGnhxcC4N5w4T0&co=aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&badge=bottomleft&cb=9d4eu9qrawhk

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

449cf9d2e39c8b619466ac47bb28d3e5ff8287982f97333b5f8b3f18168f73a6

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ZV99_uR7pTX8mHqwzEUNHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22565
content-security-policy: script-src 'report-sample' 'nonce-ZV99_uR7pTX8mHqwzEUNHQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 16:42:37 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
296 B 87ms
87ms Image
image/gif 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-778232-32&cid=1950005521.1675096958&jid=1408343849&_u=YCDAiEABBAAAAGAAI~&z=1311686298

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 216ms
87ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-778232-32&cid=1950005521.1675096958&jid=1408343849&_u=YCDAiEABBAAAAGAAI~&z=1311686298

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 88ms
87ms Image
image/gif 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-778232-77&cid=1950005521.1675096958&jid=1060025432&_u=YADAAEAAAAAAACAAI~&z=199760043

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 177ms
87ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-778232-77&cid=1950005521.1675096958&jid=1060025432&_u=YADAAEAAAAAAACAAI~&z=199760043

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 89ms
88ms Image
image/gif 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-41542537-2&cid=1950005521.1675096958&jid=1113230074&_u=YCDACEABBAAAACAAI~&z=988189439

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:37 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 177ms
89ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-41542537-2&cid=1950005521.1675096958&jid=1113230074&_u=YCDACEABBAAAACAAI~&z=988189439

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame BE3D 55 KB
24 KB 157ms
52ms Stylesheet
text/css 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc_R8QcAAAAANg5O-hZ4xZUc2xGnhxcC4N5w4T0&co=aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&badge=bottomleft&cb=9d4eu9qrawhk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 10:17:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23138
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Jan 2024 10:17:00 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame BE3D 405 KB
161 KB 181ms
77ms Script
text/javascript 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 08:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 165279
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 01:02:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 30 Jan 2024 08:04:39 GMT

GET
H2 200 dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D... Show response
adservice.google.de/ddm/fls/i/ Frame 7C82 194 B
515 B 215ms
89ms Document
text/html 2a00:1450:400d:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CICH_Lje7_wCFbAUewodndgJvw;src=8975227;type=invmedia;cat=dulut0;ord=2621898376012;gtm=2wg1p0;auiddc=1835553190.1675096957;~oref=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 30 Jan 2023 16:42:38 GMT
expires: Mon, 30 Jan 2023 16:42:38 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 self Show response
api-mg2.db-ip.com/v2/p14891b727f063924f0d86d8a8e5063678abd2ac/ 523 B
759 B 349ms
251ms XHR
application/json 104.26.4.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api-mg2.db-ip.com/v2/p14891b727f063924f0d86d8a8e5063678abd2ac/self?_=1675096958049
Requested by: Host: cdn.mircheigeshoa.com
URL: https://cdn.mircheigeshoa.com/prod/forum/fp.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.4.15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d7ab62735eb01300a315406d9e202fa97be57d5da8b4a7f26de43a61e53c372

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:38 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 30 Jan 2023 16:42:38 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2BNWe8WxvWvNK47qD4yAYr8WwffOmk9zPazx84cfsp5qBpVt7uBIOaNN86HGxRK4sfEAjOxxPIun0Sy6x84hPgpdRbwPj9Nu2O5GtrtxTEOR50aW9eQCzAhMVWAdzyERrFBG"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=1800
cf-ray: 791ba9748fab5c50-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 41ms
40ms Image
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=659058557951167&ev=Microdata&dl=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember&rl=&if=false&ts=1675096958243&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Duluth%20News%20Tribune%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember%22%2C%22og%3Atitle%22%3A%22Subscribe%20to%20The%20the%20Duluth%20News%20Tribune!%22%2C%22og%3Adescription%22%3A%22Click%20here%20for%20the%20latest%20offers!%22%2C%22og%3Asite_name%22%3A%22the%20Duluth%20News%20Tribune%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.92&r=stable&ec=1&o=30&fbp=fb.1.1675096957739.530529930&it=1675096957579&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 30 Jan 2023 16:42:38 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame BE3D 2 KB
2 KB 52ms
51ms Image
image/png 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Tue, 24 Jan 2023 15:21:21 GMT
x-content-type-options: nosniff
age: 523277
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 31 Jan 2023 15:21:21 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BE3D 15 KB
15 KB 53ms
52ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 13:18:51 GMT
x-content-type-options: nosniff
age: 12227
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 30 Jan 2024 13:18:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame BE3D 15 KB
15 KB 68ms
67ms Font
font/woff2 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 03:11:30 GMT
x-content-type-options: nosniff
age: 307868
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 27 Jan 2024 03:11:30 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame BE3D 102 B
134 B 74ms
73ms Other
text/javascript 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

cec2fe6ccfa38f972e79f25c46c812727d1048f7d364d3d5639cb2e9528acf5f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc_R8QcAAAAANg5O-hZ4xZUc2xGnhxcC4N5w4T0&co=aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&badge=bottomleft&cb=9d4eu9qrawhk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Mon, 30 Jan 2023 16:42:38 GMT

POST
H2 200 / Show response
subscribe.duluthnewstribune.com/other/mg2Tracking/ 102 B
640 B 261ms
261ms XHR
application/json 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/other/mg2Tracking/
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 24cba4ab0dc8c572938b857d53b865a27f41eb122b4d635c79f34ccbfe3c7d92

Request headers

Accept: */*
X-TrackingCode: {"utm_medium":"promo_send","utm_source":"email","utm_campaign":"2_dollars_for_6_months_jan_23","utm_content":"6_months_2_dollar_offer_promo_1_am_01302023","utm_term":"duluthnewstribune_promo_nonmember"}
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-version: 3.16.0
date: Mon, 30 Jan 2023 16:42:38 GMT
content-encoding: gzip
x-sp-host-name: AWSPRDWEB10
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-iinfo: 7-18064657-18064827 PNYN RT(1675096955274 2450) q(0 0 0 -1) r(2 2) U5
x-host-name: AWSPRDWEB10

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 155 KB
52 KB 84ms
84ms Script
application/javascript 2a00:1450:400d:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P7XVL79&l=MG2DL

Requested by

Host: cdn.godiciardstia.com
URL: https://cdn.godiciardstia.com/prod/forum/g2i.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80e::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

25f6538e93139ff03a83444ae05a7c0eac160b7dbcd05154ad6cbebfb21082ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53374
x-xss-protection: 0
last-modified: Mon, 30 Jan 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 30 Jan 2023 16:42:38 GMT

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame BE3D 32 KB
18 KB 111ms
111ms XHR
application/json 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6Lc_R8QcAAAAANg5O-hZ4xZUc2xGnhxcC4N5w4T0

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

da1e72f2e19d27f65981b617d12b8d987d44d2ba50590bb35eb2353f30531ce0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc_R8QcAAAAANg5O-hZ4xZUc2xGnhxcC4N5w4T0&co=aHR0cHM6Ly9zdWJzY3JpYmUuZHVsdXRobmV3c3RyaWJ1bmUuY29tOjQ0Mw..&hl=de&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&badge=bottomleft&cb=9d4eu9qrawhk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Mon, 30 Jan 2023 16:42:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18722
x-xss-protection: 1; mode=block
expires: Mon, 30 Jan 2023 16:42:38 GMT

GET
H2 200 getBrainTreeClientToken Show response
subscribe.duluthnewstribune.com/payment/ 3 KB
2 KB 791ms
790ms XHR
application/json 107.154.76.234
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://subscribe.duluthnewstribune.com/payment/getBrainTreeClientToken?captchaHash=03AFY_a8UzanW18feY-hnMz2bISyAmK8vNogIDX6IjUG0Uoel7kG-kwn2lFLjygUQ8Q5aQqwX25sE7R6kRu4uL3Cq0G4O7b_KE6XLc0XpxtNF7MHO4m4bvNBMDmSvgV2fMpTXolhHDf-WpaO3t9L_INwBHQP00v8_3LL8LReLMilO1fn96yyIdwZWHw46k4UxV5ntqylzcLcQ8ZjkZaamALKaX7ZVKkuY4wLW24YD8HcsnTATXi93kYrmV8HKBWlH24D0ctqfCF74h_z_tSwSDvi4zZ2R9wuizIhMIJ9rspnQJO12d-UVTuFEJiTyf-jE04lEBCI7CTjUdF-d1uSxBuXeM9SRCXrvvnO5NB6avQgBE9dmU6X-GmMnSHVDkdQlxUovQkZHN4jG4whnWAfdktvbFrXk5oB1CXZxqwbDYASJRFQwyq22bPbNkoGIVeeHJSbsRMl1h-AhnXRKRQ5rWGp49SNy3G0wFG4jqxGoorsqeeZZ7GNhECeTCLk2UFZZV2NFKSWhaTRRGqL9cVFhH2XVi4gz8yznjuSGljbC7wyxkDCa03vGZcSOJAdVKAJ24tWkjJicYBqGN
Requested by: Host: subscribe.duluthnewstribune.com
URL: https://subscribe.duluthnewstribune.com/build/build.js?dateStamp=1665593879000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.154.76.234 District Heights, United States, ASN19551 (INCAPSULA, US),
Reverse DNS: 107.154.76.234.ip.incapdns.net
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 97f02b348ae12199c3a728fd38ae191a4f60285d880a29f952395ba4738405e2

Request headers

Accept: */*
X-TrackingCode: {"utm_medium":"promo_send","utm_source":"email","utm_campaign":"2_dollars_for_6_months_jan_23","utm_content":"6_months_2_dollar_offer_promo_1_am_01302023","utm_term":"duluthnewstribune_promo_nonmember"}
Referer: https://subscribe.duluthnewstribune.com/?ofrgp_id=862%2C863&?utm_market=duluthnewstribune&utm_source=email&utm_medium=promo_send&utm_campaign=2_dollars_for_6_months_jan_23&utm_content=6_months_2_dollar_offer_promo_1_am_01302023&utm_term=duluthnewstribune_promo_nonmember
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

x-version: 3.16.0
date: Mon, 30 Jan 2023 16:42:39 GMT
content-encoding: gzip
x-sp-host-name: AWSPRDWEB10
server: Microsoft-IIS/10.0
x-cdn: Imperva
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/json; charset=utf-8
x-iinfo: 7-18064657-18064737 PNNy RT(1675096955274 2668) q(0 0 0 -1) r(7 7) U5
x-host-name: AWSPRDWEB10

POST
H2 200 graphql Show response
payments.braintree-api.com/ 2 KB
2 KB 77ms
76ms XHR
application/json 13.248.139.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/client.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.248.139.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

81c91cf23193cb56d0ca8ba09d5aa39994586e99bd9e75d1df7271dfdeddbce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIsImtpZCI6IjIwMTgwNDI2MTYtcHJvZHVjdGlvbiIsImlzcyI6Imh0dHBzOi8vYXBpLmJyYWludHJlZWdhdGV3YXkuY29tIn0.eyJleHAiOjE2NzUxODMzNTksImp0aSI6ImE0MzZkMzFmLWU5YzktNDlmMy05MTYzLTU0OTg0ZGRiOWIyMyIsInN1YiI6Ijgza3doenNoeGpxNW50ZHoiLCJpc3MiOiJodHRwczovL2FwaS5icmFpbnRyZWVnYXRld2F5LmNvbSIsIm1lcmNoYW50Ijp7InB1YmxpY19pZCI6Ijgza3doenNoeGpxNW50ZHoiLCJ2ZXJpZnlfY2FyZF9ieV9kZWZhdWx0IjpmYWxzZX0sInJpZ2h0cyI6WyJtYW5hZ2VfdmF1bHQiXSwic2NvcGUiOlsiQnJhaW50cmVlOlZhdWx0Il0sIm9wdGlvbnMiOnsiY3VzdG9tZXJfaWQiOiI1OTk5ZWVhMy1jYTYzLTRiZjYtYWIyMS1hZGE4ZmVmYjdjZjYifX0.xYwUvzvOgWOwt_bKYPI6T6dLwQ5F4HZ3E1CFC26_sFcaWqSfU7cN5_jEAjpiOe70Vqs67ERjBmpAHT8KyarE6g?customer_id=
Braintree-Version: 2018-05-10
Content-Type: application/json

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
server: nginx
vary: Braintree-Version, Accept-Encoding
braintree-version: 2016-10-07
content-type: application/json
access-control-allow-origin: https://subscribe.duluthnewstribune.com
paypal-debug-id: af0e17b2159f4
cache-control: no-cache, no-store
x-frame-options: DENY
content-length: 1255

OPTIONS
H2 200 graphql
payments.braintree-api.com/ Frame 0
0 259ms
45ms Preflight 13.248.139.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://payments.braintree-api.com/graphql

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.248.139.42 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ae1d37305401c759d.awsglobalaccelerator.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,braintree-version,content-type
Access-Control-Request-Method: POST
Origin: https://subscribe.duluthnewstribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-headers: authorization,braintree-version,content-type
access-control-allow-methods: GET,DELETE,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://subscribe.duluthnewstribune.com
access-control-max-age: 1800
date: Mon, 30 Jan 2023 16:42:39 GMT
paypal-debug-id: 51d40fcb73854
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: DENY

POST
H/1.1 200
OK 83kwhzshxjq5ntdz Show response
client-analytics.braintreegateway.com/ 0
296 B 44ms
43ms XHR
text/plain 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/client.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H/1.1 200
OK 83kwhzshxjq5ntdz Show response
client-analytics.braintreegateway.com/ 0
296 B 44ms
43ms XHR
text/plain 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/client.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

POST
H/1.1 200
OK 83kwhzshxjq5ntdz Show response
client-analytics.braintreegateway.com/ 0
296 B 43ms
42ms XHR
text/plain 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/client.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 dispatch-frame.min.html Show response
checkout.paypal.com/web/3.85.2/html/ Frame 9A9A 10 KB
4 KB 186ms
40ms Document
text/html 13.225.78.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.paypal.com/web/3.85.2/html/dispatch-frame.min.html

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/paypal-checkout.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.78.20 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-78-20.fra2.r.cloudfront.net

Software

nginx /

Resource Hash

337b763e64d123c71154131bc82585189c0796a15e6cbe04567f5424ba16e4e0

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 69625
cache-control: max-age=86400
content-encoding: gzip
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type: text/html
date: Sun, 29 Jan 2023 21:22:31 GMT
etag: W/"63cb0e2c-261a"
expires: Mon, 30 Jan 2023 21:22:15 GMT
last-modified: Fri, 20 Jan 2023 21:57:00 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront)
x-amz-cf-id: YCunTL7htvsrZWZ-nnn2vXA0HSciudo_qUfbAyv3jLw4qhuDbfzwcA==
x-amz-cf-pop: FRA2-C2
x-cache: Hit from cloudfront

POST
H/1.1 200
OK 83kwhzshxjq5ntdz Show response
client-analytics.braintreegateway.com/ 0
296 B 44ms
43ms XHR
text/plain 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Requested by: Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/client.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

GET
H2 200 hosted-fields-frame.min.html Show response
assets.braintreegateway.com/web/3.85.2/html/ Frame 95BE 126 KB
34 KB 184ms
48ms Document
text/html 13.32.110.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.braintreegateway.com/web/3.85.2/html/hosted-fields-frame.min.html

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/hosted-fields.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-94.vie50.r.cloudfront.net

Software

nginx /

Resource Hash

e6f5ff12991f04401e2b7f7a234cd5eddfe2dfcf95ce3a408c496956ccd311b3

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 32155
cache-control: max-age=86400
content-encoding: gzip
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type: text/html
date: Mon, 30 Jan 2023 07:46:45 GMT
etag: W/"63cb0e2b-1f824"
expires: Tue, 31 Jan 2023 07:46:45 GMT
last-modified: Fri, 20 Jan 2023 21:56:59 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-id: Rf1UEj_OXKVHfcx7ugGcyVESgO7vrveby_xwgtF_o79SD_cQhMKOVA==
x-amz-cf-pop: VIE50-C2
x-cache: Hit from cloudfront

GET
H2 200 hosted-fields-frame.min.html Show response
assets.braintreegateway.com/web/3.85.2/html/ Frame 56CC 126 KB
34 KB 183ms
47ms Document
text/html 13.32.110.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.braintreegateway.com/web/3.85.2/html/hosted-fields-frame.min.html

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/hosted-fields.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-94.vie50.r.cloudfront.net

Software

nginx /

Resource Hash

e6f5ff12991f04401e2b7f7a234cd5eddfe2dfcf95ce3a408c496956ccd311b3

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 32155
cache-control: max-age=86400
content-encoding: gzip
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type: text/html
date: Mon, 30 Jan 2023 07:46:45 GMT
etag: W/"63cb0e2b-1f824"
expires: Tue, 31 Jan 2023 07:46:45 GMT
last-modified: Fri, 20 Jan 2023 21:56:59 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-id: X3PJ95GfcB17NMsy3qAU9D-mgKggzaZ4BdFkgntaSIMsJF4jILCM1w==
x-amz-cf-pop: VIE50-C2
x-cache: Hit from cloudfront

GET
H2 200 hosted-fields-frame.min.html Show response
assets.braintreegateway.com/web/3.85.2/html/ Frame 04EA 126 KB
34 KB 185ms
49ms Document
text/html 13.32.110.94
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.braintreegateway.com/web/3.85.2/html/hosted-fields-frame.min.html

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/hosted-fields.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.110.94 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-110-94.vie50.r.cloudfront.net

Software

nginx /

Resource Hash

e6f5ff12991f04401e2b7f7a234cd5eddfe2dfcf95ce3a408c496956ccd311b3

Security Headers

Name	Value
Content-Security-Policy	style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' .braintreegateway.com .braintree-api.com;

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 32155
cache-control: max-age=86400
content-encoding: gzip
content-security-policy: style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.braintreegateway.com *.braintree-api.com;
content-type: text/html
date: Mon, 30 Jan 2023 07:46:45 GMT
etag: W/"63cb0e2b-1f824"
expires: Tue, 31 Jan 2023 07:46:45 GMT
last-modified: Fri, 20 Jan 2023 21:56:59 GMT
server: nginx
vary: Accept-Encoding
via: 1.1 8cfc2a35d3218c50ced5f2d05f5dcbd0.cloudfront.net (CloudFront)
x-amz-cf-id: -iP1ZIxqqYBwRZihpCAElMOVMGlVAt4rrtnMMOx-ija2BZvPMrTe2g==
x-amz-cf-pop: VIE50-C2
x-cache: Hit from cloudfront

GET
H2 200 js Show response
www.paypal.com/sdk/ 314 KB
93 KB 213ms
40ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?components=buttons&currency=USD&vault=true&intent=tokenize&client-id=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG

Requested by

Host: js.braintreegateway.com
URL: https://js.braintreegateway.com/web/3.85.2/js/paypal-checkout.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CD4) /

Resource Hash

f8ba90dee6579a98a846ba86bdd8467fb6837d31574335256a958e94e8961723

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 30 Jan 2023 16:42:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 56
x-cache: HIT
p3p: true
paypal-debug-id: 071803b717297
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 94479
x-xss-protection: 1; mode=block
last-modified: Mon, 30 Jan 2023 16:41:44 GMT
server: ECAcc (frc/4CD4)
traceparent: 00-0000000000000000000071803b717297-70fd9fa2dcb750ac-01
etag: W/"1710f-lKqgcRt3OobwSNWFWy9TYqfTmrU"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
accept-ranges: bytes
timing-allow-origin: *

OPTIONS
H/1.1 200
OK 83kwhzshxjq5ntdz
client-analytics.braintreegateway.com/ Frame 0
0 258ms
40ms Preflight 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://subscribe.duluthnewstribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx

OPTIONS
H/1.1 200
OK 83kwhzshxjq5ntdz
client-analytics.braintreegateway.com/ Frame 0
0 259ms
41ms Preflight 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://subscribe.duluthnewstribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx

OPTIONS
H/1.1 200
OK 83kwhzshxjq5ntdz
client-analytics.braintreegateway.com/ Frame 0
0 235ms
41ms Preflight 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://subscribe.duluthnewstribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx

OPTIONS
H/1.1 200
OK 83kwhzshxjq5ntdz
client-analytics.braintreegateway.com/ Frame 0
0 233ms
41ms Preflight 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://subscribe.duluthnewstribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://subscribe.duluthnewstribune.com
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx

GET
H2 200 pptm.js Show response
www.paypal.com/tagmanager/ 12 KB
6 KB 325ms
325ms Script
application/x-javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/tagmanager/pptm.js?id=subscribe.duluthnewstribune.com&t=xo&v=5.0.350&source=payments_sdk&client_id=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&comp=buttons&vault=true

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/sdk/js?components=buttons&currency=USD&vault=true&intent=tokenize&client-id=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CB9) /

Resource Hash

25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; script-src 'nonce-uJD4FuyH+qThLkZhds2m+A/BokA1teJyR8MooPnYnrCNlRyL' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://.paypalobjects.com https://.paypal.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://nexus.ensighten.com https://.google-analytics.com 'unsafe-inline' https://.qualtrics.com; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-uJD4FuyH+qThLkZhds2m+A/BokA1teJyR8MooPnYnrCNlRyL' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 30 Jan 2023 16:42:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 0080b1a171a88
server-timing: traceparent;desc="00-00000000000000000000080b1a171a88-0b411c49a28be39c-01", content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
x-xss-protection: 1; mode=block
server: ECAcc (frc/4CB9)
traceparent: 00-00000000000000000000080b1a171a88-dd98c024bf71dff1-01
etag: W/"2f34-zQQ0FVqIlbkbuS4WgpPW/nUPXC4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600
timing-allow-origin: *

GET
H2 200 buttons Show response
www.paypal.com/smart/ Frame 2E61 380 KB
97 KB 762ms
761ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/smart/buttons?fundingSource=paypal&style.label=paypal&style.layout=horizontal&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.350&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jb21wb25lbnRzPWJ1dHRvbnMmY3VycmVuY3k9VVNEJnZhdWx0PXRydWUmaW50ZW50PXRva2VuaXplJmNsaWVudC1pZD1BYlpsZlN1YUF3c0VfNG9JR0J2Tlk2YTRLWUZJS3otQXh3d2V1NlVVbGJOdWNtTFhycmFCYzBaZzZxamoybU1CR3F0WHpMcmMtY2l0MHpDRyIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX21hc3V1Z2RwaGJld3pmd2lzZ3hoZmh2Ym13cmpoaiJ9fQ&clientID=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&sdkCorrelationID=074a9a938a3b2&storageID=uid_fb58088579_mty6ndi6nda&sessionID=uid_cf7894a49c_mty6ndi6nda&buttonSessionID=uid_3918bbdfff_mty6ndi6nda&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=billing_setup&currency=USD&intent=tokenize&commit=true&vault=true&renderedButtons.0=paypal&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CB4) /

Resource Hash

891402d1263d75ee95f95f5059e69f744693a384c3afee3e51b6554fd1ebd316

Security Headers

Name	Value
Content-Security-Policy	form-action 'self' https://.paypal.com https://.cardinalcommerce.com; default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com: https://.paypalobjects.com https://.googleapis.com https://.firebaseio.com wss://.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://.qualtrics.com; frame-src 'self' https://.paypal.com:* https://.paypalobjects.com https://.cardinalcommerce.com https://.firebaseapp.com https://.qualtrics.com; script-src 'self' https://.paypal.com: https://.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://.paypal.com:* https://.paypalobjects.com 'unsafe-inline'; font-src 'self' https://.paypal.com https://.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://subscribe.duluthnewstribune.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-expose-headers: Server-Timing
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-disposition: inline
content-encoding: gzip
content-security-policy: form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html; charset=utf-8
date: Mon, 30 Jan 2023 16:42:40 GMT
dc: ccg11-origin-www-1.paypal.com
etag: W/"5ee8a-xFLe7cY7FWXv5f6FyXQ/9whXCOY"
p3p: true
paypal-debug-id: 0812a7b005474
server: ECAcc (frc/4CB4)
server-timing: traceparent;desc="00-00000000000000000000812a7b005474-a798f7a5ec9b03f0-01" content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-00000000000000000000812a7b005474-babfa4d3e4f34637-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-csrf-jwt: __blank__
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame F4A6 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ 1016 B
2 KB 248ms
248ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CEF) /

Resource Hash

d8708d19b30c749020ea49667f62ee37d7b42e14b3e478f25b0af2a339380a1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://subscribe.duluthnewstribune.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: application/json

Response headers

date: Mon, 30 Jan 2023 16:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 0b16aa418b617
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 608
server: ECAcc (frc/4CEF)
traceparent: 00-00000000000000000000b16aa418b617-e4c4a5cfe193f8ef-01
etag: W/"3f8-ovcoUT1AndAL+EV2LMazJ3j/n/I"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *

OPTIONS
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 0
0 331ms
214ms Preflight 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CEF) /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://subscribe.duluthnewstribune.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://subscribe.duluthnewstribune.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
date: Mon, 30 Jan 2023 16:42:40 GMT
dc: ccg11-origin-www-1.paypal.com
paypal-debug-id: 088a2419a8305
server: ECAcc (frc/4CEF)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000088a2419a8305-a3de452052686659-01
x-content-type-options: nosniff

POST
H/1.1 200
OK 83kwhzshxjq5ntdz Show response
client-analytics.braintreegateway.com/ Frame 95BE 0
292 B 42ms
42ms XHR
text/plain 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Requested by: Host: assets.braintreegateway.com
URL: https://assets.braintreegateway.com/web/3.85.2/html/hosted-fields-frame.min.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://assets.braintreegateway.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://assets.braintreegateway.com
Connection: keep-alive
Access-Control-Allow-Headers
Content-Length: 0

OPTIONS
H/1.1 200
OK 83kwhzshxjq5ntdz
client-analytics.braintreegateway.com/ Frame 0
0 40ms
40ms Preflight 52.28.223.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://client-analytics.braintreegateway.com/83kwhzshxjq5ntdz
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.28.223.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-223-216.eu-central-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://assets.braintreegateway.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: https://assets.braintreegateway.com
Access-Control-Max-Age: 3000
Connection: keep-alive
Content-Length: 0
Date: Mon, 30 Jan 2023 16:42:40 GMT
Server: nginx

GET
H2 200 ts
t.paypal.com/ 42 B
603 B 237ms
184ms Image
image/gif 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.paypal.com/ts?pgrp=muse%3Ageneric%3Aanalytics%3A%3Amerchant&page=muse%3Ageneric%3Aanalytics%3A%3Amerchant%3A%3A%3A&tsrce=tagmanagernodeweb&comp=tagmanagernodeweb&sub_component=analytics&s=ci&fltp=analytics-generic&pt=Duluth%20News%20Tribune&dh=1200&dw=1600&bh=1200&bw=1600&cd=24&sh=1200&sw=1600&v=NA&pl=pdf&rosetta_language=en-US%2Cen&e=im&t=1675096960547&g=0&completeurl=https%3A%2F%2Fsubscribe.duluthnewstribune.com%2F%3Fofrgp_id%3D862%252C863%26%3Futm_market%3Dduluthnewstribune%26utm_source%3Demail%26utm_medium%3Dpromo_send%26utm_campaign%3D2_dollars_for_6_months_jan_23%26utm_content%3D6_months_2_dollar_offer_promo_1_am_01302023%26utm_term%3Dduluthnewstribune_promo_nonmember&sinfo=%7B%22partners%22%3A%7B%22ecwid%22%3A%7B%7D%2C%22bigCommerce%22%3A%7B%7D%2C%22shopify%22%3A%7B%7D%2C%22wix%22%3A%7B%7D%2C%22bigCartel%22%3A%7B%7D%7D%7D

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4D03) /

Resource Hash

6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 30 Jan 2023 16:42:40 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: ECAcc (frc/4D03)
traceparent: 00-000000000000000000078c3ac0f45730-c5586a620aaf6285-01
content-type: image/gif
paypal-debug-id: 78c3ac0f45730
p3p: policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
content-length: 42
expires: Mon, 30 Jan 2023 16:42:40 GMT

GET
H2 200 js Show response
www.paypal.com/sdk/ Frame 2E61 314 KB
93 KB 41ms
41ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/sdk/js?components=buttons&currency=USD&vault=true&intent=tokenize&client-id=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG

Requested by

Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?fundingSource=paypal&style.label=paypal&style.layout=horizontal&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.350&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jb21wb25lbnRzPWJ1dHRvbnMmY3VycmVuY3k9VVNEJnZhdWx0PXRydWUmaW50ZW50PXRva2VuaXplJmNsaWVudC1pZD1BYlpsZlN1YUF3c0VfNG9JR0J2Tlk2YTRLWUZJS3otQXh3d2V1NlVVbGJOdWNtTFhycmFCYzBaZzZxamoybU1CR3F0WHpMcmMtY2l0MHpDRyIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX21hc3V1Z2RwaGJld3pmd2lzZ3hoZmh2Ym13cmpoaiJ9fQ&clientID=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&sdkCorrelationID=074a9a938a3b2&storageID=uid_fb58088579_mty6ndi6nda&sessionID=uid_cf7894a49c_mty6ndi6nda&buttonSessionID=uid_3918bbdfff_mty6ndi6nda&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=billing_setup&currency=USD&intent=tokenize&commit=true&vault=true&renderedButtons.0=paypal&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CD4) /

Resource Hash

f8ba90dee6579a98a846ba86bdd8467fb6837d31574335256a958e94e8961723

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://.paypal.com https://.paypalobjects.com; connect-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; frame-src 'self' https://.paypal.com https://.paypalobjects.com https://.qualtrics.com; script-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; style-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://.paypal.com https://.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://.paypal.com; base-uri 'self' https://.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/smart/buttons?fundingSource=paypal&style.label=paypal&style.layout=horizontal&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.350&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jb21wb25lbnRzPWJ1dHRvbnMmY3VycmVuY3k9VVNEJnZhdWx0PXRydWUmaW50ZW50PXRva2VuaXplJmNsaWVudC1pZD1BYlpsZlN1YUF3c0VfNG9JR0J2Tlk2YTRLWUZJS3otQXh3d2V1NlVVbGJOdWNtTFhycmFCYzBaZzZxamoybU1CR3F0WHpMcmMtY2l0MHpDRyIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX21hc3V1Z2RwaGJld3pmd2lzZ3hoZmh2Ym13cmpoaiJ9fQ&clientID=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&sdkCorrelationID=074a9a938a3b2&storageID=uid_fb58088579_mty6ndi6nda&sessionID=uid_cf7894a49c_mty6ndi6nda&buttonSessionID=uid_3918bbdfff_mty6ndi6nda&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=billing_setup&currency=USD&intent=tokenize&commit=true&vault=true&renderedButtons.0=paypal&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

content-security-policy: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-WcSr176LKPkbXl/EptUNtoL4Zuq4zXqU934Qlv/P5qj5gWPI' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 30 Jan 2023 16:42:41 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 57
x-cache: HIT
p3p: true
paypal-debug-id: 071803b717297
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 94479
x-xss-protection: 1; mode=block
last-modified: Mon, 30 Jan 2023 16:41:44 GMT
server: ECAcc (frc/4CD4)
traceparent: 00-0000000000000000000071803b717297-70fd9fa2dcb750ac-01
etag: W/"1710f-lKqgcRt3OobwSNWFWy9TYqfTmrU"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Server-Timing
cache-control: public, max-age=3600, s-maxage=10800
accept-ranges: bytes
timing-allow-origin: *

GET
DATA 200
OK truncated
/ Frame 2E61 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 2E61 58 KB
20 KB 81ms
40ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBA) /

Resource Hash

def7e4d139a8615c2721b3a2f0aee56e08052118029fa0bc8101fc0daea957d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 936894
x-cache: HIT
paypal-debug-id: 889c997ccf330
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 20336
last-modified: Tue, 20 Dec 2022 17:16:51 GMT
server: ECAcc (frc/4CBA)
traceparent: 00-0000000000000000000889c997ccf330-c1df794a2284d28b-01
etag: "63a1ee03-e9eb"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 Jan 2023 16:42:41 GMT

POST
H2 200 logger
www.paypal.com/xoplatform/logger/api/ Frame 2E61 1 KB
2 KB 242ms
241ms Ping
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBA) /

Resource Hash

66ab049b1d9f880afaf047716c273c9914d1a760e5b72f0aacb6c8f980e6ecc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.paypal.com/smart/buttons?fundingSource=paypal&style.label=paypal&style.layout=horizontal&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.350&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jb21wb25lbnRzPWJ1dHRvbnMmY3VycmVuY3k9VVNEJnZhdWx0PXRydWUmaW50ZW50PXRva2VuaXplJmNsaWVudC1pZD1BYlpsZlN1YUF3c0VfNG9JR0J2Tlk2YTRLWUZJS3otQXh3d2V1NlVVbGJOdWNtTFhycmFCYzBaZzZxamoybU1CR3F0WHpMcmMtY2l0MHpDRyIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX21hc3V1Z2RwaGJld3pmd2lzZ3hoZmh2Ym13cmpoaiJ9fQ&clientID=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&sdkCorrelationID=074a9a938a3b2&storageID=uid_fb58088579_mty6ndi6nda&sessionID=uid_cf7894a49c_mty6ndi6nda&buttonSessionID=uid_3918bbdfff_mty6ndi6nda&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=billing_setup&currency=USD&intent=tokenize&commit=true&vault=true&renderedButtons.0=paypal&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 30 Jan 2023 16:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 043a2052b33a0
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 618
server: ECAcc (frc/4CBA)
traceparent: 00-0000000000000000000043a2052b33a0-a8d2f60322903545-01
etag: W/"400-9ztBv4dwAfUJfvg2eyn8aJHE3Wg"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *

GET
H2 200 i Show response
c.paypal.com/v1/r/d/ Frame 3F88 160 B
1 KB 204ms
204ms Document
text/html 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBA) /

Resource Hash

9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.paypal.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA, Sec-CH-UA-Full
cache-control: max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 141
content-security-policy-report-only: default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp
content-type: text/html;charset=UTF-8
correlation-id: de5f27586c1a0
date: Mon, 30 Jan 2023 16:42:41 GMT
origin-trial: A+THamRrv1ypMR6JeaJx7Wmo8rytLELMAeCL0XGhTihfUtp+dVqcCNYiWxOzySlH2Xk7lzRrFY3mxv6viKT1qggAAACKeyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlLCJpc1RoaXJkUGFydHkiOnRydWV9
paypal-debug-id: de5f27586c1a0
server: ECAcc (frc/4CBA)
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
strict-transport-security: max-age=63072000; includeSubDomains; preload
timing-allow-origin: *
traceparent: 00-0000000000000000000de5f27586c1a0-d688a497ea4fce1d-01
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

counter2.cgi
dub.stats.paypal.com/v2/ Frame 6282
Redirect Chain

https://b.stats.paypal.com/v2/counter.cgi?p=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS
https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS

42 B
299 B

220ms
68ms

Image
image/jpeg

64.4.245.84

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS
Requested by: Host: www.paypal.com
URL: https://www.paypal.com/smart/buttons?fundingSource=paypal&style.label=paypal&style.layout=horizontal&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.350&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jb21wb25lbnRzPWJ1dHRvbnMmY3VycmVuY3k9VVNEJnZhdWx0PXRydWUmaW50ZW50PXRva2VuaXplJmNsaWVudC1pZD1BYlpsZlN1YUF3c0VfNG9JR0J2Tlk2YTRLWUZJS3otQXh3d2V1NlVVbGJOdWNtTFhycmFCYzBaZzZxamoybU1CR3F0WHpMcmMtY2l0MHpDRyIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX21hc3V1Z2RwaGJld3pmd2lzZ3hoZmh2Ym13cmpoaiJ9fQ&clientID=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&sdkCorrelationID=074a9a938a3b2&storageID=uid_fb58088579_mty6ndi6nda&sessionID=uid_cf7894a49c_mty6ndi6nda&buttonSessionID=uid_3918bbdfff_mty6ndi6nda&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=billing_setup&currency=USD&intent=tokenize&commit=true&vault=true&renderedButtons.0=paypal&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
Protocol: HTTP/1.1
Server: 64.4.245.84 -, , ASN (),
Reverse DNS
Software: PayPal-B.Stats/1.0 /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date: Mon, 30 Jan 2023 16:42:42 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 42
Content-Type: image/jpeg

Redirect headers

Location: https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS
Date: Mon, 30 Jan 2023 16:42:42 GMT
Server: PayPal-B.Stats/1.0
Connection: close
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 fb.js Show response
c.paypal.com/da/r/ Frame 3F88 58 KB
20 KB 40ms
40ms Script
application/javascript 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/da/r/fb.js

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CF6) /

Resource Hash

def7e4d139a8615c2721b3a2f0aee56e08052118029fa0bc8101fc0daea957d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
age: 936895
x-cache: HIT
paypal-debug-id: 889c997ccf330
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 20336
last-modified: Tue, 20 Dec 2022 17:16:51 GMT
server: ECAcc (frc/4CF6)
traceparent: 00-0000000000000000000889c997ccf330-c1df794a2284d28b-01
etag: "63a1ee03-e9eb"
access-control-max-age: 86400
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: false
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 Jan 2023 16:42:42 GMT

POST
H2 200 p1 Show response
c.paypal.com/v1/r/d/b/ Frame 3F88 125 B
879 B 216ms
215ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/p1

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C86) /

Resource Hash

9e31dd573f800f232bec2fe889ad192272bfd8e6b4a281d7273cbd6f40788741

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 30 Jan 2023 16:42:41 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 204259a77f34b
server: ECAcc (frc/4C86)
traceparent: 00-0000000000000000000204259a77f34b-f97876fcdc9ae278-01
p3p: policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"
paypal-debug-id: 204259a77f34b
content-type: application/json
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
content-length: 125

POST
H2 204 e Show response
c.paypal.com/v1/r/d/b/ Frame 3F88 0
96 B 197ms
197ms XHR
text/plain 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://c.paypal.com/v1/r/d/b/e

Requested by

Host: c.paypal.com
URL: https://c.paypal.com/da/r/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C8D) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 30 Jan 2023 16:42:41 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
correlation-id: 89a301e493b0
server: ECAcc (frc/4C8D)
traceparent: 00-0000000000000000000089a301e493b0-8f02d9452fb7f890-01
paypal-debug-id: 89a301e493b0
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *

GET
H2 200 p3
c6.paypal.com/v1/r/d/b/ Frame 3F88 0
119 B 321ms
264ms Image
text/plain 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c6.paypal.com/v1/r/d/b/p3?f=uid_cf7894a49c_mty6ndi6nda&s=SMART_PAYMENT_BUTTONS

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBA) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://c.paypal.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 16:42:41 GMT
content-encoding: gzip
correlation-id: 88d9d034c2955
strict-transport-security: max-age=63072000; includeSubDomains; preload
server: ECAcc (frc/4CBA)
traceparent: 00-000000000000000000088d9d034c2955-4d74a9e401bcc794-01
vary: Accept-Encoding
paypal-debug-id: 88d9d034c2955
cache-control: max-age=0, no-cache, no-store, must-revalidate
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
timing-allow-origin: *
content-length: 20

POST
H2 200 logger Show response
www.paypal.com/xoplatform/logger/api/ Frame 2E61 1016 B
1 KB 221ms
220ms XHR
application/json 192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.paypal.com/xoplatform/logger/api/logger

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBA) /

Resource Hash

fc4cfcd7fa03348c74bcf7ce6522f2d48cf522c241601b1cf4744baa88acf928

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept: application/json
Referer: https://www.paypal.com/smart/buttons?fundingSource=paypal&style.label=paypal&style.layout=horizontal&style.color=gold&style.shape=pill&style.tagline=false&style.menuPlacement=below&sdkVersion=5.0.350&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jb21wb25lbnRzPWJ1dHRvbnMmY3VycmVuY3k9VVNEJnZhdWx0PXRydWUmaW50ZW50PXRva2VuaXplJmNsaWVudC1pZD1BYlpsZlN1YUF3c0VfNG9JR0J2Tlk2YTRLWUZJS3otQXh3d2V1NlVVbGJOdWNtTFhycmFCYzBaZzZxamoybU1CR3F0WHpMcmMtY2l0MHpDRyIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX21hc3V1Z2RwaGJld3pmd2lzZ3hoZmh2Ym13cmpoaiJ9fQ&clientID=AbZlfSuaAwsE_4oIGBvNY6a4KYFIKz-Axwweu6UUlbNucmLXrraBc0Zg6qjj2mMBGqtXzLrc-cit0zCG&sdkCorrelationID=074a9a938a3b2&storageID=uid_fb58088579_mty6ndi6nda&sessionID=uid_cf7894a49c_mty6ndi6nda&buttonSessionID=uid_3918bbdfff_mty6ndi6nda&env=production&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sInBheWxhdGVyIjp7ImVsaWdpYmxlIjpmYWxzZSwicHJvZHVjdHMiOnsicGF5SW4zIjp7ImVsaWdpYmxlIjpmYWxzZSwidmFyaWFudCI6bnVsbH0sInBheUluNCI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9fX0sImNhcmQiOnsiZWxpZ2libGUiOnRydWUsImJyYW5kZWQiOnRydWUsImluc3RhbGxtZW50cyI6ZmFsc2UsInZlbmRvcnMiOnsidmlzYSI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwibWFzdGVyY2FyZCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiYW1leCI6eyJlbGlnaWJsZSI6dHJ1ZSwidmF1bHRhYmxlIjp0cnVlfSwiZGlzY292ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJoaXBlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhdWx0YWJsZSI6ZmFsc2V9LCJlbG8iOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9LCJqY2IiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOnRydWV9fSwiZ3Vlc3RFbmFibGVkIjpmYWxzZX0sInZlbm1vIjp7ImVsaWdpYmxlIjpmYWxzZX0sIml0YXUiOnsiZWxpZ2libGUiOmZhbHNlfSwiY3JlZGl0Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImFwcGxlcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sInNlcGEiOnsiZWxpZ2libGUiOmZhbHNlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwiYm9sZXRvYmFuY2FyaW8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzYXRpc3BheSI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.enableVenmoAppLabel=false&flow=billing_setup&currency=USD&intent=tokenize&commit=true&vault=true&renderedButtons.0=paypal&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
content-type: application/json

Response headers

date: Mon, 30 Jan 2023 16:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
paypal-debug-id: 04b2a47676a9b
server-timing: content-encoding;desc="", x-cdn;desc="edgecast"
dc: ccg11-origin-www-1.paypal.com
content-length: 608
server: ECAcc (frc/4CBA)
traceparent: 00-000000000000000000004b2a47676a9b-a51ec01d755a7e82-01
etag: W/"3f8-azyvhW2lAHln/C+6rjQc55T6hok"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.paypal.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *

GET
H2 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/ 272 KB
76 KB 76ms
75ms Script
text/javascript 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/common.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCu2stHA_Wgp5c31U3hCuMMMr0Bw5E6dyo&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b18208c9d118b2a3ef63d789e600229bcc86da65b1ccb37dbefe6cbc50ae11b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 18:33:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425338
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77467
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 21:48:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 18:33:44 GMT

GET
H2 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/ 158 KB
59 KB 54ms
54ms Script
text/javascript 2a00:1450:400d:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/51/7/intl/de_ALL/util.js

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyCu2stHA_Wgp5c31U3hCuMMMr0Bw5E6dyo&libraries=places

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08ffbe8132934a6bff10ba3ce45c44031ddb3eff98a69d74a118efdcb51775e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://subscribe.duluthnewstribune.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Wed, 25 Jan 2023 18:33:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 425338
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59508
x-xss-protection: 0
last-modified: Mon, 23 Jan 2023 21:48:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
vary: Accept-Encoding, Origin
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 25 Jan 2024 18:33:44 GMT

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 13:37:28	Name: _GRECAPTCHA Value: 09AOOcfwtH_9AE5AzmndEscCEoWWvF7i9DFVbvkkZ9K0Zdbn_4SpCiOGxdjpsxZ28DPfn-tBc5__2qlSSaZEKXqaE
.duluthnewstribune.com/	1970-01-20 18:04:13	Name: sailthru_hid Value: 2f9d418e7c976574d92014248608b3516079d208caa652008f559453b56886473a97f6a9613a811680b7775b
.duluthnewstribune.com/	1970-01-20 09:18:27	Name: sailthru_bid Value: 30371758.81400
subscribe.duluthnewstribune.com/	1970-01-20 09:18:18	Name: connect.sid Value: s%3Ap0POEhT0XV0fisZ4DOrrrQ6Tx1vTMnzB.xfS6Et7Ngtza0fN4ixYQkmkPOoVyEnSkMcdWUXPMLdI
.duluthnewstribune.com/	1970-01-20 18:02:51	Name: visid_incap_2844791 Value: 7FkmuOsGR1S/9jQLoeCROnvz12MAAAAAQUIPAAAAAACMiCpZGfB1ck/yPhd1Xb1g
.duluthnewstribune.com/	1969-12-31 23:59:59	Name: nlbi_2844791 Value: C6YgQeF9sQHoV0HMn9yu7AAAAAD2zkD9sM0w0NHWp8BrEm0g
.duluthnewstribune.com/	1969-12-31 23:59:59	Name: incap_ses_408_2844791 Value: OwydP5QnG0ve6dtpRoKpBXvz12MAAAAAfySd0U8jOMpRAxwq1WJsMA==
.duluthnewstribune.com/	1970-01-20 11:27:52	Name: _gcl_au Value: 1.1.1835553190.1675096957
.duluthnewstribune.com/	1970-01-20 18:54:16	Name: _ga_Z15KJQ29H1 Value: GS1.1.1675096957.1.0.1675096957.0.0.0
.doubleclick.net/	1970-01-20 09:18:17	Name: test_cookie Value: CheckForPermission
.duluthnewstribune.com/	1970-01-20 18:54:16	Name: _ga Value: GA1.2.1950005521.1675096958
.duluthnewstribune.com/	1970-01-20 09:19:43	Name: _gid Value: GA1.2.1812599132.1675096958
.duluthnewstribune.com/	1970-01-20 09:18:17	Name: _gat_UA-778232-77 Value: 1
.duluthnewstribune.com/	1970-01-20 09:18:17	Name: _gat_UA-41542537-2 Value: 1
.duluthnewstribune.com/	1970-01-20 09:18:17	Name: _dc_gtm_UA-778232-32 Value: 1
.duluthnewstribune.com/	1970-01-20 18:03:52	Name: _attrb Value: %22cec6f91a-0781-439b-b799-f48518d17e53%22
.duluthnewstribune.com/	1970-01-20 11:27:52	Name: _fbp Value: fb.1.1675096957739.530529930
subscribe.duluthnewstribune.com/	1970-01-20 18:03:52	Name: ai_user Value: EhMWJ\|2023-01-30T16:42:37.910Z
login.forumcomm.com/	1970-01-20 18:04:14	Name: did Value: s%3Av0%3A1af30270-a0bd-11ed-ae85-b18e71055928.v%2Bf0QM6FCx615sKjW4wdhLd%2Bj0sQutASIPD0qv5WoJA
.duluthnewstribune.com/	1970-01-20 18:54:16	Name: anonDeviceId Value: a826e20e7362e76b42d716a5d958a5f7
subscribe.duluthnewstribune.com/	1970-01-20 09:28:21	Name: AWSALB Value: RyYjfIxXRTk8Av4K6R9VHWfKdLr2jsy8Jiz/YhzB08WjbN29P19lEzpoiOpmJirPf7y3iso1M2d4qA4Jr5ZuHc9xX6sQLM40a3qkfU009jkM0Z6hABYluv7Ge/kE
subscribe.duluthnewstribune.com/	1970-01-20 09:28:21	Name: AWSALBCORS Value: RyYjfIxXRTk8Av4K6R9VHWfKdLr2jsy8Jiz/YhzB08WjbN29P19lEzpoiOpmJirPf7y3iso1M2d4qA4Jr5ZuHc9xX6sQLM40a3qkfU009jkM0Z6hABYluv7Ge/kE
.paypal.com/	1970-01-20 09:18:48	Name: LANG Value: de_DE%3BDE
.paypal.com/	1970-01-20 18:03:52	Name: enforce_policy Value: gdpr_v2.1
www.paypal.com/	1969-12-31 23:59:59	Name: nsid Value: s%3AOGEsxMfzFzmxfIdx4Sr465XbVoE7PVu6.b7ciq7pQs%2BpmjQGjf8vF4mH1pFL%2FhNNK941JL1fk8Js
.paypal.com/	1970-01-20 09:18:18	Name: l7_az Value: dcg15.slc
.paypal.com/	1970-01-20 18:54:16	Name: ts_c Value: vr%3D038f2db01860a1d6768c400efd846684%26vt%3D038f2db01860a1d6768c400efd846683
.paypal.com/	1970-01-20 09:22:36	Name: tsrce Value: loggernodeweb
.paypal.com/	1969-12-31 23:59:59	Name: x-pp-s Value: eyJ0IjoiMTY3NTA5Njk2MTkwNiIsImwiOiIwIiwibSI6IjAifQ
.paypal.com/	1970-01-20 18:54:16	Name: ts Value: vreXpYrS%3D1769791361%26vteXpYrS%3D1675098761%26vr%3D038f2db01860a1d6768c400efd846684%26vt%3D038f2db01860a1d6768c400efd846683%26vtyp%3Dnew

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors .subconadmin.com https://.subconadmin.com .mg2cms.com https://.mg2cms.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8975227.fls.doubleclick.net
adservice.google.com
adservice.google.de
api-mg2.db-ip.com
assets.braintreegateway.com
az416426.vo.msecnd.net
b.stats.paypal.com
bloximages.chicago2.vip.townnews.com
c.paypal.com
c6.paypal.com
cdn.auth0.com
cdn.confiant-integrations.net
cdn.godiciardstia.com
cdn.jsdelivr.net
cdn.mircheigeshoa.com
cdn.us.auth0.com
cdn.wgchrrammzv.com
checkout.paypal.com
client-analytics.braintreegateway.com
connect.facebook.net
dub.stats.paypal.com
fonts.googleapis.com
fonts.gstatic.com
js.braintreegateway.com
link.duluthnewstribune.com
loader-cdn.azureedge.net
login.forumcomm.com
maps.googleapis.com
payments.braintree-api.com
polyfill.io
pubads.g.doubleclick.net
region1.google-analytics.com
s3.amazonaws.com
scripts.attributionapp.com
static.forumcomm.com
stats.g.doubleclick.net
subscribe.duluthnewstribune.com
t.paypal.com
track.attributionapp.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.paypal.com
www.paypalobjects.com
104.16.133.24
104.26.4.15
107.154.76.234
107.20.71.201
13.225.78.20
13.225.78.57
13.248.139.42
13.32.110.94
13.32.12.51
142.251.208.134
143.204.215.25
151.101.2.133
192.229.221.25
2001:4860:4802:32::36
2600:9000:206f:3400:1b:e643:4ac0:93a1
2600:9000:2104:1200:1d:8f09:740:93a1
2606:2800:133:206e:1315:22a5:2006:24fd
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:4700::6812:116b
2a00:1450:400d:802::200a
2a00:1450:400d:806::2003
2a00:1450:400d:807::2002
2a00:1450:400d:80a::2002
2a00:1450:400d:80a::2003
2a00:1450:400d:80c::200e
2a00:1450:400d:80d::2004
2a00:1450:400d:80e::2008
2a00:1450:400d:80e::200a
2a00:1450:4025:401::9d
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:200::485
2a04:4e42:400::282
52.216.62.24
52.28.223.216
54.209.91.188
64.4.245.84
65.9.66.35
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0633be0754d8f21391eacd07f177335f08a1daabbba04ddc696283a27b0c005a
08ffbe8132934a6bff10ba3ce45c44031ddb3eff98a69d74a118efdcb51775e2
09cff25adf02e25fcdaac9140d0cfcf36060315f16e71031056b5570c6551a03
0a7cd92c980e820d3064ace1159a3e6be8c160f8d11e299558ab3c3574db8914
0c66c855006ab2ae4f702be94152ccc855d729ee985a3676d7e046763430e431
106cc265f34c25113c1c57a7b606878708cbb4205a66e82f495cd40014b24258
106fb417f17d07a860ebd1466dd44c0f30c754560e24e4f85ce5b4b560fd6bdc
1b34a42552c96f10e4dfaaa4a367276b03868aacff63c1ac42ffe331352bc754
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1cd788dc815a0928f0eddc114f265d2c1e4393a94143b494260dc5343fa8b4fa
1eeab1cb779471a0b0aaa93dd91c2eb1aa537d696f01ab05ea9dabc55e8525a1
24b57c02d8670f2a0f99ed9fff32356387a07f56a37bbc62ceba1c1e91712cc2
24cba4ab0dc8c572938b857d53b865a27f41eb122b4d635c79f34ccbfe3c7d92
25376cd52fca883ddcae7106505cb20b4e4f3f0d38bdc4c37fbf60ff49f66655
25b02175cc0a4e36fda24db4b7de40009feb7b31f18fe3c77423a2169929b94b
25f6538e93139ff03a83444ae05a7c0eac160b7dbcd05154ad6cbebfb21082ba
26e79ccb25e9dd44ea28d12a67c5700f39d283f078dac70d287c6625b2fa2c92
2949750aadafc472d1039eeba65ded9b96ff4da450eabccfb13bcdca1219498a
2ae5aed8aab32ad79a23003eee65fec603ddbeed83b296ba4735ff840e12b005
30fa2094f726c9e4a2c520398c3fd07868e2c921789ba95bd875695d48f31141
337b763e64d123c71154131bc82585189c0796a15e6cbe04567f5424ba16e4e0
34dbe0c9bb6ca6343024f431f136f55315d91db5dfc43be93499652fede431ad
3725ef48f5d7b22d88fbb28285c411fdd8004795717e9c49a45c849528224190
392c1cfd7dba03273c21a643e0aa17b3374383d575c55e6b23c99f873227ae32
39cc6c78632abb08815246e75d23371d17c0106cfb4156297f74366c8404b533
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
443ae6d19eccb96c833d38664cc77797a6e37b9c3939c08161aebb02f6138cf2
447256eb31b03e8de245de6feb98fad0a7710874162ab5cd91bd39274eaed7a7
449cf9d2e39c8b619466ac47bb28d3e5ff8287982f97333b5f8b3f18168f73a6
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4a3569fc82e8fef2a9125e05232c934b475e8c895e2454de87877d78da71a325
4ae104b640aede82496b9e34d9a59c2e0f33d5d2ca1f264cb0ab23fd3f2372fa
4f4ace5760fd2511c5c9716b6be5bc050dc9b8b16a5ad0f45b2209e05df1e551
4fd1192135e7bb8f65d1220d492bdf97260eb699b8de3d5b13c32dee76e0eb99
510b0d3f2370083584fbfdc0d2978f0858beec21b1311e5d01c80780f207f3cb
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
5525155484aef569c783dcb2e9d0de43eadb0a85178d0361c34dd1ef115af43a
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b74726d50ad888710f49a50c91351aee827fa48698bfec35bcf48db8350bef9
5c9cd98489d234940675ac308ea383341b6118387324ff5dba79c7b98b8cef3e
648dfea57b2801d0c0ea1eb931c1026734c1b9054f8c5dca3d35b50430238797
66ab049b1d9f880afaf047716c273c9914d1a760e5b72f0aacb6c8f980e6ecc6
6d770303dedbfeb897525ab66c5ca7eaf31da2c805486949898fc542908db53e
6d7ab62735eb01300a315406d9e202fa97be57d5da8b4a7f26de43a61e53c372
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
70212eacf2b641df77cb7f0b97262908d1f8abde30a8b77b1a7cd8ef7031ab7a
7a0679f3f5a4488b98ad0911486a5457d9e3fc9a38badc143e749cf7ee735c9f
7a66f21721f4518d1ff299c661e3b857092b0c38ad9f8bc4a37ecbd15e87dbf3
7b6b21c3940c64005b788c31f0b332e032ee4623155a1706dcf19c1263b5ac8b
7c0fd9f7c2f9509aedca0e1fa2cd5286dc2459bbeebf797941226248fe5bf5d1
7d77b850d78c8ff02a573b154fff90efef82dbdc2d45508be82b1ebb33180cff
7de545455ab7b288e80c799da8deb896a21df65b1a760f62ea33e9fe2ca5d8a0
7e51ad247ed033aabcf348d5cfb60952c173b5b4e9a72ba18f564cb8a16a48d9
80962ef1a0f4bc95fc4bac325bbfcc391dc701c2e89c304eb647c256d7d62583
81c91cf23193cb56d0ca8ba09d5aa39994586e99bd9e75d1df7271dfdeddbce2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86b01550e0622b6eb30bc7645539c099493a3c210fc297547bdc05e7f58a5012
891402d1263d75ee95f95f5059e69f744693a384c3afee3e51b6554fd1ebd316
8b66f48278fb986f0f07a7827e508cdf1228e1f6a3960915ee2f8451112a256b
8cd76a979805baeb5eb2686bb5aaeccf8da8eaf8734f9a09da24dc0eecf2a948
8f9d77c779ee8d0f2d47977d8dde3417d807a02fb9e53855f3d5ba3cfd683402
9321bc63a75b3ac6d384b411665b6e77a8b326a4b176ca2049872d3b5d4974f5
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
97f02b348ae12199c3a728fd38ae191a4f60285d880a29f952395ba4738405e2
9df8b934c46e43688d69296a2d49a0f29ef40a15394ab4be7a48ee800d06e731
9e31dd573f800f232bec2fe889ad192272bfd8e6b4a281d7273cbd6f40788741
adbafddcae5c63de02cb1f7786956f8f1f5bbfec1fedf98b13224a6995d832f2
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b16536ac8f4dc22595142244daba17fd653cbeb18ab213d5e73a07df55f78264
b18208c9d118b2a3ef63d789e600229bcc86da65b1ccb37dbefe6cbc50ae11b0
b59e31aeaca17f052e5e16fa1713cb48d45997454c26ae2876302420b77751c2
c7c0db0c265da2d9d030ebe6ece087febca214f35bfa99c579f22bc5873d4b38
c868ec0a6a6feb68b3d764eb0324882539c6ceed96e815ae9a83ea985fab32fe
ca1f76f3e333116f0ed5ae78dbce5c9c407d50d21530beb81e9cc0db1fa4cfac
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cec2fe6ccfa38f972e79f25c46c812727d1048f7d364d3d5639cb2e9528acf5f
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
d8708d19b30c749020ea49667f62ee37d7b42e14b3e478f25b0af2a339380a1d
da1e72f2e19d27f65981b617d12b8d987d44d2ba50590bb35eb2353f30531ce0
def7e4d139a8615c2721b3a2f0aee56e08052118029fa0bc8101fc0daea957d6
df29ab7936e6e6ec6f3f2a0a49d712646d7f73c34c95af836ad799fa2233f032
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6f5ff12991f04401e2b7f7a234cd5eddfe2dfcf95ce3a408c496956ccd311b3
e9cdf28b62df59bca53a06f6d2afbd81da3045e8f8def1f5ac370497ae59fd30
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3c5832c691778a79fe79620991e47f0004d096f937161136f46fdfdad9f1d6f
f8ba90dee6579a98a846ba86bdd8467fb6837d31574335256a958e94e8961723
fc4cfcd7fa03348c74bcf7ce6522f2d48cf522c241601b1cf4744baa88acf928

subscribe.duluthnewstribune.com Open in urlscan Pro 107.154.76.234 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

122 Requests

99 %HTTPS

53 %IPv6

28 Domains

47 Subdomains

38 IPs

5 Countries

2473 kBTransfer

8320 kBSize

30 Cookies

9 Outgoing links

Page URL History

Redirected requests

122 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

subscribe.duluthnewstribune.com Open in urlscan Pro
107.154.76.234 Public Scan

Screenshot
Live screenshot

Full Image

122
Requests

99 %
HTTPS

53 %
IPv6

28
Domains

47
Subdomains

38
IPs

5
Countries

2473 kB
Transfer

8320 kB
Size

30
Cookies

122 HTTP transactions
2 data transactions