urlscan.io logo urlscan.io
SecurityTrails logo

www.chicagotribune.com Open in urlscan Pro
2600:1400:9000::687e:7491  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-sto...
Submission: On April 30 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 134 IPs in 9 countries across 110 domains to perform 562 HTTP transactions. The main IP is 2600:1400:9000::687e:7491, located in New York, United States and belongs to AKAMAI-ASN1, NL. The main domain is www.chicagotribune.com. The Cisco Umbrella rank of the primary domain is 39651.
TLS certificate: Issued by R3 on March 17th 2023. Valid for: 3 months.
This is the only time www.chicagotribune.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 24 2600:1400:900... 20940 (AKAMAI-ASN1)
2 13.33.60.66 16509 (AMAZON-02)
11 13.35.93.33 16509 (AMAZON-02)
2 2606:4700:440... 13335 (CLOUDFLAR...)
4 2607:f8b0:400... 15169 (GOOGLE)
1 104.126.113.148 16625 (AKAMAI-AS)
2 2600:9000:24f... 16509 (AMAZON-02)
2 18.165.160.94 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
2 13.33.60.16 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
14 2607:f8b0:400... 15169 (GOOGLE)
2 54.205.97.187 14618 (AMAZON-AES)
4 35.190.38.143 15169 (GOOGLE)
1 2a04:4e42::714 54113 (FASTLY)
6 54.221.210.94 14618 (AMAZON-AES)
1 2 108.138.106.113 16509 (AMAZON-02)
20 151.101.193.44 54113 (FASTLY)
2 5 23.7.73.96 16625 (AKAMAI-AS)
1 13.225.63.114 16509 (AMAZON-02)
3 2600:1901:0:d... 15169 (GOOGLE)
3 2600:9000:251... 16509 (AMAZON-02)
18 2607:f8b0:400... 15169 (GOOGLE)
4 143.204.151.99 16509 (AMAZON-02)
1 18.164.101.60 16509 (AMAZON-02)
1 13.35.93.13 16509 (AMAZON-02)
6 2607:f8b0:400... 15169 (GOOGLE)
1 13.226.34.36 16509 (AMAZON-02)
1 2 107.178.250.234 15169 (GOOGLE)
2 6 108.138.128.112 16509 (AMAZON-02)
2 13.225.63.3 16509 (AMAZON-02)
1 151.101.65.44 54113 (FASTLY)
1 2600:9000:21d... 16509 (AMAZON-02)
1 2600:9000:220... 16509 (AMAZON-02)
1 44.237.8.143 16509 (AMAZON-02)
7 2607:f8b0:400... 15169 (GOOGLE)
5 13.225.214.99 16509 (AMAZON-02)
2 54.172.179.242 14618 (AMAZON-AES)
1 34.194.161.83 14618 (AMAZON-AES)
6 35.71.130.31 16509 (AMAZON-02)
1 18.164.116.116 16509 (AMAZON-02)
4 34.205.216.79 14618 (AMAZON-AES)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2600:9000:220... 16509 (AMAZON-02)
2 18.164.94.225 16509 (AMAZON-02)
3 52.203.227.89 14618 (AMAZON-AES)
8 104.36.115.111 62713 (AS-PUBMATIC)
2 2620:100:a001... 19750 (AS-CRITEO)
3 6 68.67.179.164 29990 (ASN-APPNEX)
8 104.18.24.185 13335 (CLOUDFLAR...)
4 2602:803:c002... 26667 (RUBICONPR...)
1 2600:9000:220... 16509 (AMAZON-02)
2 52.85.61.12 16509 (AMAZON-02)
1 52.216.101.187 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 34.238.216.149 14618 (AMAZON-AES)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
1 2607:f8b0:400... 15169 (GOOGLE)
15 2607:f8b0:400... 15169 (GOOGLE)
16 2607:f8b0:400... 15169 (GOOGLE)
2 19 52.46.128.147 16509 (AMAZON-02)
8 12 162.19.138.82 16276 (OVH)
1 3.236.169.117 14618 (AMAZON-AES)
1 3 2620:100:a001::c 19750 (AS-CRITEO)
6 2607:f8b0:400... 15169 (GOOGLE)
2 38 104.18.33.52 13335 (CLOUDFLAR...)
2 34.192.238.67 14618 (AMAZON-AES)
1 1 104.126.112.26 16625 (AKAMAI-AS)
1 1 2600:9000:220... 16509 (AMAZON-02)
2 18.164.116.44 16509 (AMAZON-02)
5 9 34.98.64.218 396982 (GOOGLE-CL...)
1 1 199.187.193.181 47043 (SMARTADSE...)
2 2 2606:ae80:147... 25751 (VALUECLICK)
5 10 54.161.237.233 14618 (AMAZON-AES)
2 104.126.113.6 16625 (AKAMAI-AS)
1 52.54.178.10 14618 (AMAZON-AES)
4 23.192.31.127 16625 (AKAMAI-AS)
3 3 3.225.218.10 14618 (AMAZON-AES)
4 5 2600:1f18:4e9... 14618 (AMAZON-AES)
11 11 35.71.131.137 16509 (AMAZON-02)
10 16 142.250.80.2 15169 (GOOGLE)
1 54.221.231.181 14618 (AMAZON-AES)
2 2 63.251.86.50 32475 (SINGLEHOP...)
1 7 69.175.41.44 32475 (SINGLEHOP...)
9 3.216.207.32 14618 (AMAZON-AES)
2 2 207.198.113.204 13768 (COGECO-PEER1)
3 4 192.40.39.223 27381 (CASALE-MEDIA)
4 14 35.71.139.29 16509 (AMAZON-02)
3 2620:100:a001::4 19750 (AS-CRITEO)
4 54.82.155.25 14618 (AMAZON-AES)
10 13 69.173.151.100 26667 (RUBICONPR...)
4 4 199.127.204.171 26120 (RHYTHMONE)
1 1 2620:112:f002... 6336 (TURN-US-ASN)
3 5 34.111.113.62 396982 (GOOGLE-CL...)
1 96.16.24.29 16625 (AKAMAI-AS)
10 10 35.211.178.172 19527 (GOOGLE-2)
1 1 35.190.90.30 15169 (GOOGLE)
2 2 69.166.1.10 27630 (AS-XFERNET)
1 1 63.251.28.234 26558 (FREEWHEEL)
5 6 8.28.7.82 62713 (AS-PUBMATIC)
3 3 8.28.7.83 62713 (AS-PUBMATIC)
8 2607:f8b0:400... 15169 (GOOGLE)
1 1 68.67.160.75 29990 (ASN-APPNEX)
1 1 213.19.162.80 26667 (RUBICONPR...)
3 3 35.207.24.140 15169 (GOOGLE)
2 2 54.85.249.75 14618 (AMAZON-AES)
1 1 104.127.172.242 16625 (AKAMAI-AS)
1 51.222.39.187 16276 (OVH)
21 172.64.154.204 13335 (CLOUDFLAR...)
8 2607:f8b0:400... 15169 (GOOGLE)
2 4 35.190.60.146 15169 (GOOGLE)
1 52.95.115.196 16509 (AMAZON-02)
2 2620:1ec:21::14 8068 (MICROSOFT...)
6 2607:f8b0:400... 15169 (GOOGLE)
2 2 54.227.251.232 14618 (AMAZON-AES)
1 1 34.170.123.2 396982 (GOOGLE-CL...)
3 104.17.209.240 13335 (CLOUDFLAR...)
2 207.198.113.230 13768 (COGECO-PEER1)
1 4 2600:9000:220... 16509 (AMAZON-02)
1 2600:9000:23c... 16509 (AMAZON-02)
2 2 107.21.92.115 14618 (AMAZON-AES)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2 64.202.112.223 22075 (AS-OUTBRAIN)
1 1 104.76.100.229 16625 (AKAMAI-AS)
1 34.120.253.250 396982 (GOOGLE-CL...)
1 74.119.119.139 19750 (AS-CRITEO)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2 54.148.169.223 16509 (AMAZON-02)
2 2 52.0.156.250 14618 (AMAZON-AES)
1 2a02:6ea0:c40... 60068 (CDN77 ^_^)
1 23.77.241.160 16625 (AKAMAI-AS)
1 2 52.204.7.99 14618 (AMAZON-AES)
11 34.98.72.95 396982 (GOOGLE-CL...)
2 52.1.40.206 14618 (AMAZON-AES)
2 25 141.226.224.48 200478 (TABOOLA-AS)
1 1 2600:1f18:730... 14618 (AMAZON-AES)
1 3.221.86.84 14618 (AMAZON-AES)
1 34.226.179.32 14618 (AMAZON-AES)
1 184.51.148.176 20940 (AKAMAI-ASN1)
1 108.139.29.80 16509 (AMAZON-02)
1 34.149.239.87 15169 (GOOGLE)
1 34.149.31.64 396982 (GOOGLE-CL...)
1 34.117.121.15 396982 (GOOGLE-CL...)
2 3 107.178.254.65 15169 (GOOGLE)
1 1 34.98.67.3 396982 (GOOGLE-CL...)
1 99.84.37.75 16509 (AMAZON-02)
1 34.107.191.194 396982 (GOOGLE-CL...)
2 34.149.130.207 15169 (GOOGLE)
26 34.111.8.32 396982 (GOOGLE-CL...)
2 4 35.207.10.239 15169 (GOOGLE)
1 1 124.146.215.45 2514 (INFOSPHER...)
2 2 3.123.89.161 16509 (AMAZON-02)
2 199.187.193.182 47043 (SMARTADSE...)
1 1 35.208.249.213 19527 (GOOGLE-2)
2 162.248.18.37 62713 (AS-PUBMATIC)
1 198.148.27.140 19189 (PULSEPOINT)
1 1 74.119.119.150 19750 (AS-CRITEO)
2 2 216.200.232.249 30419 (MEDIAMATH...)
2 2 50.57.31.206 19994 (RACKSPACE)
1 1 34.227.232.40 14618 (AMAZON-AES)
1 1 8.28.7.81 62713 (AS-PUBMATIC)
1 82.145.213.8 39832 (NO-OPERA)
1 1 34.149.254.212 15169 (GOOGLE)
1 2a04:4e42:600... 54113 (FASTLY)
1 141.226.224.32 200478 (TABOOLA-AS)
3 2a03:2880:f01... 32934 (FACEBOOK)
6 2a03:2880:f11... 32934 (FACEBOOK)
562 134
24    2600:1400:9000::687e:7491 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
www.chicagotribune.com
2    13.33.60.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-60-66.ewr52.r.cloudfront.net
htlbid.com
11    13.35.93.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-33.jfk50.r.cloudfront.net
r610.chicagotribune.com
2    2606:4700:4400::ac40:99f6 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.confiant-integrations.net
4    2607:f8b0:4006:817::200a (New York, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    104.126.113.148 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-126-113-148.deploy.static.akamaitechnologies.com
s.ntv.io
2    2600:9000:24f1:3600:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)
static.chartbeat.com
2    18.165.160.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-165-160-94.man51.r.cloudfront.net
assets.zephr.com
4    2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
2    13.33.60.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-60-16.ewr52.r.cloudfront.net
tags.remixd.com
1    2607:f8b0:4006:80d::2008 (New York, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2600:141b:13:78d::11a6 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
s.go-mpulse.net
14    2607:f8b0:4006:80d::2003 (New York, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
www.gstatic.com
2    54.205.97.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-97-187.compute-1.amazonaws.com
tribune.blueconic.net
4    35.190.38.143 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 143.38.190.35.bc.googleusercontent.com
pubcast-files.remixd.com
player-files.remixd.com
1    2a04:4e42::714 (United States)

ASN54113 (FASTLY, US)
mab.chartbeat.com
6    54.221.210.94 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-210-94.compute-1.amazonaws.com
jadserve.postrelease.com
2    108.138.106.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-106-113.jfk50.r.cloudfront.net
embed.sendtonews.com
embedcdn.sendtonews.com
20    151.101.193.44 (United States)

ASN54113 (FASTLY, US)
cdn.taboola.com
pm-widget.taboola.com
trc.taboola.com
vidstat.taboola.com
imprnjmp.taboola.com
match.taboola.com
5    23.7.73.96 (Eden Prairie, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-7-73-96.deploy.static.akamaitechnologies.com
www.tribdss.com
ssor.tribdss.com
1    13.225.63.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-114.ewr53.r.cloudfront.net
dynpaywall-api-chicagotribune.ml.sophi.io
3    2600:1901:0:d733::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)
smoggysnakes.com
3    2600:9000:2510:c000:3:b7e:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)
cmp.osano.com
18    2607:f8b0:4006:807::2002 (New York, United States)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
4    143.204.151.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-151-99.ewr52.r.cloudfront.net
c.amazon-adsystem.com
1    18.164.101.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-101-60.jfk50.r.cloudfront.net
cdn.parsely.com
1    13.35.93.13 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-35-93-13.jfk50.r.cloudfront.net
launchpad-wrapper.privacymanager.io
6    2607:f8b0:4006:81f::200e (New York, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    13.226.34.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-34-36.ewr53.r.cloudfront.net
cdn.sophi.io
2    107.178.250.234 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 234.250.178.107.bc.googleusercontent.com
js.matheranalytics.com
6    108.138.128.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-112.jfk50.r.cloudfront.net
sb.scorecardresearch.com
2    13.225.63.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-3.ewr53.r.cloudfront.net
ib.3lift.com
1    151.101.65.44 (United States)

ASN54113 (FASTLY, US)
widget.perfectmarket.com
1    2600:9000:21dd:5000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
static.adsafeprotected.com
1    2600:9000:2209:d200:1:a3fa:7cc0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.jwplayer.com
1    44.237.8.143 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-237-8-143.us-west-2.compute.amazonaws.com
authenticate.chicagotribune.com
7    2607:f8b0:4006:80f::200e (New York, United States)

ASN15169 (GOOGLE, US)
news.google.com
5    13.225.214.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-99.ewr50.r.cloudfront.net
zephr.chicagotribune.com
2    54.172.179.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-172-179-242.compute-1.amazonaws.com
ping.chartbeat.net
1    34.194.161.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-194-161-83.compute-1.amazonaws.com
p1.parsely.com
6    35.71.130.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: a8fd921d2017b5f79.awsglobalaccelerator.com
collector2.sophi.io
1    18.164.116.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-116.jfk50.r.cloudfront.net
launchpad.privacymanager.io
4    34.205.216.79 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-216-79.compute-1.amazonaws.com
www.i.matheranalytics.com
1    2607:f8b0:4004:c17::9d (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2600:9000:2209:8400:5:82fd:2500:21 (United States)

ASN16509 (AMAZON-02, US)
dyv1bugovvq1g.cloudfront.net
2    18.164.94.225 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-94-225.jfk50.r.cloudfront.net
aax.amazon-adsystem.com
3    52.203.227.89 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-203-227-89.compute-1.amazonaws.com
tlx.3lift.com
8    104.36.115.111 (United States)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
2    2620:100:a001::18 (United States)

ASN19750 (AS-CRITEO, US)
bidder.criteo.com
6    68.67.179.164 (North Bergen, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
8    104.18.24.185 (None, )

ASN13335 (CLOUDFLARENET, US)
htlb.casalemedia.com
as-sec.casalemedia.com
4    2602:803:c002:200::116 (United States)

ASN26667 (RUBICONPROJECT, US)
fastlane.rubiconproject.com
1    2600:9000:2209:6e00:11:b309:9100:21 (United States)

ASN16509 (AMAZON-02, US)
d15kdpgjg3unno.cloudfront.net
2    52.85.61.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-12.ewr53.r.cloudfront.net
geo.privacymanager.io
1    52.216.101.187 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
ams-pageview-public.s3.amazonaws.com
3    2607:f8b0:4006:817::2004 (New York, United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4006:824::2003 (New York, United States)

ASN15169 (GOOGLE, US)
www.google.ca
4    34.238.216.149 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-216-149.compute-1.amazonaws.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
1    2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.id5-sync.com
1    2600:141b:13:699::11a6 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
c.go-mpulse.net
1    2607:f8b0:4006:80e::2002 (New York, United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
15    2607:f8b0:4006:821::2002 (New York, United States)

ASN15169 (GOOGLE, US)
adservice.google.com
pagead2.googlesyndication.com
16    2607:f8b0:4006:821::2001 (New York, United States)

ASN15169 (GOOGLE, US)
a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
tpc.googlesyndication.com
19    52.46.128.147 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
12    162.19.138.82 (France)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu
lb.eu-1-id5-sync.com
id5-sync.com
1    3.236.169.117 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-236-169-117.compute-1.amazonaws.com
sqs.us-east-1.amazonaws.com
3    2620:100:a001::c (United States)

ASN19750 (AS-CRITEO, US)
gum.criteo.com
6    2607:f8b0:4006:80f::2002 (New York, United States)

ASN15169 (GOOGLE, US)
www.googletagservices.com
38    104.18.33.52 (None, )

ASN13335 (CLOUDFLARENET, US)
capi.connatix.com
cd.connatix.com
cds.connatix.com
lit.connatix.com
cks.connatix.com
pl.connatix.com
img.connatix.com
2    34.192.238.67 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-238-67.compute-1.amazonaws.com
protected-by.clarium.io
1    104.126.112.26 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-126-112-26.deploy.static.akamaitechnologies.com
cs.media.net
1    2600:9000:2209:2a00:1b:5138:8a40:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.ad.smaato.net
2    18.164.116.44 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-44.jfk50.r.cloudfront.net
consent.api.osano.com
9    34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
us-u.openx.net
1    199.187.193.181 (Canada)

ASN47043 (SMARTADSERVER, CA)
ssbsync-us.smartadserver.com
2    2606:ae80:1471:16::760 (United States)

ASN25751 (VALUECLICK, US)
amazon-tam-match.dotomi.com
10    54.161.237.233 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-237-233.compute-1.amazonaws.com
match.sharethrough.com
2    104.126.113.6 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-126-113-6.deploy.static.akamaitechnologies.com
ads.pubmatic.com
1    52.54.178.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-54-178-10.compute-1.amazonaws.com
sync-amz.ads.yieldmo.com
4    23.192.31.127 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-192-31-127.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
3    3.225.218.10 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com
ups.analytics.yahoo.com
5    2600:1f18:4e9:5a02:5b4:577f:5bf1:de22 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
pr-bh.ybp.yahoo.com
11    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
16    142.250.80.2 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f2.1e100.net
cm.g.doubleclick.net
1    54.221.231.181 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-221-231-181.compute-1.amazonaws.com
crb.kargo.com
2    63.251.86.50 (United States)

ASN32475 (SINGLEHOP-LLC, US)
ap.lijit.com
7    69.175.41.44 (Yorktown Heights, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: sovrn-193627-chi03-placeholder
ce.lijit.com
9    3.216.207.32 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-207-32.compute-1.amazonaws.com
cs-server-s2s.yellowblue.io
cs.yellowblue.io
2    207.198.113.204 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
4    192.40.39.223 (Canada)

ASN27381 (CASALE-MEDIA, CA)
ssum.casalemedia.com
dsum.casalemedia.com
dsum-sec.casalemedia.com
14    35.71.139.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
3    2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)
static.criteo.net
4    54.82.155.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-82-155-25.compute-1.amazonaws.com
ads.yieldmo.com
13    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
token.rubiconproject.com
4    199.127.204.171 (United States)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
1    2620:112:f002:bbbb::21 (United States)

ASN6336 (TURN-US-ASN, US)
ad.turn.com
5    34.111.113.62 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com
pixel.tapad.com
1    96.16.24.29 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-24-29.deploy.static.akamaitechnologies.com
contextual.media.net
10    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
1    35.190.90.30 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 30.90.190.35.bc.googleusercontent.com
odr.mookie1.com
2    69.166.1.10 (United States)

ASN27630 (AS-XFERNET, US)
sync.go.sonobi.com
1    63.251.28.234 (United States)

ASN26558 (FREEWHEEL, US)
ads.stickyadstv.com
6    8.28.7.82 (United States)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
3    8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
8    2607:f8b0:4006:809::2006 (New York, United States)

ASN15169 (GOOGLE, US)
s0.2mdn.net
1    68.67.160.75 (New York, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
1    213.19.162.80 (United Kingdom)

ASN26667 (RUBICONPROJECT, US)
pixel-eu.rubiconproject.com
3    35.207.24.140 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com
rtb.mfadsrvr.com
2    54.85.249.75 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-85-249-75.compute-1.amazonaws.com
match.prod.bidr.io
1    104.127.172.242 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-127-172-242.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
1    51.222.39.187 (Canada)

ASN16276 (OVH, FR)
PTR: ip187.ip-51-222-39.net
onetag-sys.com
21    172.64.154.204 (United States)

ASN13335 (CLOUDFLARENET, US)
ins.connatix.com
vid.connatix.com
img.connatix.com
8    2607:f8b0:4006:80c::200a (New York, United States)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
4    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
id.rlcdn.com
idsync.rlcdn.com
1    52.95.115.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
2    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
6    2607:f8b0:4006:806::200e (New York, United States)

ASN15169 (GOOGLE, US)
play.google.com
2    54.227.251.232 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-251-232.compute-1.amazonaws.com
sync.srv.stackadapt.com
1    34.170.123.2 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 2.123.170.34.bc.googleusercontent.com
um.simpli.fi
3    104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)
zn3mj4uj3nxslnmih-tribune.siteintercept.qualtrics.com
siteintercept.qualtrics.com
2    207.198.113.230 (Herndon, United States)

ASN13768 (COGECO-PEER1, CA)
pixel.sitescout.com
4    2600:9000:2209:d600:e:ec66:e40:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.keywee.co
1    2600:9000:23cb:1600:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)
b-code.liadm.com
2    107.21.92.115 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-92-115.compute-1.amazonaws.com
ads.creative-serving.com
1    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
2    64.202.112.223 (Chicago, United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
1    104.76.100.229 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-100-229.deploy.static.akamaitechnologies.com
stags.bluekai.com
1    34.120.253.250 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 250.253.120.34.bc.googleusercontent.com
tag.wknd.ai
1    74.119.119.139 (United States)

ASN19750 (AS-CRITEO, US)
mug.criteo.com
1    2607:f8b0:4006:81e::2002 (New York, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    54.148.169.223 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-169-223.us-west-2.compute.amazonaws.com
dpm.demdex.net
2    52.0.156.250 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-156-250.compute-1.amazonaws.com
loadm.exelator.com
1    2a02:6ea0:c400::12 (New York, United States)

ASN60068 (CDN77 ^_^, GB)
load77.exelator.com
1    23.77.241.160 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-77-241-160.deploy.static.akamaitechnologies.com
sync.teads.tv
2    52.204.7.99 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-7-99.compute-1.amazonaws.com
sync.crwdcntrl.net
11    34.98.72.95 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 95.72.98.34.bc.googleusercontent.com
assets.bounceexchange.com
2    52.1.40.206 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-40-206.compute-1.amazonaws.com
idx.liadm.com
25    141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)
us-trc-events.taboola.com
us-match.taboola.com
us-vid-events.taboola.com
sync.taboola.com
sync-t1.taboola.com
1    2600:1f18:730:b150:c922:c4f2:8c5e:8b2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
rp.liadm.com
1    3.221.86.84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-221-86-84.compute-1.amazonaws.com
rp4.liadm.com
1    34.226.179.32 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-226-179-32.compute-1.amazonaws.com
pixel.keywee.co
1    184.51.148.176 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-51-148-176.deploy.static.akamaitechnologies.com
sli.chicagotribune.com
1    108.139.29.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-80.jfk50.r.cloudfront.net
cdn-gateflipp.flippback.com
1    34.149.239.87 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 87.239.149.34.bc.googleusercontent.com
data.cdnbasket.net
1    34.149.31.64 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 64.31.149.34.bc.googleusercontent.com
page.cdnbasket.net
1    34.117.121.15 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 15.121.117.34.bc.googleusercontent.com
view.cdnbasket.net
3    107.178.254.65 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
1    34.98.67.3 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 3.67.98.34.bc.googleusercontent.com
tags.rd.linksynergy.com
1    99.84.37.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-37-75.ewr52.r.cloudfront.net
p.flipp.com
1    34.107.191.194 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 194.191.107.34.bc.googleusercontent.com
ids.cdnwidget.com
2    34.149.130.207 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 207.130.149.34.bc.googleusercontent.com
pd.cdnwidget.com
idr.cdnwidget.com
26    34.111.8.32 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 32.8.111.34.bc.googleusercontent.com
api.bounceexchange.com
contextual-analytics.wunderkind.co
dfp.bouncex.net
events.bouncex.net
4    35.207.10.239 (North Charleston, United States)

ASN15169 (GOOGLE, US)
PTR: 239.10.207.35.bc.googleusercontent.com
ssp.behave.com
1    124.146.215.45 (Japan)

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)
tg.socdm.com
2    3.123.89.161 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-89-161.eu-central-1.compute.amazonaws.com
ih.adscale.de
2    199.187.193.182 (Canada)

ASN47043 (SMARTADSERVER, CA)
ssbsync.smartadserver.com
rtb-csync.smartadserver.com
1    35.208.249.213 (Council Bluffs, United States)

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com
trace.mediago.io
2    162.248.18.37 (United States)

ASN62713 (AS-PUBMATIC, US)
simage2.pubmatic.com
1    198.148.27.140 (New York, United States)

ASN19189 (PULSEPOINT, US)
bh.contextweb.com
1    74.119.119.150 (United States)

ASN19750 (AS-CRITEO, US)
dis.criteo.com
2    216.200.232.249 (Frederick, United States)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
2    50.57.31.206 (United States)

ASN19994 (RACKSPACE, US)
uipglob.semasio.net
1    34.227.232.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-227-232-40.compute-1.amazonaws.com
rtb.gumgum.com
1    8.28.7.81 (United States)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
1    82.145.213.8 (Norway)

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology
t.adx.opera.com
1    34.149.254.212 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 212.254.149.34.bc.googleusercontent.com
pix.cdnwidget.com
1    2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)
pips.taboola.com
1    141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)
cds.taboola.com
3    2a03:2880:f011:8:face:b00c:0:1 (Lithia Springs, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
6    2a03:2880:f111:83:face:b00c:0:25de (Lithia Springs, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
59 connatix.com
capi.connatix.com — Cisco Umbrella Rank: 3474
cd.connatix.com — Cisco Umbrella Rank: 4107
cds.connatix.com — Cisco Umbrella Rank: 4289
ins.connatix.com — Cisco Umbrella Rank: 5823
lit.connatix.com — Cisco Umbrella Rank: 10607
vid.connatix.com — Cisco Umbrella Rank: 5713
cks.connatix.com — Cisco Umbrella Rank: 5023
pl.connatix.com — Cisco Umbrella Rank: 8377
img.connatix.com — Cisco Umbrella Rank: 5546
6 MB
47 taboola.com
cdn.taboola.com — Cisco Umbrella Rank: 1073
pm-widget.taboola.com — Cisco Umbrella Rank: 32181
trc.taboola.com — Cisco Umbrella Rank: 839
vidstat.taboola.com — Cisco Umbrella Rank: 3230
us-trc-events.taboola.com — Cisco Umbrella Rank: 7410
imprnjmp.taboola.com — Cisco Umbrella Rank: 10864
us-match.taboola.com — Cisco Umbrella Rank: 11393
us-vid-events.taboola.com — Cisco Umbrella Rank: 10373
sync.taboola.com — Cisco Umbrella Rank: 1356
sync-t1.taboola.com — Cisco Umbrella Rank: 1472
match.taboola.com — Cisco Umbrella Rank: 7625
pips.taboola.com — Cisco Umbrella Rank: 1900
cds.taboola.com — Cisco Umbrella Rank: 2362
406 KB
42 chicagotribune.com
www.chicagotribune.com — Cisco Umbrella Rank: 39651
r610.chicagotribune.com — Cisco Umbrella Rank: 156733
authenticate.chicagotribune.com — Cisco Umbrella Rank: 311609
zephr.chicagotribune.com — Cisco Umbrella Rank: 198357
sli.chicagotribune.com — Cisco Umbrella Rank: 189754
690 KB
36 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269
stats.g.doubleclick.net — Cisco Umbrella Rank: 166
cm.g.doubleclick.net — Cisco Umbrella Rank: 313
googleads.g.doubleclick.net — Cisco Umbrella Rank: 67
225 KB
30 googlesyndication.com
a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 177
pagead2.googlesyndication.com — Cisco Umbrella Rank: 129
309 KB
26 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 361
aax.amazon-adsystem.com — Cisco Umbrella Rank: 455
s.amazon-adsystem.com — Cisco Umbrella Rank: 376
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 994
78 KB
23 bouncex.net
dfp.bouncex.net — Cisco Umbrella Rank: 7840
events.bouncex.net — Cisco Umbrella Rank: 2797
2 KB
23 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 677
eus.rubiconproject.com — Cisco Umbrella Rank: 798
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 1475
pixel-eu.rubiconproject.com — Cisco Umbrella Rank: 3036
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1452
pixel.rubiconproject.com — Cisco Umbrella Rank: 447
token.rubiconproject.com — Cisco Umbrella Rank: 795
34 KB
22 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 729
ads.pubmatic.com — Cisco Umbrella Rank: 725
image8.pubmatic.com — Cisco Umbrella Rank: 1002
image2.pubmatic.com — Cisco Umbrella Rank: 1377
simage2.pubmatic.com — Cisco Umbrella Rank: 976
image6.pubmatic.com — Cisco Umbrella Rank: 1037
16 KB
19 3lift.com
ib.3lift.com — Cisco Umbrella Rank: 2197
tlx.3lift.com — Cisco Umbrella Rank: 797
eb2.3lift.com — Cisco Umbrella Rank: 535
70 KB
17 google.com
news.google.com — Cisco Umbrella Rank: 7327
www.google.com — Cisco Umbrella Rank: 16
adservice.google.com — Cisco Umbrella Rank: 130
play.google.com — Cisco Umbrella Rank: 74
75 KB
14 gstatic.com
fonts.gstatic.com
www.gstatic.com
310 KB
13 bounceexchange.com
assets.bounceexchange.com — Cisco Umbrella Rank: 2794
api.bounceexchange.com — Cisco Umbrella Rank: 2916
323 KB
12 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 768
ssum.casalemedia.com — Cisco Umbrella Rank: 1999
dsum.casalemedia.com — Cisco Umbrella Rank: 2284
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 876
as-sec.casalemedia.com — Cisco Umbrella Rank: 2361
6 KB
12 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 119
imasdk.googleapis.com — Cisco Umbrella Rank: 520
2 MB
11 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 451
6 KB
11 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1319
id5-sync.com — Cisco Umbrella Rank: 612
32 KB
10 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 427
5 KB
10 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 777
6 KB
9 yellowblue.io
cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 5275
cs.yellowblue.io — Cisco Umbrella Rank: 5508
4 KB
9 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 883
ce.lijit.com — Cisco Umbrella Rank: 1417
9 KB
9 openx.net
u.openx.net — Cisco Umbrella Rank: 974
us-u.openx.net — Cisco Umbrella Rank: 707
1 KB
8 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 373
174 KB
8 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 402
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 689
4 KB
8 sophi.io
dynpaywall-api-chicagotribune.ml.sophi.io — Cisco Umbrella Rank: 306171
cdn.sophi.io — Cisco Umbrella Rank: 36359
collector2.sophi.io — Cisco Umbrella Rank: 183800
43 KB
7 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 319
secure.adnxs.com — Cisco Umbrella Rank: 604
7 KB
7 criteo.com
bidder.criteo.com — Cisco Umbrella Rank: 803
gum.criteo.com — Cisco Umbrella Rank: 442
mug.criteo.com — Cisco Umbrella Rank: 1686
dis.criteo.com — Cisco Umbrella Rank: 941
9 KB
6 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
295 B
6 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 238
291 KB
6 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 218
4 KB
6 matheranalytics.com
js.matheranalytics.com — Cisco Umbrella Rank: 18100
www.i.matheranalytics.com — Cisco Umbrella Rank: 17591
45 KB
6 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 91
21 KB
6 postrelease.com
jadserve.postrelease.com — Cisco Umbrella Rank: 1859
5 KB
6 remixd.com
tags.remixd.com — Cisco Umbrella Rank: 34740
pubcast-files.remixd.com — Cisco Umbrella Rank: 36827
player-files.remixd.com — Cisco Umbrella Rank: 35685
82 KB
5 liadm.com
b-code.liadm.com — Cisco Umbrella Rank: 3443
idx.liadm.com — Cisco Umbrella Rank: 3099
rp.liadm.com — Cisco Umbrella Rank: 2091
rp4.liadm.com — Cisco Umbrella Rank: 5523
16 KB
5 keywee.co
cdn.keywee.co — Cisco Umbrella Rank: 21719
pixel.keywee.co — Cisco Umbrella Rank: 19347
34 KB
5 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 695
1 KB
5 yieldmo.com
sync-amz.ads.yieldmo.com — Cisco Umbrella Rank: 9425
ads.yieldmo.com — Cisco Umbrella Rank: 942
4 KB
5 osano.com
cmp.osano.com — Cisco Umbrella Rank: 6829
consent.api.osano.com — Cisco Umbrella Rank: 11753
95 KB
5 tribdss.com
www.tribdss.com — Cisco Umbrella Rank: 84380
ssor.tribdss.com — Cisco Umbrella Rank: 87406
40 KB
4 behave.com
ssp.behave.com — Cisco Umbrella Rank: 4629
2 KB
4 cdnwidget.com
ids.cdnwidget.com — Cisco Umbrella Rank: 4399
pd.cdnwidget.com — Cisco Umbrella Rank: 4057
pix.cdnwidget.com — Cisco Umbrella Rank: 5900
idr.cdnwidget.com — Cisco Umbrella Rank: 4777
2 KB
4 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 1007
idsync.rlcdn.com — Cisco Umbrella Rank: 621
1 KB
4 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 985
pixel.sitescout.com — Cisco Umbrella Rank: 5223
3 KB
4 amazon.dev
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 1019
917 B
4 privacymanager.io
launchpad-wrapper.privacymanager.io — Cisco Umbrella Rank: 8334
launchpad.privacymanager.io — Cisco Umbrella Rank: 6914
geo.privacymanager.io — Cisco Umbrella Rank: 2374
11 KB
4 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3572
onesignal.com — Cisco Umbrella Rank: 1047
83 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 189
244 KB
3 pippio.com
pippio.com — Cisco Umbrella Rank: 1156
940 B
3 cdnbasket.net
data.cdnbasket.net — Cisco Umbrella Rank: 5168
page.cdnbasket.net — Cisco Umbrella Rank: 5177
view.cdnbasket.net — Cisco Umbrella Rank: 5176
1014 B
3 exelator.com
loadm.exelator.com — Cisco Umbrella Rank: 2316
load77.exelator.com — Cisco Umbrella Rank: 4801
2 KB
3 qualtrics.com
zn3mj4uj3nxslnmih-tribune.siteintercept.qualtrics.com — Cisco Umbrella Rank: 225365
siteintercept.qualtrics.com — Cisco Umbrella Rank: 1350
25 KB
3 mfadsrvr.com
rtb.mfadsrvr.com — Cisco Umbrella Rank: 1505
1019 B
3 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 875
2 KB
3 criteo.net
static.criteo.net — Cisco Umbrella Rank: 763
98 KB
3 smartadserver.com
ssbsync-us.smartadserver.com — Cisco Umbrella Rank: 5678
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1052
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 774
767 B
3 google.ca
www.google.ca — Cisco Umbrella Rank: 8003
adservice.google.ca — Cisco Umbrella Rank: 14238
1 KB
3 smoggysnakes.com
smoggysnakes.com — Cisco Umbrella Rank: 130493
22 KB
3 chartbeat.com
static.chartbeat.com — Cisco Umbrella Rank: 2090
mab.chartbeat.com — Cisco Umbrella Rank: 3436
25 KB
2 semasio.net
uipglob.semasio.net — Cisco Umbrella Rank: 1965
1 KB
2 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 744
1 KB
2 adscale.de
ih.adscale.de — Cisco Umbrella Rank: 3033
634 B
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 1149
1 KB
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 277
2 KB
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 813
1 KB
2 creative-serving.com
ads.creative-serving.com — Cisco Umbrella Rank: 5985
1 KB
2 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 1009
1 KB
2 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 733
657 B
2 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 825
1 KB
2 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 1456
1 KB
2 dotomi.com
amazon-tam-match.dotomi.com — Cisco Umbrella Rank: 8170
667 B
2 media.net
cs.media.net — Cisco Umbrella Rank: 2272
contextual.media.net — Cisco Umbrella Rank: 838
1 KB
2 clarium.io
protected-by.clarium.io — Cisco Umbrella Rank: 2133
487 B
2 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1293
818 B
2 amazonaws.com
ams-pageview-public.s3.amazonaws.com — Cisco Umbrella Rank: 19789
sqs.us-east-1.amazonaws.com — Cisco Umbrella Rank: 5459
1 KB
2 cloudfront.net
dyv1bugovvq1g.cloudfront.net
d15kdpgjg3unno.cloudfront.net
24 KB
2 chartbeat.net
ping.chartbeat.net — Cisco Umbrella Rank: 1521
401 B
2 parsely.com
cdn.parsely.com — Cisco Umbrella Rank: 3747
p1.parsely.com — Cisco Umbrella Rank: 3160
21 KB
2 sendtonews.com
embed.sendtonews.com — Cisco Umbrella Rank: 18414
embedcdn.sendtonews.com — Cisco Umbrella Rank: 21043
4 KB
2 blueconic.net
tribune.blueconic.net — Cisco Umbrella Rank: 113860
2 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1502
c.go-mpulse.net — Cisco Umbrella Rank: 736
50 KB
2 zephr.com
assets.zephr.com — Cisco Umbrella Rank: 66563
17 KB
2 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1925
97 KB
2 htlbid.com
htlbid.com — Cisco Umbrella Rank: 16349
106 KB
1 opera.com
t.adx.opera.com — Cisco Umbrella Rank: 3365
467 B
1 gumgum.com
rtb.gumgum.com — Cisco Umbrella Rank: 2335
276 B
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 866
873 B
1 mediago.io
trace.mediago.io — Cisco Umbrella Rank: 2349
188 B
1 socdm.com
tg.socdm.com — Cisco Umbrella Rank: 1266
862 B
1 wunderkind.co
contextual-analytics.wunderkind.co — Cisco Umbrella Rank: 4755
232 B
1 flipp.com
p.flipp.com — Cisco Umbrella Rank: 22805
1 linksynergy.com
tags.rd.linksynergy.com — Cisco Umbrella Rank: 6011
392 B
1 flippback.com
cdn-gateflipp.flippback.com — Cisco Umbrella Rank: 24336
73 KB
1 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1703
287 B
1 wknd.ai
tag.wknd.ai — Cisco Umbrella Rank: 4604
12 KB
1 bluekai.com
stags.bluekai.com — Cisco Umbrella Rank: 842
752 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 413
670 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 1223
659 B
1 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 1124
815 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 829
514 B
1 mookie1.com
odr.mookie1.com — Cisco Umbrella Rank: 1646
636 B
1 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1955
592 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 1341
434 B
1 kargo.com
crb.kargo.com — Cisco Umbrella Rank: 2477
435 B
1 smaato.net
s.ad.smaato.net — Cisco Umbrella Rank: 1005
531 B
1 jwplayer.com
cdn.jwplayer.com — Cisco Umbrella Rank: 2945
41 KB
1 adsafeprotected.com
static.adsafeprotected.com — Cisco Umbrella Rank: 820
483 B
1 perfectmarket.com
widget.perfectmarket.com — Cisco Umbrella Rank: 3999
2 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
98 KB
1 ntv.io
s.ntv.io — Cisco Umbrella Rank: 5386
159 KB
562 110
Domain Requested by
25 capi.connatix.com www.chicagotribune.com
cd.connatix.com
24 www.chicagotribune.com 1 redirects www.chicagotribune.com
cdn.taboola.com
21 events.bouncex.net
19 s.amazon-adsystem.com 2 redirects cmp.osano.com
s.amazon-adsystem.com
u.openx.net
match.sharethrough.com
sync-amz.ads.yieldmo.com
cs-server-s2s.yellowblue.io
ce.lijit.com
18 securepubads.g.doubleclick.net htlbid.com
securepubads.g.doubleclick.net
www.chicagotribune.com
www.googletagservices.com
cmp.osano.com
a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
16 cm.g.doubleclick.net 10 redirects u.openx.net
ce.lijit.com
s.amazon-adsystem.com
eb2.3lift.com
14 pagead2.googlesyndication.com www.googletagservices.com
srcdoc
securepubads.g.doubleclick.net
tpc.googlesyndication.com
14 eb2.3lift.com 4 redirects www.chicagotribune.com
cmp.osano.com
eb2.3lift.com
14 tpc.googlesyndication.com www.chicagotribune.com
a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
cmp.osano.com
13 img.connatix.com www.chicagotribune.com
cd.connatix.com
cmp.osano.com
12 cdn.taboola.com www.chicagotribune.com
cdn.taboola.com
cmp.osano.com
11 us-trc-events.taboola.com
11 assets.bounceexchange.com cmp.osano.com
assets.bounceexchange.com
11 match.adsrvr.org 11 redirects
11 r610.chicagotribune.com www.chicagotribune.com
r610.chicagotribune.com
cmp.osano.com
10 vid.connatix.com cd.connatix.com
www.chicagotribune.com
10 x.bidswitch.net 10 redirects
10 match.sharethrough.com 5 redirects s.amazon-adsystem.com
match.sharethrough.com
10 id5-sync.com 8 redirects cdn.id5-sync.com
9 sync.taboola.com 2 redirects
8 imasdk.googleapis.com cd.connatix.com
imasdk.googleapis.com
8 s0.2mdn.net a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
s0.2mdn.net
imasdk.googleapis.com
www.chicagotribune.com
8 hbopenbid.pubmatic.com htlbid.com
assets.bounceexchange.com
7 ce.lijit.com 1 redirects s.amazon-adsystem.com
ce.lijit.com
7 www.gstatic.com news.google.com
www.gstatic.com
7 news.google.com cmp.osano.com
news.google.com
www.chicagotribune.com
www.gstatic.com
7 fonts.gstatic.com fonts.googleapis.com
6 as-sec.casalemedia.com assets.bounceexchange.com
6 www.facebook.com
6 play.google.com www.gstatic.com
6 pixel.rubiconproject.com 3 redirects s.amazon-adsystem.com
6 image8.pubmatic.com 5 redirects www.chicagotribune.com
6 www.googletagservices.com www.chicagotribune.com
a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
6 ib.adnxs.com 3 redirects htlbid.com
eb2.3lift.com
6 collector2.sophi.io cdn.sophi.io
6 sb.scorecardresearch.com 2 redirects www.chicagotribune.com
cdn.taboola.com
6 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.chicagotribune.com
6 jadserve.postrelease.com s.ntv.io
www.chicagotribune.com
5 cs.yellowblue.io cs-server-s2s.yellowblue.io
5 pixel.tapad.com 3 redirects sync-amz.ads.yieldmo.com
5 us-u.openx.net 3 redirects u.openx.net
5 pr-bh.ybp.yahoo.com 4 redirects u.openx.net
5 zephr.chicagotribune.com assets.zephr.com
4 ssp.behave.com 2 redirects assets.bounceexchange.com
4 cdn.keywee.co 1 redirects cmp.osano.com
4 trc.taboola.com cdn.taboola.com
4 token.rubiconproject.com 4 redirects
4 ads.yieldmo.com sync-amz.ads.yieldmo.com
4 cs-server-s2s.yellowblue.io s.amazon-adsystem.com
cs-server-s2s.yellowblue.io
4 eus.rubiconproject.com s.amazon-adsystem.com
eus.rubiconproject.com
cs-server-s2s.yellowblue.io
4 u.openx.net 2 redirects s.amazon-adsystem.com
4 prod.us-east-1.cxm-bcn.publisher-services.amazon.dev c.amazon-adsystem.com
4 fastlane.rubiconproject.com htlbid.com
4 www.i.matheranalytics.com www.chicagotribune.com
4 c.amazon-adsystem.com htlbid.com
c.amazon-adsystem.com
4 www.tribdss.com 2 redirects www.chicagotribune.com
4 fonts.googleapis.com www.chicagotribune.com
cmp.osano.com
client
3 connect.facebook.net cmp.osano.com
3 sync-t1.taboola.com
3 pippio.com 2 redirects
3 rtb.mfadsrvr.com 3 redirects
3 image2.pubmatic.com 3 redirects
3 sync.1rx.io 3 redirects
3 pixel-us-east.rubiconproject.com 3 redirects
3 static.criteo.net cmp.osano.com
static.criteo.net
3 ups.analytics.yahoo.com 3 redirects
3 cds.connatix.com www.chicagotribune.com
cmp.osano.com
3 gum.criteo.com 1 redirects cmp.osano.com
3 www.google.com www.chicagotribune.com
cmp.osano.com
3 tlx.3lift.com htlbid.com
ib.3lift.com
3 player-files.remixd.com www.chicagotribune.com
3 cmp.osano.com www.chicagotribune.com
cmp.osano.com
3 smoggysnakes.com www.chicagotribune.com
smoggysnakes.com
2 uipglob.semasio.net 2 redirects
2 sync.mathtag.com 2 redirects
2 simage2.pubmatic.com
2 ih.adscale.de 2 redirects
2 dfp.bouncex.net assets.bounceexchange.com
2 api.bounceexchange.com cmp.osano.com
2 idsync.rlcdn.com 1 redirects
2 idx.liadm.com b-code.liadm.com
2 sync.crwdcntrl.net 1 redirects
2 loadm.exelator.com 2 redirects
2 dpm.demdex.net 1 redirects
2 siteintercept.qualtrics.com cmp.osano.com
siteintercept.qualtrics.com
2 b1sync.zemanta.com 2 redirects
2 ads.creative-serving.com 2 redirects
2 pixel.sitescout.com www.chicagotribune.com
2 onesignal.com cmp.osano.com
2 sync.srv.stackadapt.com 2 redirects
2 px.ads.linkedin.com s.amazon-adsystem.com
eb2.3lift.com
2 id.rlcdn.com 1 redirects www.chicagotribune.com
2 lit.connatix.com cd.connatix.com
2 ins.connatix.com cd.connatix.com
2 match.prod.bidr.io 2 redirects
2 sync.go.sonobi.com 2 redirects
2 ssum.casalemedia.com 2 redirects
2 pixel-sync.sitescout.com 2 redirects
2 ap.lijit.com 2 redirects
2 ads.pubmatic.com s.amazon-adsystem.com
cmp.osano.com
2 amazon-tam-match.dotomi.com 2 redirects
2 consent.api.osano.com cmp.osano.com
2 cd.connatix.com 2 redirects
2 protected-by.clarium.io www.chicagotribune.com
2 lb.eu-1-id5-sync.com cdn.id5-sync.com
2 a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com cmp.osano.com
2 www.google.ca www.chicagotribune.com
2 geo.privacymanager.io launchpad.privacymanager.io
2 htlb.casalemedia.com htlbid.com
2 bidder.criteo.com htlbid.com
2 aax.amazon-adsystem.com c.amazon-adsystem.com
2 ping.chartbeat.net www.chicagotribune.com
2 ib.3lift.com www.chicagotribune.com
cmp.osano.com
2 js.matheranalytics.com 1 redirects www.chicagotribune.com
2 tribune.blueconic.net r610.chicagotribune.com
cmp.osano.com
2 tags.remixd.com www.chicagotribune.com
tags.remixd.com
2 cdn.onesignal.com www.chicagotribune.com
cdn.onesignal.com
2 assets.zephr.com www.chicagotribune.com
2 static.chartbeat.com www.chicagotribune.com
2 cdn.confiant-integrations.net www.chicagotribune.com
cdn.confiant-integrations.net
2 htlbid.com www.chicagotribune.com
1 cds.taboola.com cdn.taboola.com
1 pips.taboola.com cdn.taboola.com
1 idr.cdnwidget.com
1 pix.cdnwidget.com 1 redirects
1 t.adx.opera.com
1 match.taboola.com
1 image6.pubmatic.com 1 redirects
1 rtb.gumgum.com 1 redirects
1 dis.criteo.com 1 redirects
1 rtb-csync.smartadserver.com
1 bh.contextweb.com
1 trace.mediago.io 1 redirects
1 ssbsync.smartadserver.com
1 tg.socdm.com 1 redirects
1 contextual-analytics.wunderkind.co assets.bounceexchange.com
1 pd.cdnwidget.com assets.bounceexchange.com
1 ids.cdnwidget.com assets.bounceexchange.com
1 p.flipp.com cdn-gateflipp.flippback.com
1 tags.rd.linksynergy.com 1 redirects
1 us-vid-events.taboola.com
1 us-match.taboola.com cmp.osano.com
1 imprnjmp.taboola.com cmp.osano.com
1 view.cdnbasket.net assets.bounceexchange.com
1 page.cdnbasket.net assets.bounceexchange.com
1 data.cdnbasket.net assets.bounceexchange.com
1 cdn-gateflipp.flippback.com cdn.taboola.com
1 sli.chicagotribune.com
1 pixel.keywee.co
1 rp4.liadm.com
1 rp.liadm.com 1 redirects
1 vidstat.taboola.com cmp.osano.com
1 sync.teads.tv
1 load77.exelator.com
1 googleads.g.doubleclick.net cmp.osano.com
1 mug.criteo.com
1 tag.wknd.ai cmp.osano.com
1 stags.bluekai.com 1 redirects
1 c.bing.com eb2.3lift.com
1 b-code.liadm.com cmp.osano.com
1 zn3mj4uj3nxslnmih-tribune.siteintercept.qualtrics.com cmp.osano.com
1 um.simpli.fi 1 redirects
1 dsum-sec.casalemedia.com www.chicagotribune.com
1 dsum.casalemedia.com 1 redirects
1 aax-eu.amazon-adsystem.com s.amazon-adsystem.com
1 pl.connatix.com cd.connatix.com
1 cks.connatix.com www.chicagotribune.com
1 onetag-sys.com cs-server-s2s.yellowblue.io
1 secure-assets.rubiconproject.com 1 redirects
1 pixel-eu.rubiconproject.com 1 redirects
1 secure.adnxs.com 1 redirects
1 ads.stickyadstv.com 1 redirects
1 odr.mookie1.com 1 redirects
1 contextual.media.net cs-server-s2s.yellowblue.io
1 sync.targeting.unrulymedia.com 1 redirects
1 ad.turn.com 1 redirects
1 crb.kargo.com s.amazon-adsystem.com
1 sync-amz.ads.yieldmo.com s.amazon-adsystem.com
1 ssbsync-us.smartadserver.com 1 redirects
1 s.ad.smaato.net 1 redirects
1 cs.media.net 1 redirects
1 pm-widget.taboola.com cmp.osano.com
1 sqs.us-east-1.amazonaws.com d15kdpgjg3unno.cloudfront.net
1 adservice.google.com cmp.osano.com
1 adservice.google.ca cmp.osano.com
1 c.go-mpulse.net s.go-mpulse.net
1 cdn.id5-sync.com cmp.osano.com
1 ams-pageview-public.s3.amazonaws.com www.chicagotribune.com
1 d15kdpgjg3unno.cloudfront.net cmp.osano.com
1 dyv1bugovvq1g.cloudfront.net htlbid.com
1 stats.g.doubleclick.net www.google-analytics.com
1 launchpad.privacymanager.io cmp.osano.com
1 p1.parsely.com www.chicagotribune.com
1 authenticate.chicagotribune.com cmp.osano.com
1 cdn.jwplayer.com tags.remixd.com
1 static.adsafeprotected.com www.chicagotribune.com
1 widget.perfectmarket.com cdn.taboola.com
1 cdn.sophi.io www.chicagotribune.com
1 launchpad-wrapper.privacymanager.io www.googletagmanager.com
1 cdn.parsely.com www.googletagmanager.com
1 dynpaywall-api-chicagotribune.ml.sophi.io www.chicagotribune.com
1 ssor.tribdss.com www.chicagotribune.com
1 embedcdn.sendtonews.com www.chicagotribune.com
1 embed.sendtonews.com 1 redirects
1 mab.chartbeat.com static.chartbeat.com
1 pubcast-files.remixd.com tags.remixd.com
1 s.go-mpulse.net www.chicagotribune.com
1 www.googletagmanager.com www.chicagotribune.com
1 s.ntv.io www.chicagotribune.com
562 209
Subject Issuer Validity Valid
tronc.web.arc-cdn.net
R3		 2023-03-17 -
2023-06-15		 3 months crt.sh
htlbid.com
Amazon RSA 2048 M01		 2023-02-21 -
2023-11-19		 9 months crt.sh
r610.chicagotribune.com
Amazon RSA 2048 M02		 2023-01-24 -
2024-02-23		 a year crt.sh
*.confiant-integrations.net
GTS CA 1P5		 2023-03-27 -
2023-06-25		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.ntv.io
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-24 -
2023-10-26		 a year crt.sh
*.chartbeat.com
Thawte RSA CA 2018		 2022-05-06 -
2023-06-03		 a year crt.sh
assets.zephr.com
Amazon RSA 2048 M02		 2023-03-29 -
2024-04-26		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
*.remixd.com
Amazon RSA 2048 M02		 2023-02-09 -
2024-03-09		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-05 -
2024-04-04		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.blueconic.net
Amazon RSA 2048 M02		 2023-02-28 -
2023-08-06		 5 months crt.sh
pubcast-files.remixd.com
GTS CA 1D4		 2023-03-28 -
2023-06-26		 3 months crt.sh
*.postrelease.com
Amazon RSA 2048 M01		 2023-03-01 -
2023-12-25		 10 months crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-12-08 -
2023-12-31		 a year crt.sh
www.trbimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-27 -
2023-05-30		 a year crt.sh
dynpaywall-api-chicagotribune.ml.sophi.io
Amazon RSA 2048 M01		 2023-03-01 -
2023-06-28		 4 months crt.sh
smoggysnakes.com
R3		 2023-04-11 -
2023-07-10		 3 months crt.sh
cmp.osano.com
Amazon RSA 2048 M02		 2023-02-21 -
2023-09-30		 7 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-02-28 -
2024-02-17		 a year crt.sh
*.parsely.com
Amazon RSA 2048 M01		 2023-02-24 -
2023-07-04		 4 months crt.sh
*.privacymanager.io
Amazon RSA 2048 M02		 2023-02-22 -
2023-09-24		 7 months crt.sh
cdn.sophi.io
Amazon RSA 2048 M02		 2023-02-28 -
2023-11-15		 9 months crt.sh
*.3lift.com
Amazon RSA 2048 M02		 2023-04-13 -
2024-05-11		 a year crt.sh
widget.perfectmarket.com
GlobalSign Atlas R3 DV TLS CA 2022 Q3		 2022-09-27 -
2023-10-29		 a year crt.sh
*.scorecardresearch.com
Amazon RSA 2048 M02		 2023-03-01 -
2024-01-28		 a year crt.sh
static.adsafeprotected.com
Amazon RSA 2048 M01		 2023-02-24 -
2023-09-04		 6 months crt.sh
jwplayer.com
Amazon RSA 2048 M02		 2023-03-01 -
2023-12-25		 10 months crt.sh
authenticate.baltimoresun.com
Amazon RSA 2048 M01		 2023-02-07 -
2023-10-09		 8 months crt.sh
*.news.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
zephr.sun-sentinel.com
Amazon RSA 2048 M02		 2023-02-28 -
2024-02-05		 a year crt.sh
*.chartbeat.net
Thawte RSA CA 2018		 2022-12-19 -
2023-12-30		 a year crt.sh
*.sophi.io
Amazon RSA 2048 M01		 2023-04-11 -
2024-05-10		 a year crt.sh
www.i.matheranalytics.com
Amazon RSA 2048 M01		 2023-03-02 -
2024-01-13		 10 months crt.sh
player-files.remixd.com
GTS CA 1D4		 2023-04-06 -
2023-07-05		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com
Amazon		 2022-06-15 -
2023-06-15		 a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1		 2022-06-13 -
2023-07-14		 a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-09 -
2023-06-03		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2023-02-13 -
2024-03-15		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-05 -
2024-04-03		 a year crt.sh
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-03-21 -
2023-12-19		 9 months crt.sh
www.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
Amazon RSA 2048 M02		 2022-12-27 -
2024-01-25		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-03-03 -
2024-02-19		 a year crt.sh
*.eu-1-id5-sync.com
R3		 2023-04-18 -
2023-07-17		 3 months crt.sh
queue.amazonaws.com
Amazon RSA 2048 M01		 2023-03-08 -
2024-03-07		 a year crt.sh
protected-by.clarium.io
Amazon RSA 2048 M01		 2022-12-16 -
2024-01-14		 a year crt.sh
*.id5-sync.com
R3		 2023-04-18 -
2023-07-17		 3 months crt.sh
*.api.osano.com
Amazon RSA 2048 M01		 2023-02-24 -
2023-09-26		 7 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2022-07-21 -
2023-08-21		 a year crt.sh
*.sharethrough.com
Amazon RSA 2048 M01		 2023-03-01 -
2023-08-12		 5 months crt.sh
*.ads.yieldmo.com
Amazon RSA 2048 M01		 2023-03-26 -
2024-04-23		 a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2023-04-04 -
2023-09-27		 6 months crt.sh
*.app.kargo.com
Amazon RSA 2048 M02		 2023-02-21 -
2024-01-18		 a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2		 2022-06-27 -
2023-06-05		 a year crt.sh
*.yellowblue.io
Amazon RSA 2048 M01		 2023-03-24 -
2024-04-21		 a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-24 -
2023-06-18		 3 months crt.sh
*.connatix.com
Go Daddy Secure Certificate Authority - G2		 2022-08-22 -
2023-09-23		 a year crt.sh
*.media.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-02-10 -
2024-02-18		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2022-12-28 -
2024-01-28		 a year crt.sh
aax-eu.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-01-27 -
2024-01-27		 a year crt.sh
*.qualtrics.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-27 -
2024-03-26		 a year crt.sh
*.sitescout.com
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2023-01-09 -
2024-02-02		 a year crt.sh
*.liadm.com
Amazon RSA 2048 M02		 2023-02-28 -
2024-01-30		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2023-03-07 -
2023-09-07		 6 months crt.sh
www.bing.com
Microsoft RSA TLS CA 02		 2023-02-16 -
2023-08-16		 6 months crt.sh
tag.wknd.ai
R3		 2023-03-25 -
2023-06-23		 3 months crt.sh
*.tapad.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-09-14 -
2023-10-15		 a year crt.sh
teads.tv
R3		 2023-02-21 -
2023-05-22		 3 months crt.sh
*.anyword.com
Amazon RSA 2048 M02		 2023-02-23 -
2023-08-03		 5 months crt.sh
assets.bounceexchange.com
GTS CA 1D4		 2023-03-26 -
2023-06-24		 3 months crt.sh
pixel.keywee.co
Amazon ECDSA 256 M01		 2023-02-01 -
2024-03-01		 a year crt.sh
sli.chicagotribune.com
R3		 2023-03-20 -
2023-06-18		 3 months crt.sh
*.flippback.com
Amazon RSA 2048 M02		 2023-02-27 -
2023-07-29		 5 months crt.sh
data.cdnbasket.net
GTS CA 1D4		 2023-03-23 -
2023-06-21		 3 months crt.sh
page.cdnbasket.net
GTS CA 1D4		 2023-03-23 -
2023-06-21		 3 months crt.sh
view.cdnbasket.net
GTS CA 1D4		 2023-03-22 -
2023-06-20		 3 months crt.sh
flipp.com
Amazon RSA 2048 M01		 2023-02-21 -
2023-09-28		 7 months crt.sh
ids.cdnwidget.com
R3		 2023-04-02 -
2023-07-01		 3 months crt.sh
pd.cdnwidget.com
R3		 2023-03-18 -
2023-06-16		 3 months crt.sh
*.bounceexchange.com
R3		 2023-04-10 -
2023-07-09		 3 months crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-01-21 -
2024-01-23		 a year crt.sh
*.contextweb.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-10 -
2024-05-09		 a year crt.sh
*.adx.opera.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-18 -
2023-06-18		 a year crt.sh
idr.cdnwidget.com
R3		 2023-03-18 -
2023-06-16		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-02-06 -
2023-05-07		 3 months crt.sh
ssp.behave.com
Sectigo RSA Domain Validation Secure Server CA		 2023-02-07 -
2024-02-07		 a year crt.sh

This page contains 58 frames:

Primary Page: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Frame ID: 798EE1942B94FF607043360904DA7FD0
Requests: 309 HTTP requests in this frame

Frame: https://cmp.osano.com/
Frame ID: F8BF068E4880AC54EB633F29C66E732B
Requests: 1 HTTP requests in this frame

Frame: https://cdn.jwplayer.com/libraries/FUtg69tL.js
Frame ID: 26E53E50EBE7615F547A612E40641F53
Requests: 7 HTTP requests in this frame

Frame: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: BAF9DC2FBEDB12468CA9D38B9943456B
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&dcc=t
Frame ID: D43B1B94D58AFA00746538C352FD87D1
Requests: 1 HTTP requests in this frame

Frame: https://news.google.com/swg/ui/v1/serviceiframe?_=1682815703356&publicationId=chicagotribune.com
Frame ID: FF80B8E0EBA5D2EBAAF486F89ED04730
Requests: 13 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Frame ID: E21038B9929BD9A2E71D5C6DE418CC2C
Requests: 3 HTTP requests in this frame

Frame: https://cmp.osano.com/
Frame ID: 5B195B5779E621DEC4D9F630D45CCDA4
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstoDeagW2cGgxqoKr7QMkQOvxj2h0mJzghgw77sCTyjtIhTV-fgpGz_n96LUVcG28zNfxtjUPH36nVIBEbxmCrFpfvt5n1TrKyRpdrUm7DZiwqoZiAse7QSLnF0dsS31CiHRTNhYKSHkyiiOE6d6-ns8x5Ij4VjX3McXL7gvP99YRW7MRJ-fef03nG4QJX76jBMsVZlGMt3Dd44q6x6eTMnQgP9M7nP-1IPeuL3jkwL3rMEJry9qrO2bvrtuKOMljaSlR3AYiO4vagIjmJClKtX3hXZC-v46UExGhnjzIMtdKAt9ZB7C-6hOPKYaY0xl54v142m7mWQPRtPOt4dhg&sai=AMfl-YTxGrEwT9rlXtw96uimmI9SVe4BN5oxkhwNxDaRxDoXw-Egk_Rovm6VEAuH83kDyxbHRJq31-fHt4qsN5A&sig=Cg0ArKJSzBxHFBafv4WZEAE&uach_m=[UACH]&adurl=
Frame ID: CE69E4616216BB3A841E51C7654F1C04
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssK9M3OEmlHc7vZJGmHWjYpEfH1hyfcTKCt6TCxAuDYcN51G8FFEetWcmyVBQpIKaqkPJFo59ULgoNIaA8DMgtlcBWKlQrfcww2RZRhLa-6llmtabDYKZIjmOgG_DKIq_6clPzq9FiiGtwx1RE8WDtqYPT6D6yC2qpwc-HpxjA3hPcGJ202PXMaczQMQaWol_ONB4Erxvu_7KVYm8TseWazWSAk-Erg8AqNx78P1ugCaers1B-gYOKau6r37_Fax4kuJuuVCPHisWcejFuwJmSl1zhuccYENrdiKixp66DmEbjgVPlKc5c6QbyGKlGXQugzm7SVuzND5n-358sAKwaEdg&sai=AMfl-YTU8MMTm8zcEUcVEztdAx08lrfuXEs_nQ29EMVZsF71mSWIQSaQaDz1NPBwMpSWBJnm-3Ul7h3WbFzK1KQ&sig=Cg0ArKJSzH8dX71MvrOOEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: A7840675932C90423ED77ACD38775C7D
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv31Ti0lufNXjdpxRDCbYUMHmGO3Yb60Qm0UpYWAdNnYO-rwkEtviqAQfOF0v8jVjb4gb9j-0MO6KqR1PBITRc1tUUJXKCB6kI3cNMrmKtC21vCunB_42aCmeBDkc9W5tyhFrSyCPKqYgY6FA33gtW0qQjX2w5Am2BI-EJJMgg1szpycMWeD-5IzIMwxaIk8fexpXxxex25DUSqY2XonX0hIOpClyx7m4iEZmQct1HjJ2svWVCg8P14lx48Ar3R-PHA3xYr-qE0NT6ArhFXv8r7vSLqmjDNMoiTaTzFBg_f1EO-GpgNAai2eGzHAh76C679UL4s6u_ODX3AGvTlac1EoA&sai=AMfl-YS6KKXXmDDzp8mRp7Dmc7ydrwqbyo94l3YInEv2htWw9Mp8Q-v_nc8kFL_zk54nvHWCKd6n8x52NqShb6c&sig=Cg0ArKJSzHc9nOWhJoyZEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: DC2CB90BFD5B9342C9122E8FFE99C47E
Requests: 6 HTTP requests in this frame

Frame: https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25&tier=1
Frame ID: BE67ECFD906F18867201FB51C3982DFD
Requests: 26 HTTP requests in this frame

Frame: https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Frame ID: 8D82849E33DFA966A5FD0C78E8E4A756
Requests: 16 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJTx6zAe6uAfSqdwlSoF9mNpL_naPRY_2Aog5N2aSFPJDK113yp2xm-K-b67EHppo11uzvJ0Wo9yFNElURkdFh-fj3m3o5d6q7sEqOx3ED1ryAcwNth6naFUrPb57vPPbIuf-Ec0HxR8RXhA62-qT3efW4ATme90bzD1Opfysxbz-32YqUmuKryRdtCZ_y7kttzGLEUxHGACVLTFpyDOG0x7eIlmt_zbO7OEf2NQb51lUPwx9MLZ9obEPX9WnNw_Pz7qOCG3rR1Vs0n4uLNnJPWEwwk4U8qg4vqCd_bKW5HD6Jmn5R2cuYh170PAE8vzMRbBgZWM0jY8ed81h-2Q&sai=AMfl-YSAzqyFbIfbEfpakSQ9w1PMDQtCJISj-OGgeL_5YETia_yPPE-MCIgwfcVMoJENui_VVg1dJprnpqSxzgU&sig=Cg0ArKJSzCCCWGuml404EAE&uach_m=[UACH]&adurl=
Frame ID: A28775181DAEE81C5DC3AD969E082935
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8fecJC3vj0IYJ3vK8zuuEj7_f-n7iVVZNLE27o5DKho_MoYk_Kem5JRZvo1VfjcC2Gowb1r8BlrPYB1BcQhRClMXiPf8yOAimhjXVym8AEw-a2RIzL5aGpuVpRaXNXY4zHIKwwOfSfD0Lm2iOSXe2j1aqqmjkxVMirm23zl_croyqv_GwsCFjDHqoS-QOcWZTuFrRBQmVSIUr0LuZMaDoXrYcu03DaTQXP9DAOw_nPPkfaDiUyR6hgXzoLGnWWbsm05GtOctoHOUMExrfgW5doVY3pnbaxjGljBecqp0WQDamOcMXUYlRIhh7cWcK9RcjaI0-q7fby3UcjXGrUw&sai=AMfl-YR34WejooU_mL65XEYNIP1pCbUtTDcw-2O2xCLKI-c1_bwzdiX5ufjDZkLUqGzlObIxEQ0ulQUHrQewg_0&sig=Cg0ArKJSzHIbCIoeWBvbEAE&uach_m=[UACH]&adurl=
Frame ID: 153210F6BB7DAAA193A7FEA782B24530
Requests: 8 HTTP requests in this frame

Frame: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 31B8A400BC70675246867C35B049C845
Requests: 7 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Frame ID: 9E7FCDC1DD551722C941EC13344FC3EC
Requests: 7 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1377982266721079385&gdpr=0&gdpr_consent=
Frame ID: 54B222F8A167570C3242FCBCF8797F7D
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAABwiddn3rhNgM08Y0sAAAAAAA&expiration=1682902104&is_secure=true&gdpr=0
Frame ID: CF0C137510122BF25192D69563003593
Requests: 1 HTTP requests in this frame

Frame: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Frame ID: 7DC9EFC82DACD7DEE979047B5DCA42AC
Requests: 6 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID&gdpr=0
Frame ID: 625A5CAAAE6A048A9206C5D3DC147C7E
Requests: 1 HTTP requests in this frame

Frame: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Frame ID: 5FCBDF0DAB8ECFA60240C58B68DF3F14
Requests: 7 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Frame ID: 4A445FA4EFD2BADE07CDBDA3CB93ABC1
Requests: 11 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS00Uk9kdmZCRTJ1SjBsSDZUbVlubko3YmxzRFdSU2kwdH5B&gdpr=0
Frame ID: 99FF005E3F631224079AFC20A88A5086
Requests: 1 HTTP requests in this frame

Frame: https://tlx.3lift.com/web/auction?inv_code=CHI_ARC_Desktop_business_article&referrer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&rev=1ed5450&fe=0&ft=0&cb=7244529181&gdpr=false
Frame ID: C6A2AD3E7C2C6DCC02DFBABE38134257
Requests: 1 HTTP requests in this frame

Frame: https://crb.kargo.com/api/v1/dinitsync?partners=A9
Frame ID: E1C6E8295543ED15283C3F395ED5698E
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?id=2057375735473623847&ex=appnexus.com&gdpr=0
Frame ID: E080946B7F8A7D99C3268A82E8F92ECA
Requests: 1 HTTP requests in this frame

Frame: https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Frame ID: 8029E73CD0326F639850941BB36BA2C8
Requests: 7 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Frame ID: 5AA13A18D349E0DE59B7AF5FDCF70E97
Requests: 10 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=2622586526323626602146
Frame ID: A4FA648B0411049302C73CF273FC5916
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
Frame ID: 2A3C01F88CAFD92298B1C057FB342D32
Requests: 3 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=69f48c2160c8113
Frame ID: E31F984406FBC5BE7A0A47E2F9409804
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
Frame ID: 6B1DE5E9D7B4B95A2C9120422FEB70CC
Requests: 5 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Frame ID: DAF07A39B4992EBA6BA43B46C4A8636C
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Frame ID: 0E558D64276FCAD8C5B3041B3B38CFB2
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Frame ID: 697F47449F987FC9AB627C4509DC791E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 9F432016178448FB574F1BA13C903593
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 59D2908B084652F85EB12D4813940290
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: ACBDFE9EE4A399E38E8D80FF461AAE11
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Frame ID: 14D80B873A6F7254E0B895457B917EDA
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Frame ID: 1F57828637DC48F697E76B0A8EEEB0F3
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Frame ID: 02E6B380F561A739604756321D8A32B3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 4C794EF4C8D19CC1564060A3DE4A86E5
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 84F5D7B3EE23D6204A78257555311924
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 6EE2D225213616BB10482992D121AC86
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Frame ID: C29EF9B73EB01C7667E6EB50C4DC1B8B
Requests: 11 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.chicagotribune.com&gdpr=0&gdpr_consent=
Frame ID: 98B0E0880CCBBDE0D652BF8A2A9158F3
Requests: 2 HTTP requests in this frame

Frame: https://pixel.sitescout.com/dmp/asyncPixelSync
Frame ID: 0480F6B7C160810447E07FD44C2310F0
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1C430810494FE9FB3B26008FEFE170EA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E3475F1F399E13ADB6A630FFBF66B950
Requests: 2 HTTP requests in this frame

Frame: https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=1190282
Frame ID: 603921C55DAFA10ED51A2A74C0C23BAA
Requests: 3 HTTP requests in this frame

Frame: https://imprnjmp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V8nR4CLAYgA64ib8xvXBBABlxF3pjfuCgAAABgYID-AImMNpOJbeRbi2yjiVs08q3cwtHKslZ4dqPRYmUaLWwbIyCR0WYysY18a5FtNHGLRr6VWzhaWdYKz240WqxMo4VtYwUfxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOGwQaoul0-Fz3et3vd9cYnR6Hz2-6PC2uu8uu8bv9EtfnaXd5Pn-N6S1xWt-av9lh-T3tJrfe8vTb3RrnxWX5vDyuy9P0fAsdHq_T7nNrLG7JYDJYTBarteLjM22tP-Nt9rMYnS6j7_kzuj5H02rt1pz-luddaHqb7QAAAADgwf___z8EAAAAgAgAAAAAEgAAAAAoBFT4tyBwAQAAAADD____vwYAkw0C0SEHhPbbTZeXw-wPAAAAACAAAAAASAAQ_MSVALB4XT7x_________x9jgD7zRsb_____DYUeAA8-AB6EAAAAXAxhPmQWLOZ4QCJCQFiEEQAAAIBKnMzcI5N0gopFlf___34rAFcAAAIOn0PVi7PoDkq8hQEAABAYs0APi99vdtg1frfL_P________-b-T_zj0aopn44jfAkir2aX0AAgDW_gAAAbNQNAMCbADhBh6AVg8HqDORoMDsAAAAAd_7____1gMzGtthMXKaFYbkbLUyrzXIwMQ6GC8tishwujMvtoQslSMIZTNTrEyIus9_3VlhOT4_Z5RYdXW-L59-gdAjig4ZhORkE8zNhi9FqMtksh7PlYjIYjoaj0f4MxGIyQBMxWC4nk8VktxqtRpvhbjQbLJBADCaIokWDyWo0miwmw9VospotF7vdBlG0ajUbbQbD1Wwy2-1Ww8FwORqhCVuMVpPJZjmcLReTwXA0HI2GCCZXi4nJsVqsRSvHbC1aWSZr4Wi4XIssk-VqsLItZp7NWvT6mC6m3WiwmniRYADkXiRPi3SiWi0nq5nDsJk4Rq6FabXYOAYLh3ExM848ppnFORFLNCeLdCK77Dsb22IzcZkWhuVutDCtNsvBxDgYLiyLyXK4MC73zdViYnKsFmvRyjFbi1aWyVo4Gi7XIstkuRqsbIuZZ7MWvT6mi2k3Gqwm_sZsOBkuVrvBbt-YDSfDxWo32O07dIbv6nM2Kh-_c0enuYr-znDNYVC4DBbvSnVaaQuSgzZ7FTldmpmyqDP6_X6_3-_3-_1-v0HrOZgNCt93aB2OI9ePM7v4HsQGhSKWCC7SiejytLjuLpPT5zQ9zG6N0elx-Pymy9PiurssYonSdJFO9BLX52l3eT5_jektcVrfmr_ZYfk97Sa33vL0290a58Vl-bw8rsvT9HwLHR6v0-5zayxuyWAyWEwWq7Xi4zNtrT_jbfazGJ0uo-_5M7o-R9Nq7dac_pbnXWh6my1iieB0kU5EL-Ppov4jhxgt56rZXLHazBXD1SoBAAAAAAAAAFiCSaabAAAAADgZyG64Ga7W6SBGw9luuVougIeyFl0_4yEdWIMl_MUae6yDLk-L6-4yOX1O08Ps1hidHofPb7o8La67y8oAHspYmG32GUGs1WpZAwAAEMAGAAAQwE033gSiQ3H_____4wAAAADIoQcAAEC_D-ip0AM3ar2QH0HuJsv9A1Ah1mq1ut1Yq9UC!&cmcv=&pix=undefined&cb=1682815709459&uv=3270&tms=1682815709459&abt=nonrv_vA!ntvc_vA!t45!testmsn_vB!ufm_vE&ft=0&su=6&unm=FEED_MANAGER&aure=false&agl=1&cirid=2432b6d7-d64b-4d7e-84e2-a37441e44a6c&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Frame ID: BD2A29EBEE5F1C7A99EBC38AC6B35955
Requests: 1 HTTP requests in this frame

Frame: https://us-match.taboola.com/sync?dast=V8nR4CLAYgA64ib8xvXBBABlxF3pjfuCgAAABgYID-AImMNpOJbeRbi2yjiVs08q3cwtHKslZ4dqPRYmUaLWwbIyCR0WYysY18a5FtNHGLRr6VWzhaWdYKz240WqxMo4VtYwUfxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOGwQaoul0-Fz3et3vd9cYnR6Hz2-6PC2uu8uu8bv9EtfnaXd5Pn-N6S1xWt-av9lh-T3tJrfe8vTb3RrnxWX5vDyuy9P0fAsdHq_T7nNrLG7JYDJYTBarteLjM22tP-Nt9rMYnS6j7_kzuj5H02rt1pz-luddaHqb7QAAAADgwf___z8EAAAAgAgAAAAAEgAAAAAoBFT4tyBwAQAAAADD____vwYAkw0C0SEHhPbbTZeXw-wPAAAAACAAAAAASAAQ_MSVALB4XT7x_________x9jgD7zRsb_____DYUeAA8-AB6EAAAAXAxhPmQWLOZ4QCJCQFiEEQAAAIBKnMzcI5N0gopFlf___34rAFcAAAIOn0PVi7PoDkq8hQEAABAYs0APi99vdtg1frfL_P________-b-T_zj0aopn44jfAkir2aX0AAgDW_gAAAbNQNAMCbADhBh6AVg8HqDORoMDsAAAAAd_7____1gMzGtthMXKaFYbkbLUyrzXIwMQ6GC8tishwujMvtoQslSMIZTNTrEyIus9_3VlhOT4_Z5RYdXW-L59-gdAjig4ZhORkE8zNhi9FqMtksh7PlYjIYjoaj0f4MxGIyQBMxWC4nk8VktxqtRpvhbjQbLJBADCaIokWDyWo0miwmw9VospotF7vdBlG0ajUbbQbD1Wwy2-1Ww8FwORqhCVuMVpPJZjmcLReTwXA0HI2GCCZXi4nJsVqsRSvHbC1aWSZr4Wi4XIssk-VqsLItZp7NWvT6mC6m3WiwmniRYADkXiRPi3SiWi0nq5nDsJk4Rq6FabXYOAYLh3ExM848ppnFORFLNCeLdCK77Dsb22IzcZkWhuVutDCtNsvBxDgYLiyLyXK4MC73zdViYnKsFmvRyjFbi1aWyVo4Gi7XIstkuRqsbIuZZ7MWvT6mi2k3Gqwm_sZsOBkuVrvBbt-YDSfDxWo32O07dIbv6nM2Kh-_c0enuYr-znDNYVC4DBbvSnVaaQuSgzZ7FTldmpmyqDP6_X6_3-_3-_1-v0HrOZgNCt93aB2OI9ePM7v4HsQGhSKWCC7SiejytLjuLpPT5zQ9zG6N0elx-Pymy9PiurssYonSdJFO9BLX52l3eT5_jektcVrfmr_ZYfk97Sa33vL0290a58Vl-bw8rsvT9HwLHR6v0-5zayxuyWAyWEwWq7Xi4zNtrT_jbfazGJ0uo-_5M7o-R9Nq7dac_pbnXWh6my1iieB0kU5EL-Ppov4jhxgt56rZXLHazBXD1SoBAAAAAAAAAFiCSaabAAAAADgZyG64Ga7W6SBGw9luuVougIeyFl0_4yEdWIMl_MUae6yDLk-L6-4yOX1O08Ps1hidHofPb7o8La67y8oAHspYmG32GUGs1WpZAwAAEMAGAAAQwE033gSiQ3H_____4wAAAADIoQcAAEC_D-ip0AM3ar2QH0HuJsv9A1Ah1mq1ut1Yq9UC!&excid=22&docw=0&cijs=1&nlb=false
Frame ID: A4AC84C59CF1EAF281C03579D144E323
Requests: 1 HTTP requests in this frame

Frame: https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Frame ID: 1ADE4B95293621B0E27787FCBC721D59
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Frame ID: DF9CA08A3639494A0F46BEE8C842100C
Requests: 1 HTTP requests in this frame

Frame: https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZE2638Co8XkAAML5hg4AAAAA
Frame ID: 74395CDAAA7EB8F65BE9ECB5673FCAA1
Requests: 23 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 74DC7555B5E181CF36801486DE2D2228
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 2967B51B2E9C97FB75E93A8C5FEB6A65
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Was my workplace hit by SolarWinds hack? And four more cybersecurity questions answered. – Chicago TribuneGroup 3Group 3Group 3Group 3

Detected technologies

Overall confidence: 100%
Detected patterns
  • backbone.*\.js
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • chartbeat\.js
Overall confidence: 100%
Detected patterns
  • tpc\.googlesyndication\.com/safeframe
Overall confidence: 100%
Detected patterns
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • <iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

562
Requests

84 %
HTTPS

28 %
IPv6

110
Domains

209
Subdomains

134
IPs

9
Countries

12371 kB
Transfer

33877 kB
Size

208
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 37
  • https://embed.sendtonews.com/player3/embedcode.js?fk=&cid=4591 HTTP 302
  • https://embedcdn.sendtonews.com/easy-stn-player/7.15.2/embed.js
Request Chain 39
  • https://www.tribdss.com/meter/chiarc.min.js HTTP 302
  • https://www.tribdss.com/meter/chiarc.min.js?disabled=international
Request Chain 54
  • https://js.matheranalytics.com/s/ma89701/197837611/fusion/ml.js?cb=1623 HTTP 301
  • https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js
Request Chain 55
  • https://sb.scorecardresearch.com/b?c1=2&c2=6036462&ns__t=1682815701994&ns_c=UTF-8&c8=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&c7=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6036462&ns__t=1682815701994&ns_c=UTF-8&c8=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&c7=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&c9=
Request Chain 74
  • https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js HTTP 302
  • https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international
Request Chain 141
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&dcc=t
Request Chain 182
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3258173041455315000V10
Request Chain 183
  • https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f963f79e
Request Chain 184
  • https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25 HTTP 302
  • https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25&tier=1
Request Chain 185
  • https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25 HTTP 302
  • https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Request Chain 200
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0 HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Request Chain 201
  • https://ssbsync-us.smartadserver.com/api/sync?callerId=2&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1377982266721079385&gdpr=0&gdpr_consent=
Request Chain 202
  • https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&gdpr=0 HTTP 302
  • https://amazon-tam-match.dotomi.com/match/bounce/current?DotomiTest=5e8b0011fb480579&is_secure=true&networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAABwiddn3rhNgM08Y0sAAAAAAA&expiration=1682902104&is_secure=true&gdpr=0
Request Chain 214
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&gdpr=0 HTTP 302
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&gdpr=0&verify=true HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS00Uk9kdmZCRTJ1SjBsSDZUbVlubko3YmxzRFdSU2kwdH5B&gdpr=0
Request Chain 221
  • https://match.adsrvr.org/track/cmf/openx?oxid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0 HTTP 302
  • https://match.adsrvr.org/track/cmb/openx?oxid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0&gdpr_consent=
Request Chain 223
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBGH5i5MHpjVTKuy0DyUM9E&google_cver=1
Request Chain 230
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid=%24UID&ex=appnexus.com&gdpr=0 HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.amazon-adsystem.com%252Fecm3%253Fid%3D%2524UID%26ex%3Dappnexus.com%26gdpr%3D0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=2057375735473623847&ex=appnexus.com&gdpr=0
Request Chain 231
  • https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0 HTTP 301
  • https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0 HTTP 302
  • https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Request Chain 237
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1 HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
Request Chain 238
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
Request Chain 239
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3 HTTP 302
  • https://ssum.casalemedia.com/usermatchredir?s=186046&cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__ HTTP 302
  • https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__&s=186046&C=1 HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZE262cpVGI6SOURNEZz7UQAA%263874
Request Chain 240
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
Request Chain 241
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=2622586526323626602146
Request Chain 249
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=yieldmo&ttd_tpi=1&ttd_puid=g1a81a5dc82040b80225 HTTP 302
  • https://ads.yieldmo.com/v000/sync?tdid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
Request Chain 250
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=yieldmo HTTP 302
  • https://ads.yieldmo.com/sync?pn_id=rc&id=LH2P0QKU-2-6DRE
Request Chain 251
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&redir%3Dhttps%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&zcc=1&cb=1682815705436 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&rndcb=8780902029 HTTP 302
  • https://sync.1rx.io/usersync/turn/9012708831746626512?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005?redir=https%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3DRX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005 HTTP 302
  • https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005
Request Chain 252
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo_dbm&google_cm&pn_id=c HTTP 302
  • https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEA-I9OIVttMPknyavrrZscA&google_cver=1
Request Chain 253
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3107&partner_device_id=g1a81a5dc82040b80225 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3107&partner_device_id=g1a81a5dc82040b80225 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d%252C%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d%2C%2C
Request Chain 256
  • https://ups.analytics.yahoo.com/ups/58760/sync?redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://cs.yellowblue.io/cs?aid=11591&id=y-wiil5XpE2uJT7Q.as3tfa1EQfogf9Y4V~A&gdpr_in_effect=0
Request Chain 257
  • https://x.bidswitch.net/sync?ssp=rise&gdpr=0&gdpr_consent=&user_id=MQBx5Setkp_s HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=rise&gdpr=0&gdpr_consent=&user_id=MQBx5Setkp_s HTTP 302
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=a1dcee34-06ed-41fc-ab2a-7213bef84e56&ssp=rise&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10615336166152231890&ssp=rise&gdpr=0&gdpr_consent= HTTP 302
  • https://cs.yellowblue.io/cs?aid=11582&id=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Request Chain 258
  • https://sync.go.sonobi.com/us?gdpr=0&consent_string=&loc=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D115667%26uid%3D%5BUID%5D HTTP 302
  • https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=88c28147-94c7-4e7d-9a26-15053fd109c9
Request Chain 259
  • https://match.sharethrough.com/universal/v1?supply_id=5926d422&gdpr=0&gdpr_consent= HTTP 302
  • https://cs.yellowblue.io/cs?aid=11587&uid=4cdf8cfa-855b-4551-bc8a-ef308856dc98&gdpr=0
Request Chain 260
  • https://ads.stickyadstv.com/user-matching?id=3663&gdpr=0&gdpr_consent= HTTP 302
  • https://cs.yellowblue.io/cs?aid=11601&id=f2a760e63e1ef2affb269349926758e&gdpr_consent=&gdpr=0
Request Chain 261
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjY0NENDOUQtNkM2QS00MzQ2LTg0NjgtQUFGNzA3QjZCQTdD&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cs-server-s2s.yellowblue.io/cs?aid=11576&id=B644CC9D-6C6A-4346-8468-AAF707B6BA7C
Request Chain 262
  • https://us-u.openx.net/w/1.0/cm?id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D HTTP 302
  • https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=ff8d8e9f-a28c-078d-3390-6d64e4b8eac4
Request Chain 266
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=12&3pid=2057375735473623847&gdpr=0&gdpr_consent=
Request Chain 267
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=83&3pid=LH2P0QKU-2-6DRE&gdpr=0
Request Chain 268
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent= HTTP 302
  • https://ce.lijit.com/merge?pid=87&3pid=21de76f5-f82f-4771-9300-4712dea36918
Request Chain 269
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R2tJUVVQWkhhYm5wNGd6VFNsNmRvVExO&gdpr=0
Request Chain 270
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent= HTTP 303
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
  • https://ce.lijit.com/merge?pid=85&3pid=AAEPr07Im3YAACf-TdAY8g&gdpr=0
Request Chain 271
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=rise_engage&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
Request Chain 281
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gapzaid&ttd_tpi=1 HTTP 302
  • https://cks.connatix.com/cks?pid=19&uid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttl=1685407705
Request Chain 282
  • https://id.rlcdn.com/712202.gif?cparams=6d207b272f1046079e5d5b8b40620389 HTTP 307
  • https://id.rlcdn.com/1000.gif?memo=CIq8KxoNCNn1tqIGEgUI6AcQAEIASiA2ZDIwN2IyNzJmMTA0NjA3OWU1ZDViOGI0MDYyMDM4OQ
Request Chain 283
  • https://us-u.openx.net/w/1.0/cm?id=7cf4c6c4-b915-4cbd-83cc-28c0f662a829&ph=51e220cb-8c97-4a65-b047-91c933b79b78&r=https%3a%2f%2fcapi.connatix.com%2fcore%2fus%3fDemandPartner%3d8%26UserId%3d6d207b272f1046079e5d5b8b40620389%26DemandPartnerName%3dOpenX%26tier%3d1%26DemandPartnerUserId%3d HTTP 302
  • https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=1&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
Request Chain 295
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&gdpr=0&gdpr=0&khaos=LH2P0QKU-2-6DRE HTTP 302
  • https://s.amazon-adsystem.com/ecm3?id=LH2P0QKU-2-6DRE&ex=d-rubiconproject.com&status=ok&gdpr=0
Request Chain 301
  • https://us-u.openx.net/w/1.0/cm?id=7cf4c6c4-b915-4cbd-83cc-28c0f662a829&ph=51e220cb-8c97-4a65-b047-91c933b79b78&r=https%3a%2f%2fcapi.connatix.com%2fcore%2fus%3fDemandPartner%3d8%26UserId%3d6d207b272f1046079e5d5b8b40620389%26DemandPartnerName%3dOpenX%26tier%3d2%26DemandPartnerUserId%3d HTTP 302
  • https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=2&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
Request Chain 321
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=S1BuzJ5bT5eMX2P-4-yMQw&rk=usync-na&gdpr=0 HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=S1BuzJ5bT5eMX2P-4-yMQw&gdpr=0
Request Chain 322
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEPX-ohUW4Y2rUrlK0sJynYU&google_cver=1
Request Chain 323
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MWQ5OTU4Yjc0ZGQ0MzMyZThiYTlhOTkzNmI3ZjU0YzE4ZmE2OWY2Mw&gdpr=0
Request Chain 324
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH2P0QKU-2-6DRE&gdpr=0
Request Chain 325
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=&expires=30
Request Chain 326
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEgyUDBRS1UtMi02RFJF&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&gdpr=0&google_gid=CAESEBuyMmAxsZXUyZ5xf56Sjmw&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEgyUDBRS1UtMi02RFJF&google_push=&gdpr=0
Request Chain 327
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/x8snkhBPbf4Vf0yAG-3tXw?csrc=&gdpr=0 HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-yFoy_UZE2oJS0RoiRGoNhdSlB1zWAyJJJESKGQ--~A
Request Chain 344
  • https://eb2.3lift.com/sync?px=1&src=prebid&us_privacy=1---& HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3658&xuid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&dongle=0cfd&gdpr=0&gdpr_consent=
Request Chain 345
  • https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=948336&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=bi9sRiiwWD1K7xIXMFDTrZU4mbk
Request Chain 346
  • https://image8.pubmatic.com/AdServer/ImgSync?p=162936&us_privacy=1--- HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=-1&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=-1&gdpr_consent=&piggybackCookie=CAESEBX7bZCPMczGH7PDFrP6jTI&google_cver=1 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:13B0F7F62BE143D5B1F3A679AEFAE476 HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Request Chain 364
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=rise_engage&khaos=LH2P0QKU-2-6DRE HTTP 302
  • https://cs.yellowblue.io/cs?aid=11590&id=LH2P0QKU-2-6DRE
Request Chain 386
  • https://cdn.keywee.co/dist/analytics.min.js HTTP 301
  • https://cdn.keywee.co/dist/analytics-1.5.12.min.js
Request Chain 389
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MjYyMjU4NjUyNjMyMzYyNjYwMjE0Ng%3D%3D HTTP 302
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Request Chain 390
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEH2PAsQWtZfklp7eaEanq6w&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Request Chain 391
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MjYyMjU4NjUyNjMyMzYyNjYwMjE0Ng%3D%3D
Request Chain 393
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=2622586526323626602146&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=b675a3f7-4c92-4683-8d39-1d5f7770a480&ssp=triplelift&expires=30&user_group=5&bsw_param=a1dcee34-06ed-41fc-ab2a-7213bef84e56 HTTP 302
  • https://eb2.3lift.com/xuid?mid=2409&xuid=a1dcee34-06ed-41fc-ab2a-7213bef84e56&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 395
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/2622586526323626602146?gdpr=0&gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-3xT8OhBE2oQ6GBkHxQDUYjmq1tmg7QgUlpMlPY5Kcg--~A&dongle=0883
Request Chain 396
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent= HTTP 302
  • https://stags.bluekai.com/site/23178?id=XOqUeEAtuZ0MzgQqZr29&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5LBHXCVLFIVAXI5K2GBGXUZ2ROFNHEMRZ&gdpr=0 HTTP 302
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5LBHXCVLFIVAXI5K2GBGXUZ2ROFNHEMRZ HTTP 302
  • https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=XOqUeEAtuZ0MzgQqZr29
Request Chain 397
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent= HTTP 302
  • https://eb2.3lift.com/xuid?mid=3335&xuid=2057375735473623847&dongle=4d58&gdpr=0&gdpr_consent=
Request Chain 403
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=chicagotribune.com&sn=ChromeSyncframe&so=0&topUrl=www.chicagotribune.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=9buIAXxpYm53N2l1Szg0N2k2RmlUbk5KUU9XTllXL0JaM0s2WWgvM0dRWWpYZ0YrMFdmRWRWQW84T0pyMGthZVpMdlJTSWw1dnJxOHVTZ2h5NkxobU1GRXNxRE1hOXJSbFRMRDdrQzVTbzJacEpYR3FOeFVSMWFlb0F0Ry9jbWVuU1Y4aWE1WTRlS1pmK2Vab3lDMk9mL2wvVVNDZTYweGQxMFJ5TUZGOWh0NEErcGhxVFo0eWtuU1I5Mm40L2NraTgzUzUrRDJSa2xEMDR1WVlqT1FUZ25PV2dkNUxBUUxMMFVLUXFnQzRmcXkxZFgzcDd0S0ttN01CT1RGaGltN1E2dUZzeHNvbzdscjArVmdHTDk2dWFYU3VrbXFBeWZOd21naWdqZEI1dEsraU45RT18&cppv=2
Request Chain 406
  • https://dpm.demdex.net/ibs:dpid=82530&dpuuid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent= HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
Request Chain 408
  • https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent= HTTP 302
  • https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=&xl8blockcheck=1 HTTP 302
  • https://load77.exelator.com/pixel.gif
Request Chain 410
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=&ct=y
Request Chain 411
  • https://sb.scorecardresearch.com/c2/6036462/cs.js HTTP 302
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
Request Chain 434
  • https://rp.liadm.com/j?dtstmp=1682815708761&aid=a-01d0&se=e30&duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&tna=v2.7.1&pu=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&us_privacy=1---&wpn=lc-bundle&gdpr=0&c=PHRpdGxlPldhcyBteSB3b3JrcGxhY2UgaGl0IGJ5IFNvbGFyV2luZHMgaGFjaz8gQW5kIGZvdXIgbW9yZSBjeWJlcnNlY3VyaXR5IHF1ZXN0aW9ucyBhbnN3ZXJlZC4g4oCTIENoaWNhZ28gVHJpYnVuZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkdvdmVybm1lbnRzIGFuZCBtYWpvciBjb3Jwb3JhdGlvbnMgd29ybGR3aWRlIGFyZSBzY3JhbWJsaW5nIHRvIHNlZSBpZiB0aGV5LCB0b28sIHdlcmUgdmljdGltcyBvZiBhIGdsb2JhbCBjeWJlcmVzcGlvbmFnZSBjYW1wYWlnbiB0aGF0IHBlbmV0cmF0ZWQgbXVsdGlwbGUgVS5TLiBnb3Zlcm5tZW50IGFnZW5jaWVzLiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vd3d3LmNoaWNhZ290cmlidW5lLmNvbS9idXNpbmVzcy9jdC1iaXotc29sYXJ3aW5kLW9yaW9uLWN5YmVyc2VjdXJpdHktaGFja2luZy1jYi0yMDIwMTIxNS1xY2c0a3pneDZ2Z2JoaWVod3lnaHVzaDQ1bS1zdG9yeS5odG1sIj48aDEgY2xhc3M9InByaW1hcnktZm9udF9fUHJpbWFyeUZvbnRTdHlsZXMtbzU2eWQ1LTAgZ1ZCTXBpIGhlYWRsaW5lIj5XYXMgbXkgd29ya3BsYWNlIGhpdCBieSBTb2xhcldpbmRzIGhhY2s_IEFuZCBmb3VyIG1vcmUgY3liZXJzZWN1cml0eSBxdWVzdGlvbnMgYW5zd2VyZWQuPC9oMT4 HTTP 302
  • https://rp4.liadm.com/j?dtstmp=1682815708761&aid=a-01d0&se=e30&duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&tna=v2.7.1&pu=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&us_privacy=1---&wpn=lc-bundle&gdpr=0&c=PHRpdGxlPldhcyBteSB3b3JrcGxhY2UgaGl0IGJ5IFNvbGFyV2luZHMgaGFjaz8gQW5kIGZvdXIgbW9yZSBjeWJlcnNlY3VyaXR5IHF1ZXN0aW9ucyBhbnN3ZXJlZC4g4oCTIENoaWNhZ28gVHJpYnVuZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkdvdmVybm1lbnRzIGFuZCBtYWpvciBjb3Jwb3JhdGlvbnMgd29ybGR3aWRlIGFyZSBzY3JhbWJsaW5nIHRvIHNlZSBpZiB0aGV5LCB0b28sIHdlcmUgdmljdGltcyBvZiBhIGdsb2JhbCBjeWJlcmVzcGlvbmFnZSBjYW1wYWlnbiB0aGF0IHBlbmV0cmF0ZWQgbXVsdGlwbGUgVS5TLiBnb3Zlcm5tZW50IGFnZW5jaWVzLiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vd3d3LmNoaWNhZ290cmlidW5lLmNvbS9idXNpbmVzcy9jdC1iaXotc29sYXJ3aW5kLW9yaW9uLWN5YmVyc2VjdXJpdHktaGFja2luZy1jYi0yMDIwMTIxNS1xY2c0a3pneDZ2Z2JoaWVod3lnaHVzaDQ1bS1zdG9yeS5odG1sIj48aDEgY2xhc3M9InByaW1hcnktZm9udF9fUHJpbWFyeUZvbnRTdHlsZXMtbzU2eWQ1LTAgZ1ZCTXBpIGhlYWRsaW5lIj5XYXMgbXkgd29ya3BsYWNlIGhpdCBieSBTb2xhcldpbmRzIGhhY2s_IEFuZCBmb3VyIG1vcmUgY3liZXJzZWN1cml0eSBxdWVzdGlvbnMgYW5zd2VyZWQuPC9oMT4&i6=MjYwNzo1MzAwOjYwOjc4Njc6OjU%3D
Request Chain 468
  • https://idsync.rlcdn.com/712559.gif?partner_uid=583ab674-6fe5-494f-a817-3590f54b5a1e HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=42eae8c0364e1ba2252cb74eb667ac0370e7d069f1de5697cd59b324f922ba86791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA0MmVhZThjMDM2NGUxYmEyMjUyY2I3NGViNjY3YWMwMzcwZTdkMDY5ZjFkZTU2OTdjZDU5YjMyNGY5MjJiYTg2NzkxNDI2YjU0MTdkY2UyMRAAGgwI3fW2ogYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA0MmVhZThjMDM2NGUxYmEyMjUyY2I3NGViNjY3YWMwMzcwZTdkMDY5ZjFkZTU2OTdjZDU5YjMyNGY5MjJiYTg2NzkxNDI2YjU0MTdkY2UyMRAAGgwI3fW2ogYSBAgCEABCAEoA&google_gid=CAESEEhsIGV5qSTpeNKD9IFKGrU&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=31b85c5a-f9d3-40bf-a2d8-6efacc430c36
Request Chain 480
  • https://www.chicagotribune.com/news/trending/rss2.0.xml HTTP 301
  • https://www.chicagotribune.com/arcio/rss/category/news/?query=display_date:[now-2d+TO+now]&sort=display_date:desc
Request Chain 484
  • https://ssp.behave.com/push_sync HTTP 302
  • https://ssp.behave.com/ul_cb/push_sync HTTP 302
  • https://x.bidswitch.net/sync?ssp=bouncex HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=bouncex&ssp_user_id=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-fU5q8cVE2pnuWk7T1QspXLTPuG63iCRbR67iIA--~A&expires=5&ssp=bouncex HTTP 302
  • https://ssp.behave.com/sync?tp_id=2&tp_uid=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Request Chain 485
  • https://tg.socdm.com/aux/idsync?proto=taboola HTTP 302
  • https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZE2638Co8XkAAML5hg4AAAAA
Request Chain 486
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__ HTTP 302
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__&nut&uu=d869b54ccab04b5baa58b7f506359e97 HTTP 302
  • https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=d869b54ccab04b5baa58b7f506359e97
Request Chain 488
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698 HTTP 302
  • https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LH2P0QKU-2-6DRE
Request Chain 489
  • https://pr-bh.ybp.yahoo.com/sync/taboola/951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b?gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-qSY5rJJE2oRmm1LI09Aif.jacYofeHmrSFUD5g--~A
Request Chain 490
  • https://trace.mediago.io/ju/cs/taboola HTTP 302
  • https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=cdcffae259db33cb412d304d23e28422
Request Chain 491
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc HTTP 302
  • https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOOWumc1X52Forba5JeBCo0&google_cver=1
Request Chain 493
  • https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
Request Chain 494
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1 HTTP 302
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
Request Chain 498
  • https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40 HTTP 302
  • https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=0e60229e-926f-4cde-b7af-ad91bdf1b7a9
Request Chain 499
  • https://id5-sync.com/s/464/9.gif?puid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%7BID5UID%7D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/k/264.gif?puid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttl=%%TTL%% HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-74afF8fPa0yiuY1UfHK12YSZDVY9jmwlbI_gI1kD8w&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F3%2F5%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/3/5/3.gif?puid=9e4d644d-bade-4000-a5ba-c59d1cfc5859&gdpr=0&gdpr_consent= HTTP 302
  • https://uipglob.semasio.net/id5/1/get?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F4%2F4.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://uipglob.semasio.net/id5/1/get2?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F4%2F4.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://id5-sync.com/c/464/112/4/4.gif?puid=A6C4AA1734A55FFE&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F434%2F3%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&consent= HTTP 302
  • https://id5-sync.com/c/464/434/3/5.gif?puid=88c28147-94c7-4e7d-9a26-15053fd109c9&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F441%2F2%2F6.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/441/2/6.gif?puid=u_2f73db70-2d95-4e61-846d-b976d5f472ce&gdpr=0&gdpr_consent= HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F429%2F1%2F7.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0 HTTP 302
  • https://id5-sync.com/c/464/429/1/7.gif?puid=B644CC9D-6C6A-4346-8468-AAF707B6BA7C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F0%2F8.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
  • https://id5-sync.com/c/464/108/0/8.gif?puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-74afF8fPa0yiuY1UfHK12YSZDVY9jmwlbI_gI1kD8w
Request Chain 500
  • https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dtaboola%26bsw_param%3Da1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=80&user_id=9e4d644d-bade-4000-a5ba-c59d1cfc5859&expires=30&ssp=taboola&bsw_param=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent= HTTP 302
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Request Chain 501
  • https://rtb.mfadsrvr.com/sync?ssp=taboola HTTP 302
  • https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=21de76f5-f82f-4771-9300-4712dea36918 HTTP 302
  • https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=21de76f5-f82f-4771-9300-4712dea36918&tbid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&query=taboola_hm%3D21de76f5-f82f-4771-9300-4712dea36918&isDirect=0
Request Chain 504
  • https://sync.srv.stackadapt.com/sync?nid=140 HTTP 302
  • https://sync.taboola.com/sg/stackadaptrtb-network/1/rtb-h?taboola_hm=bi9sRiiwWD1K7xIXMFDTrZU4mbk
Request Chain 505
  • https://x.bidswitch.net/sync?dsp_id=453&user_id=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent=&gdpr_pd=
Request Chain 507
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Frtb-h%2F%3Fgdpr%3D0%26us_privacy%3D1---%26orig%3Dvideo%26taboola_hm%3D HTTP 302
  • https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=90b7712a-9f62-0b9f-0a79-3070646c9a33
Request Chain 512
  • https://pix.cdnwidget.com/redirect?CID=2P7ks0LyxTVAOulQT8uAgY3RlaU&DID=2P7ks0ERZC4tMARB0iytZqK8Eps&v=&iv=&deviceid=4762296757293307742&visitid=1682815710361968&wsid=2051&apikey=2^HIykD HTTP 302
  • https://pippio.com/api/sync?pid=5749

562 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
www.chicagotribune.com/business/ 		176 KB
41 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
536f0eb5f25ee45093d28607b62fcdca94e5a1addfc8bbc3e3fa5cd300558664
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

akamai-true-ttl
-1
cache-control
private, max-age=60
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=utf-8
date
Sun, 30 Apr 2023 00:48:21 GMT
etag
W/"2ace5-N6U/y4bl5bDHYxneIoUB5ipwH8Q"
expires
Sun, 30 Apr 2023 00:49:21 GMT
last-modified
Sun, 30 Apr 2023 00:48:21 GMT
server
openresty
server-timing
cdn-cache; desc=MISS edge; dur=81 origin; dur=466 ak_p; desc="467448_1753117837_286606028_54746_7246_17_0";dur=1
vary
Accept-Encoding
x-akamai-transformed
9 39169 0 pmb=mRUM,2
x-arc-pb-request-id
a2cf8c56-b169-4e95-ac5f-85a7e2082468
x-arc-request-id
0.8d747e68.1682815700.111542cc
x-edgeconnect-cache-status
1
htlbid.css
htlbid.com/v3/chicagotribune.com/ 		470 B
856 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://htlbid.com/v3/chicagotribune.com/htlbid.css
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-66.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
def6a9d822627b0ea4a61278103db2436736304a64d6c3efb2557984528f8f25

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
via
1.1 7c972d2210a2e2f3fddbb92b4c35f72e.cloudfront.net (CloudFront)
last-modified
Sun, 26 Mar 2023 23:06:22 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
x-amz-server-side-encryption
AES256
etag
"2052e0db26785bd18c4db0edc6ca8eee"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/css
cache-control
max-age=600
accept-ranges
bytes
content-length
470
x-amz-cf-id
UScn8ZoAAgcPt6nvDjSlgf9hJjgKXopth-i31ByPQV1xzkX6Iu6blA==
htlbid.js
htlbid.com/v3/chicagotribune.com/ 		395 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://htlbid.com/v3/chicagotribune.com/htlbid.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-66.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
469b0ff156c18c16dd7215b37071dfa0d25a5d6c47c7fbfbd934278c8541711b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
br
via
1.1 7c972d2210a2e2f3fddbb92b4c35f72e.cloudfront.net (CloudFront)
last-modified
Sun, 26 Mar 2023 23:06:22 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
x-amz-server-side-encryption
AES256
etag
W/"da73217d5e277a1732110e030aa620ae"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=600
x-amz-cf-id
kigI7loojigVUu__AM5I4f1N8hbIyQD-bZzkm7-196lDiTAPFnHNHw==
script.js
r610.chicagotribune.com/ 		135 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/script.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
fcb226af8bd0735793750ab824a43ec7ab374dccc155acfc4ccc33bf234fdc9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:42:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
age
363
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
41464
x-xss-protection
1; mode=block
last-modified
Sun, 30 Apr 2023 00:40:45 GMT
server
-
etag
57da261d3722fe008974b2d29f48d3d8
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=600
x-robots-tag
noindex, nofollow
x-amz-cf-id
h7UrnUXePKN54PJwYVIpKQiI-NrU-Y29XU9NjQJRoKWrJz3owtZyKA==
expires
Sun, 30 Apr 2023 00:52:18 GMT
config.js
cdn.confiant-integrations.net/lN3nDI7DXG9pAWAqmfHN769SKz8/gpt_and_prebid/ 		100 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/lN3nDI7DXG9pAWAqmfHN769SKz8/gpt_and_prebid/config.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:99f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03ce1ec16e7118353eeeac07435471e0396642e2caf2af748433992b02652825

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 30 Apr 2023 00:21:31 GMT
server
cloudflare
x-amz-request-id
X2S9HR87W9TDA9X1
age
115
etag
W/"2d072c25f537ae515eeb20069a81569b"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
7bfbc7555cf84bbf-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
Y76g0FnVI8b4/05ByY9wV8gvHV0mmFe8FOaCxDZSJYMfx2uI8ZjAbz+XK2rlK24bVZOAkfFauR+0Z26hz5lD+g==
react.js
www.chicagotribune.com/pf/dist/engine/ 		337 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.chicagotribune.com/pf/dist/engine/react.js?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
0afd5c2b1228ae8faed1576b994996c1de16cebc735fb1c70b0a8ae1dc6a94d2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NXJ1WV8KT1A4TP
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.111543c9
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606281_782_6282_17_0";dur=1
content-length
102126
x-amz-id-2
DEPpz+qTDyYpSAAtRdeZyJF/K5SXYpeMDnbiv6Uph7oyKjyxkGM2MAEsUebHB8/zeyyg9ImiG+8=
last-modified
Wed, 26 Apr 2023 20:02:18 GMT
server
openresty
etag
W/"8ca5836a0fd6e7c281d67cecdeb8e3f4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
default.js
www.chicagotribune.com/pf/dist/components/combinations/ 		833 KB
217 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
69e71593c74623ac2425dd32c83e886e7e7f41ccaf85ec8c9e548a44a2cbd059
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NGJVPFF72JK57X
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.111543ca
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606282_784_6273_17_0";dur=1
content-length
221126
x-amz-id-2
hTBOTIZu8ASmYulL8p3dejGnLGdtVlCryvKFS810onIwoNXTx8QkS0Gwk4NaH3gXhI2+NFfbcK8=
last-modified
Wed, 26 Apr 2023 20:02:18 GMT
server
openresty
etag
W/"177bb966393850a0f7d42577c0cf92f1"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
default.css
www.chicagotribune.com/pf/dist/components/output-types/ 		36 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.chicagotribune.com/pf/dist/components/output-types/default.css?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
990d4ffa0c52bb186522e90e20e29e9108afba2661fc19e4dd07971421cd7897
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NV4TKN80M77TMH
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.111543c5
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606277_36_7908_17_0";dur=1
content-length
4914
x-amz-id-2
QnYUlYolSzTaM+fUiz33tMf/ToNEf1SDVddvBE5xPb6gxy4BKyBGb7RlRppn4L6Y7uFqUakQBng=
last-modified
Wed, 26 Apr 2023 20:02:18 GMT
server
openresty
etag
W/"8e406064170e8b413a278aa24b30eb15"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
default.css
www.chicagotribune.com/pf/dist/components/combinations/ 		68 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.chicagotribune.com/pf/dist/components/combinations/default.css?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
732121193c91f0b5e1b6782579d1c6153dadccd8dbe64ca611a8f381d4e584ca
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NNWB4ZD4K4V1RD
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.111543c8
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606280_780_6299_17_0";dur=1
content-length
11475
x-amz-id-2
QsYtkYILcRZHPD+7Vo8tx4xPWZD2EJrmJaxn7ue4B0ZixTEykTwaq9nd09eeQyCqgKKfKK4k1LQ=
last-modified
Wed, 26 Apr 2023 20:02:18 GMT
server
openresty
etag
W/"698677d9eda23189276207ea8b6baf63"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
css
fonts.googleapis.com/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:wght@400;600;700&display=swap
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a9cd64ca9fca199d4366d499a84f6678bf0a2da7f87fa16217a042b6813d4ca5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 29 Apr 2023 23:47:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 30 Apr 2023 00:48:21 GMT
load.js
s.ntv.io/serve/ 		578 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.ntv.io/serve/load.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.126.113.148 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-126-113-148.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
75878e20516aab7c1d8b3db8af6b7c27fdde3b62e41c44f30295a54a5f8cc124

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:21 GMT
Content-Encoding
gzip
x-amz-request-id
2ND8VR1C2JZ23BAB
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
x-amz-id-2
FtqLU/3nNkn5PAWcDQ7PoVjD1/JYn9IhMgYa5ypTMiQKaMgQdBirXQS0+19cmKXPzYgRIp8b0T726BasGtT4xQ==
Last-Modified
Wed, 26 Apr 2023 19:21:47 GMT
Server
AmazonS3
ETag
"e644b256b057091360be3a58b5856d3a"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
chartbeat_mab.js
static.chartbeat.com/js/ 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat_mab.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:3600:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5da042d5812f163384470df8b5fbca46e8364922c47407a8dbdcf114066fc6ab

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 07:15:19 GMT
content-encoding
gzip
via
1.1 57eada8217c838cfdc4ec177bbe3523c.cloudfront.net (CloudFront)
last-modified
Wed, 20 Jul 2022 00:57:56 GMT
server
nginx
x-amz-cf-pop
JFK50-P4
age
63182
etag
W/"62d75314-5d6b"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-amz-cf-id
zIq1-bzpDIx8ush_-ogHmPxW4FUnstFOErf-qNrsAcMjQu3ZAu_8Xg==
expires
Sun, 30 Apr 2023 07:15:19 GMT
zephr-browser.umd.js
assets.zephr.com/zephr-browser/1.3.9/ 		39 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.160.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-160-94.man51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fcac0e1a4f11bbf64e60b1305ef1b935ff5c41e49d150c42ca8d8d6464dc240f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 10:37:00 GMT
content-encoding
gzip
via
1.1 2439f09910c4aa0e8e90dee53b1d50c0.cloudfront.net (CloudFront)
last-modified
Tue, 27 Apr 2021 11:02:55 GMT
server
AmazonS3
x-amz-cf-pop
MAN51-P2
age
51333
etag
W/"c531ce77a9ff6380e9671dee680a2102"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
NMaWXVRFQJScsfBcwfNsNu6yVdNFrooX7yzIS2lOljb-t9j3a78_eQ==
zephr-minify.1.0.1.js
assets.zephr.com/tribune/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.zephr.com/tribune/zephr-minify.1.0.1.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.165.160.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-165-160-94.man51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ed6b237b687782c7d85630dec9239d26965f826b0b1a64d2817b4dec65db486a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 16:59:25 GMT
content-encoding
gzip
via
1.1 2439f09910c4aa0e8e90dee53b1d50c0.cloudfront.net (CloudFront)
last-modified
Mon, 19 Apr 2021 11:32:39 GMT
server
AmazonS3
x-amz-cf-pop
MAN51-P2
age
28237
etag
W/"d9f4fec80c2b61c13ef9d38b99f5708c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
YbRTspKNpejwUeUf1aDhuxQx7BI55ncyS8AnienAmgwyltlsgGffyA==
YNEJMDCSNZQBKEHASTPB2C7KZY.jpg
www.chicagotribune.com/resizer/LZOvHW3sq4TYVUOv8dTkREtIyiE=/800x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		26 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/LZOvHW3sq4TYVUOv8dTkREtIyiE=/800x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/YNEJMDCSNZQBKEHASTPB2C7KZY.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Server /
Resource Hash
e7ec8eccb31d50a54fa7b3cb65ebaceb2110609b4c82ebea3806a3d4ebe3ecee
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
300
date
Sun, 30 Apr 2023 00:48:23 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
server
Akamai Image Server
etag
"7facaf0910d4a9436cd43a536e14fec23a71fdd8"
x-arc-request-id
0.8d747e68.1682815701.111543cb
content-type
image/jpeg
cache-control
private, max-age=300
server-timing
cdn-cache; desc=HIT, edge; dur=2334, ak_p; desc="467448_1753117837_286606283_235206_9123_19_0";dur=1
x-akamai-note
original-image
content-length
27013
expires
Sun, 30 Apr 2023 00:53:23 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
1364
etag
W/"06f50014011c1fcd9e21b6b0481979de"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7bfbc7557d3e4bca-YUL
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 03 May 2023 00:48:21 GMT
Menu_Icon.svg
www.chicagotribune.com/pf/resources/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/pf/resources/icons/Menu_Icon.svg?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
94dba5e97bd9780046fc76db034ae0132c04cdf51858c680ef043f841ee3a468
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NYAZBG8086BMYV
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.111543cc
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606284_786_6362_17_0";dur=1
content-length
505
x-amz-id-2
XXWIDILSyzO1OtLcfmenAp2V8u+z8WrfwfXT5nC2uim80V2M2UYjGKO9gaMZTIyn6GepAAwNYIh54HN9FbDgVRxIlecn+e+uBBnqTgt7Cg8=
last-modified
Wed, 26 Apr 2023 20:02:17 GMT
server
openresty
etag
W/"3078b03aa176e280460db6374ed5934b"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
Search_Icon.svg
www.chicagotribune.com/pf/resources/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/pf/resources/icons/Search_Icon.svg?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
9729f3eab64671484b7dc72a11b62aa1f6f7841711fa84c318e01007dd03e6c2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NH075F7SRRW9P5
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.111543cd
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606285_1050_4747_17_0";dur=1
content-length
700
x-amz-id-2
ml/1sVaK7WWsEaXDnkeZXN3uIfFnKCcsZ4sGUDmUvmnLjDL3zl/u+vt2HKbCJaxOBZwp9NSostI=
last-modified
Wed, 26 Apr 2023 20:02:17 GMT
server
openresty
etag
W/"d947de375e50e50a1aa4f7951e3c56b0"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
index.js
tags.remixd.com/player/v5/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.remixd.com/player/v5/index.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-16.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
91bcc65a1a6bb4755e48576889ae27c2f620e49d126b8127dd16c1a99945b9d5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:47:51 GMT
content-encoding
gzip
via
1.1 ebfea1c8ef298b6d415684e80825a276.cloudfront.net (CloudFront)
last-modified
Tue, 21 Jun 2022 15:31:59 GMT
server
AmazonS3
x-amz-cf-pop
EWR52-C1
age
31
etag
"57b6f8ad4125903b7e06bb427c232d10"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public,max-age=1800
accept-ranges
bytes
content-length
10041
x-amz-cf-id
WS3jhhCcmjHEsq9RwgOQkymTnEmvboqGYZCzSDVLugCSU2ZKhlNYkw==
ct.svg
www.chicagotribune.com/pf/resources/images/stacked/ 		727 B
1019 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/pf/resources/images/stacked/ct.svg?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
4de3df3f8c41b969312c7f8fb0ec105ca4ceebfeff99e9c4c6552f017c8aeb2e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NW0108X8DX11Z0
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.111543ce
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606286_793_6195_17_0";dur=1
content-length
460
x-amz-id-2
/Sd/keob71wvmPIxaFTgQAlOJi1ik/iAMmqSapuIdh4fFRkm1hkUDGE+IylunDI/x87Sp0ilnX0=
last-modified
Wed, 26 Apr 2023 20:02:17 GMT
server
openresty
etag
W/"95a011625b282ce688af84fdec6cf2ed"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
gtm.js
www.googletagmanager.com/ 		361 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3013e00ec5a907295c00604f34d58dd00a4cb05bfa6296d809b02ffbbdb9253e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
99446
x-xss-protection
0
last-modified
Sun, 30 Apr 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 30 Apr 2023 00:48:21 GMT
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202304241206/ 		240 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202304241206/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/lN3nDI7DXG9pAWAqmfHN769SKz8/gpt_and_prebid/config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:99f6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
369f20e17ce9308e9e488e6fdbdf3aa0e3c8c4705b903c23cd610e7c41eedd16

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 24 Apr 2023 16:10:41 GMT
server
cloudflare
x-amz-request-id
SG6G6CWYWHEBCJJT
age
459757
etag
W/"d1226925b093cc62c3879362099dc851"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7bfbc7562e6d4bbf-YUL
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
kYL5hJEWQPo2GFpk7WrxvoQcmA7E9L0napE8GB32owz5r4Qpoe2O4Uh7DdBtpCuw88abPYkh97s=
DA9NK-5NF4A-5FWA6-EFVPV-RL87Z
s.go-mpulse.net/boomerang/ 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/DA9NK-5NF4A-5FWA6-EFVPV-RL87Z
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:13:78d::11a6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
br
last-modified
Thu, 20 Apr 2023 12:02:42 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v34/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:wght@400;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 02:56:05 GMT
x-content-type-options
nosniff
age
78736
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16740
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:14:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 02:56:05 GMT
YNEJMDCSNZQBKEHASTPB2C7KZY.jpg
www.chicagotribune.com/resizer/b2VCYjhACQVIguUUjtzeITfGb3M=/1024x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/b2VCYjhACQVIguUUjtzeITfGb3M=/1024x0/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/YNEJMDCSNZQBKEHASTPB2C7KZY.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
09a3a6ea7be75bdec0c140e22ce76afe76f8112d535c5a1d1db04981ec086074
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Mon, 24 Apr 2023 12:56:25 GMT
x-serial
375
server
Akamai Image Manager
x-check-cacheable
YES
etag
"4a9082a419dd78403c3811dee51e6eb802be4544"
x-arc-request-id
0.8d747e68.1682815701.111543f6
content-type
image/avif
cache-control
private, no-transform, max-age=31061398
server-timing
cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="467448_1753117837_286606326_122_9406_22_0";dur=1
content-length
18165
expires
Tue, 23 Apr 2024 12:58:19 GMT
cs
tribune.blueconic.net/DG/DEFAULT/ 		16 B
705 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tribune.blueconic.net/DG/DEFAULT/cs?&callback=bc_json916
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.97.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-97-187.compute-1.amazonaws.com
Software
- /
Resource Hash
8a6c3f5999aa2e246b5abea5fbb01a90d51de8ed4457c65b512dacc067f27c9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
-
x-permitted-cross-domain-policies
master-only
content-type
text/javascript; charset=utf-8
p3p
policyref="", CP="DSP"
cache-control
no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag
noindex, nofollow
content-length
36
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151601
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
381
etag
W/"2cf94922e2d551e8dc7c38c022a9a3ca"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
7bfbc7567efc4bca-YUL
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 03 May 2023 00:48:21 GMT
chicagotribune.com
pubcast-files.remixd.com/player-configs/ 		41 KB
42 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pubcast-files.remixd.com/player-configs/chicagotribune.com
Requested by
Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f486dcad1402002af6f9fee8cbe1f301710b828ea0740abfe8672137ef6e02f8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:56:59 GMT
age
3082
x-guploader-uploadid
ADPycdvTDgJ0NSc0lpCyE4HcXoQrtj7buXdM0g2847PMB0QpvcDTPC8-_IyGrSdhVmAH7Cbbs95eKrB7oX57-mX1mZT4ZxLiilYw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41910
last-modified
Mon, 30 Jan 2023 16:20:06 GMT
server
UploadServer
etag
"5a254665d4a4c7aceb33b05d7ef91bd9"
x-goog-generation
1675095606494005
x-goog-hash
crc32c=5ElQGQ==, md5=WiVGZdSkx6zrM7Bdfvkb2Q==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600
x-goog-meta-cache-control
public, no-cache, must-revalidate
x-goog-stored-content-length
41910
accept-ranges
bytes
content-type
application/json
expires
Sun, 30 Apr 2023 00:56:59 GMT
BMDKTNGVOBFTXLQH2N6QO7GPBI.jpg
www.chicagotribune.com/resizer/vXdItn6Jg6Or4MWt7wfXA7pstns=/274x206/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/vXdItn6Jg6Or4MWt7wfXA7pstns=/274x206/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/BMDKTNGVOBFTXLQH2N6QO7GPBI.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
54d671a6a93e6f2e3a65a815cc53ced2cfc6bc4f7c818d4cd39f1674d13142b0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 28 Apr 2023 21:20:58 GMT
x-serial
1995
server
Akamai Image Manager
x-check-cacheable
YES
etag
"e2fdc398eaa3bc19431c5dc3f002cf11e20157d2"
x-arc-request-id
0.8d747e68.1682815701.11154407
content-type
image/avif
cache-control
private, no-transform, max-age=31437191
server-timing
cdn-cache; desc=HIT, edge; dur=10, ak_p; desc="467448_1753117837_286606343_980_9048_17_0";dur=1
content-length
11678
expires
Sat, 27 Apr 2024 21:21:32 GMT
ADF7TPZBP3HO6OCBGI77CLJ2HA.jpg
www.chicagotribune.com/resizer/OBeVMJun_ErE8DbdfYIgT4D3qXM=/274x206/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/OBeVMJun_ErE8DbdfYIgT4D3qXM=/274x206/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ADF7TPZBP3HO6OCBGI77CLJ2HA.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
272c072abe3cb69b8ad8aa41aafb5875001a2867e4f2adbe227d01649b483ddc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 29 Apr 2023 17:25:07 GMT
x-serial
1666
server
Akamai Image Manager
x-check-cacheable
YES
etag
"be385b51f80eee42e055b51354a863b68b979fdd"
x-arc-request-id
0.8d747e68.1682815701.1115440a
content-type
image/avif
cache-control
private, no-transform, max-age=31509345
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606346_46_8610_17_0";dur=1
content-length
10373
expires
Sun, 28 Apr 2024 17:24:06 GMT
CGC6WBTPKC6US54466WVNAKFQY.jpg
www.chicagotribune.com/resizer/8FAAhOT91B3bxifKFKu_V6jeGJU=/274x206/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/8FAAhOT91B3bxifKFKu_V6jeGJU=/274x206/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/tronc/CGC6WBTPKC6US54466WVNAKFQY.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
b58c362d86bdaa4d9f652e9066bd8ec1cee9e5165bfa4ed43129af27370beaf4
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 29 Apr 2023 23:31:20 GMT
x-serial
932
server
Akamai Image Manager
x-check-cacheable
YES
etag
"343ece9c666186f14d5b006b69de34b8e721e433"
x-arc-request-id
0.8d747e68.1682815701.1115440b
content-type
image/avif
cache-control
private, no-transform, max-age=31531405
server-timing
cdn-cache; desc=MISS, edge; dur=1, origin; dur=223, ak_p; desc="467448_1753117837_286606347_2834_8622_17_0";dur=1
content-length
8140
expires
Sun, 28 Apr 2024 23:31:46 GMT
/
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 		271 B
557 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=chicagotribune.com&domain=chicagotribune.com&path=%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Requested by
Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3bf53e2ad753c299ee4fde27a3c776054a973cdc083acfdc4383de4c3c6420c3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-cache-hits
0
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/6.0), 1.1 varnish
age
0
x-cache
MISS
cross-origin-resource-policy
cross-origin
content-length
203
x-served-by
cache-yul12834-YUL
x-timer
S1682815702.592273,VS0,VE41
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges
bytes
expires
Fri, 28 Apr 2023 00:48:21 GMT
ADF7TPZBP3HO6OCBGI77CLJ2HA.jpg
www.chicagotribune.com/resizer/U9cXEDMfM1xwvmS22mc4l-TkT7E=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/dnGzueifay_5A1QH_q5BddNiEOY=/cloudfront-us-east-1.images.arcpublishi... 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/U9cXEDMfM1xwvmS22mc4l-TkT7E=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/dnGzueifay_5A1QH_q5BddNiEOY=/cloudfront-us-east-1.images.arcpublishing.com/tronc/ADF7TPZBP3HO6OCBGI77CLJ2HA.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
6ca6dad88420116cf65df7abf721ec0f6823803ec56639679492032ed0914314
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 29 Apr 2023 17:26:40 GMT
server
Akamai Image Manager
etag
"15ed9f9e8e051f187ca8ebe30a470c8c761ec6a7"
x-arc-request-id
0.8d747e68.1682815701.11154440
content-type
image/avif
cache-control
private, no-transform, max-age=31509500
server-timing
cdn-cache; desc=HIT, edge; dur=10, ak_p; desc="467448_1753117837_286606400_993_9397_17_0";dur=1
content-length
2408
expires
Sun, 28 Apr 2024 17:26:41 GMT
SXOL6JKPV5APVBLYNFWWTDSJ7U.jpg
www.chicagotribune.com/resizer/WqCprp6uRNKuog1yqzbc_EQp5f0=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/oCdzjf5URMY70Zmn3qQqD7y-m64=/cloudfront-us-east-1.images.arcpublishi... 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/WqCprp6uRNKuog1yqzbc_EQp5f0=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/oCdzjf5URMY70Zmn3qQqD7y-m64=/cloudfront-us-east-1.images.arcpublishing.com/tronc/SXOL6JKPV5APVBLYNFWWTDSJ7U.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
23f6b483148d0c90a84e651dd6d1c1199a4358ca2244413193ac6c5c8f20be66
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 29 Apr 2023 22:25:06 GMT
x-serial
1245
server
Akamai Image Manager
x-check-cacheable
YES
etag
"6860b3f7bf20f75da730ac5b7b52b265c4f5983d"
x-arc-request-id
0.8d747e68.1682815701.11154442
content-type
image/avif
cache-control
private, no-transform, max-age=31527371
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606402_78_8641_17_0";dur=1
content-length
2358
expires
Sun, 28 Apr 2024 22:24:32 GMT
VAQWNBECLNGKDGGX7UJVP2GICU.jpg
www.chicagotribune.com/resizer/Vwu8ILaxUohLEg9BITVlrzDg9F8=/84x84/filters:format(jpg):quality(70):focal(1365x778:1375x788)/www.chicagotribune.com/resizer/SRc9pP37rDKyJO5l9oGW71lx20k=/cloudfront-us-... 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/Vwu8ILaxUohLEg9BITVlrzDg9F8=/84x84/filters:format(jpg):quality(70):focal(1365x778:1375x788)/www.chicagotribune.com/resizer/SRc9pP37rDKyJO5l9oGW71lx20k=/cloudfront-us-east-1.images.arcpublishing.com/tronc/VAQWNBECLNGKDGGX7UJVP2GICU.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
cff7ef6ece2e35050683ecf19c85aaf7147e029b94f9f7e757dd708faedaa392
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Mon, 24 Apr 2023 10:13:38 GMT
server
Akamai Image Manager
etag
"848382d86569c32d767ecc62497a04e2e9509576"
x-edgeconnect-cache-status
1
x-arc-request-id
0.8d747e68.1682815701.11154443
content-type
image/avif
cache-control
private, no-transform, max-age=31051581
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606403_80_8669_17_0";dur=1
content-length
2450
expires
Tue, 23 Apr 2024 10:14:42 GMT
KT5LHZI35ZBEHFASKYSGRTYTPI.jpg
www.chicagotribune.com/resizer/crv7V7BoXZF6UcnviMpih9QOeJU=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/Qbhasmmg-WAXn15aQ6OsvMFEPe4=/arc-anglerfish-arc2-prod-tronc.s3.amazo... 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/crv7V7BoXZF6UcnviMpih9QOeJU=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/Qbhasmmg-WAXn15aQ6OsvMFEPe4=/arc-anglerfish-arc2-prod-tronc.s3.amazonaws.com/public/KT5LHZI35ZBEHFASKYSGRTYTPI.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
b90b910df64d1f5d817d034ae64e23406df18ea25112523fdbb9843743088401
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sun, 23 Apr 2023 10:41:37 GMT
x-serial
1172
server
Akamai Image Manager
x-check-cacheable
YES
etag
"0fea3e5c64ea1a03a395ec5daa5488e059dd625c"
x-arc-request-id
0.8d747e68.1682815701.11154444
content-type
image/avif
cache-control
private, no-transform, max-age=30966835
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606404_90_8633_17_0";dur=1
content-length
1666
expires
Mon, 22 Apr 2024 10:42:16 GMT
2XWTZZQLK5A6XLZ3X2KE34J2K4.jpg
www.chicagotribune.com/resizer/bqOtmtlYP6gj5-sG_hgPjqhpwUw=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/HaZEOV91fmzxDlw6TQafj-zGOXI=/cloudfront-us-east-1.images.arcpublishi... 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/resizer/bqOtmtlYP6gj5-sG_hgPjqhpwUw=/84x84/filters:format(jpg):quality(70)/www.chicagotribune.com/resizer/HaZEOV91fmzxDlw6TQafj-zGOXI=/cloudfront-us-east-1.images.arcpublishing.com/tronc/2XWTZZQLK5A6XLZ3X2KE34J2K4.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Akamai Image Manager /
Resource Hash
21e9a2a6745e72a9504ec7392d5bda2b2f6be8d47224a84f75ca139b8575c08a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 25 Feb 2023 08:56:56 GMT
x-serial
1382
server
Akamai Image Manager
x-check-cacheable
YES
etag
"9a2196600ed029745b9e6589d88e1aebd4fe7432"
x-arc-request-id
0.8d747e68.1682815701.11154445
content-type
image/avif
cache-control
private, no-transform, max-age=30789474
server-timing
cdn-cache; desc=HIT, edge; dur=2, ak_p; desc="467448_1753117837_286606405_267_8625_17_0";dur=1
content-length
2078
expires
Sat, 20 Apr 2024 09:26:15 GMT
t
jadserve.postrelease.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&ntv_mvi
Requested by
Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.210.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-210-94.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
4d1e86f85f72f4d54eb146cc6cd18798f75025a05d063b7d90c3e349d990fd53

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
server
nginx/1.12.2
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
1252
expires
Mon, 1 Jan 1990 12:00:00 GMT
embed.js
embedcdn.sendtonews.com/easy-stn-player/7.15.2/
Redirect Chain
  • https://embed.sendtonews.com/player3/embedcode.js?fk=&cid=4591
  • https://embedcdn.sendtonews.com/easy-stn-player/7.15.2/embed.js
7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://embedcdn.sendtonews.com/easy-stn-player/7.15.2/embed.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
108.138.106.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-113.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
74c51235b49b812be8d12109acc6710514e0ad71cec43587ca0e3a8464acb9ad

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:47:47 GMT
x-amz-version-id
Z8lrpg0CjemN8tLmEwyQi0.0rm1zG_.h
content-encoding
br
last-modified
Fri, 21 Apr 2023 00:22:12 GMT
server
AmazonS3
via
1.1 6104f765cfecf9c49eb7195c359eea46.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P3
etag
W/"02ed78490a9373abdeaa063c3988c8dd"
age
35
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
hEHVufacrzCFYK-9A7W_omy8RmIaw5FLeumyXKrvs_mLxPMtgrYPCg==

Redirect headers

date
Sun, 30 Apr 2023 00:48:21 GMT
via
1.1 6104f765cfecf9c49eb7195c359eea46.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
JFK50-P3
x-cache
FunctionGeneratedResponse from cloudfront
location
https://embedcdn.sendtonews.com/easy-stn-player/7.15.2/embed.js
alt-svc
h3=":443"; ma=86400
content-length
0
x-amz-cf-id
BQ9iffwJAnvf-RiIzQdokG5_GU8ybrXD1ljwEKjIaMjnn80brutjRA==
loader.js
cdn.taboola.com/libtrc/tribunedigital-network/ 		2 MB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
276cd29ffad20507010c9ffad7835cbd2714c049405013e2bf809c46434c4fcb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
7f7FRh7QSwiyqd1klT1Xm2wXOCker4Dv
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:21 GMT
x-amz-request-id
YEXKGBEFAJK7DHW1
age
6301
x-amz-server-side-encryption
AES256
x-cache
HIT
x-from-cache
1
x-envoy-upstream-service-time
22
x-amz-replication-status
FAILED
content-length
111449
x-amz-id-2
IrbXjwIZa1Rp2KugMA19zSut/ZWm9/Ey/03HUcMyQqCW2j3SDmKBnIbSvCSJuBhlOKx2udUH1Jk=
x-served-by
cache-yyz4581-YYZ
last-modified
Thu, 27 Apr 2023 18:52:05 UTC
server
nginx
x-timer
S1682815702.789071,VS0,VE2
etag
"887f4aa5d9d7c8503c3b9b031ec99b12c8c33b89"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
abp
31
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
1
chiarc.min.js
www.tribdss.com/meter/
Redirect Chain
  • https://www.tribdss.com/meter/chiarc.min.js
  • https://www.tribdss.com/meter/chiarc.min.js?disabled=international
34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tribdss.com/meter/chiarc.min.js?disabled=international
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Server
23.7.73.96 Eden Prairie, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-7-73-96.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
9d12ff8dcf092cb6c6dfbb6a2c6ad7aa4a74d84c13e84803ea3e27404f7e85ab
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Status
200 OK
Connection
keep-alive
Content-Length
11352
X-Request-Id
5249e1ab5fde26aa242db312d2a2804b
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.006681
X-Content-Digest
b0a0fec797f0f463af189c76902e0e58bbc4b936
Last-Modified
Thu, 20 Apr 2023 08:23:56 GMT
Server
Apache
X-Host-Info
cccc5c572c44,; 4437850c06e04bd7d5864e120ef0c0dd90f51609 (HEAD -> refs/heads/release/2304.1.0, refs/remotes/origin/release/2304.1.0) Updated webapp.crontab to stop facebook related jobs
ETag
4367406786356350837R
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, must-revalidate, max-age=728
Httpd-Identifier
cccc5c572c44
X-Rack-Cache
fresh

Redirect headers

Location
/meter/chiarc.min.js?disabled=international
Date
Sun, 30 Apr 2023 00:48:21 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
chiarc.min.js
ssor.tribdss.com/reg/tribune/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssor.tribdss.com/reg/tribune/chiarc.min.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=136
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.7.73.96 Eden Prairie, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-7-73-96.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
58775462e8f9f791a044bc6a48c6be5dcd2d16a98d488c3a1f9d07f72448ce93
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:21 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Status
200 OK
Connection
keep-alive
Content-Length
12079
X-Request-Id
d5977f6b883f1f3241742ef25ef917d3
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.005708
X-Content-Digest
6ac5db739c1fad5be22c7d11f8189f138ca67c2a
Last-Modified
Thu, 20 Apr 2023 08:32:23 GMT
Server
Apache
X-Host-Info
5284b0f5aa83,; c58e7c33fd8a1664c21a3ce7f87f865abe88c662 (HEAD -> refs/heads/release/2304.1.1, refs/remotes/origin/release/2304.1.1) DSS-17366 & DSS-1733 : update auht0 id creation logic in utilities & ensuring present in export
ETag
4745577041152945396
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, must-revalidate, max-age=337
Httpd-Identifier
ac0b35ac0070
X-Rack-Cache
fresh
/
dynpaywall-api-chicagotribune.ml.sophi.io/v1// 		49 B
327 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dynpaywall-api-chicagotribune.ml.sophi.io/v1//?domain_userid=&content_id=QCG4KZGX6VGBHIEHWYGHUSH45M&user_id=&localtime=2023-04-30%200:48:21%20GMT0000&section=/business&referrer=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=136
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-114.ewr53.r.cloudfront.net
Software
CloudFront /
Resource Hash
6af4e262d3179d6146a7d9a4ca0e37bb7534bf5cde1ebc28279f93400dcedd02

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
via
1.1 5ec6b37107376867228d2ed46a794602.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
EWR53-C1
x-cache
LambdaGeneratedResponse from cloudfront
content-type
application/json
access-control-allow-origin
*
content-length
49
x-amz-cf-id
NH8ryIjeQhihRWwiGj_yehp76B00buYS-SXmBDsJXCHNZkY1nc6mTg==
v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih
smoggysnakes.com/ 		60 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://smoggysnakes.com/v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=136
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
12cb8ee11fcac29aff22456f64220009fbc7ef37e229c1b89ac0f20833bad218
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
via
1.1 google
date
Sun, 30 Apr 2023 00:48:21 GMT
x-datacenter
gce-us-east1
etag
"81bc688b0c77067fd8004eb22e1e3188e7fdd59013cf78413e5d821c9f58653b"
x-buildname
hoothoot
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-us-east1-spot-j11t
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
x-buildnumber
832971200
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
osano.js
cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/ 		357 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/pf/dist/components/combinations/default.js?d=136
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:c000:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
818af1419f1412038ad6117223eab6cbba875388c2988f196f667bfb71d6547a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=2592000
content-encoding
br
x-content-type-options
nosniff
date
Sun, 30 Apr 2023 00:48:21 GMT
via
1.1 58a45bf3f07dfdca95ebcb7935e84994.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P5
age
84598
x-cache
Hit from cloudfront
content-length
94120
x-xss-protection
mode=block
last-modified
Fri, 10 Feb 2023 22:34:35 GMT
server
CloudFront
etag
"3943933ce17d919154bd0fbd8e555bf8"
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=86400, s-maxage=86400, must-revalidate, proxy-revalidate, no-transform
x-amz-cf-id
4QBg_eDuPWmC61LC90iZdktoj8r1z5J7ZHZDe2-irfasBz_gOwUE5Q==
Chicago_Tribune-chiblue.svg
www.chicagotribune.com/pf/resources/logo/ 		13 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/pf/resources/logo/Chicago_Tribune-chiblue.svg?d=136
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
37f8ab8769785287d8b890ba001c44d93c98ec851e4abe769e8a5e243bbe1f0b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
7Q76F335K3C6C38R
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815701.11154462
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286606434_25_6609_18_0";dur=1
content-length
5118
x-amz-id-2
7P9TPl3sUZ0UfglqX/8/fTePlEvm6xRtCqqzWTJ95G/ZtIFy/w2oGRh4tqkr6iRsq25wBj7N0bA=
last-modified
Wed, 26 Apr 2023 20:02:18 GMT
server
openresty
etag
W/"71456cc06238c3a185cccb135bec0329"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:21 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b4ea49f24d187d178a5dd1cdac0045515d4937c6846784f5c75e86cb7e63ad1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24796
x-xss-protection
0
server
cafe
etag
398 / 19477 / 31074205 / config-hash: 17856767610576847833
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:21 GMT
apstag.js
c.amazon-adsystem.com/aax2/ 		227 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.151.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-151-99.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5336e341bf88d1798de998944eb812582d4f522583b3be6fe4b366f6bb9426a6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:00:20 GMT
content-encoding
gzip
via
1.1 2c0478fce3b7f4f5348678901d1bf60a.cloudfront.net (CloudFront), 1.1 2f5727cd85b40e905349d2b5268f3dbc.cloudfront.net (CloudFront)
last-modified
Thu, 27 Apr 2023 19:15:17 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-P2, EWR52-C2
age
2882
x-amz-server-side-encryption
AES256
etag
W/"644915d59292b7496ff86a0d2c460fce"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
public, max-age=3600
x-amz-cf-id
kz1ut-Q44dGBAjwkdTdu0k5JmdvqG37Xb66ltDA5Efaxmy7GD_AlmQ==
standard-player.html
tags.remixd.com/player/v5/players/ 		129 KB
30 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tags.remixd.com/player/v5/players/standard-player.html
Requested by
Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.60.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-60-16.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7f5d73c848836745a93ff7aa540a8f83f9899e3668628f42e9ba0cc6ef5e0b32

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:16 GMT
content-encoding
gzip
via
1.1 4a93be6e6adaadeec2a72967f0720080.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C1
age
6
x-cache
Hit from cloudfront
content-length
29730
last-modified
Tue, 21 Jun 2022 15:31:59 GMT
server
AmazonS3
etag
"9a2e807a291cbaccaab15c40f0629813"
access-control-max-age
60
access-control-allow-methods
GET, HEAD
content-type
text/html
access-control-allow-origin
*
cache-control
public,max-age=1800
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
-TDk4JldIRzDXy82qG-uHOwVBLMqlC69EAh3BzQEldh4T-PV3_Vg2w==
915
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 		74 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&bcsessionid=&bctempid=&overruleReferrer=&time=2023-04-30T00%3A48%3A21%2B00%3A00&ts=1682815701898
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
8ee8a8fd83fb25bcb03ba621e107959825dae1d96b2ce1984f64b7d06f08d218
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
12468
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
2wtmHpJ8jDv3HQPXzTrceOsXc7cp1nZlb58qopgLbHGS7cC0U2PhTA==
expires
Thu, 01 Jan 1970 00:00:00 GMT
p.js
cdn.parsely.com/keys/chicagotribune.com/ 		56 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.parsely.com/keys/chicagotribune.com/p.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.101.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-101-60.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
6613009940c32f6e3032a2ef430d34037d17904c9beac02478443798784faa98

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
public
date
Sat, 29 Apr 2023 13:18:31 GMT
content-encoding
gzip
via
1.1 3b0649a8bee506c1d7498462d39e6c44.cloudfront.net (CloudFront)
last-modified
Wed, 05 Jan 2022 19:15:41 GMT
server
nginx
x-amz-cf-pop
JFK50-P5
age
41393
etag
W/"61d5ee5d-df47"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400, public
x-amz-cf-id
P3VKjvitrN91NrMST5HAfPZYSVceOXUoJmS8J8mvk7Q_hqhDyA4AbA==
expires
Sun, 30 Apr 2023 13:18:29 GMT
launchpad-liveramp.js
launchpad-wrapper.privacymanager.io/15aac723-64c8-4b23-ab62-e238fd624c21/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://launchpad-wrapper.privacymanager.io/15aac723-64c8-4b23-ab62-e238fd624c21/launchpad-liveramp.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-13.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
51ae82135498270faf7037bc1034285965dcde3c43476a24ac83ab3d14322522

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
QPdapfnTKadTbAF2NRlea4Urx3BTN8sm
content-encoding
gzip
via
1.1 774fddee085016d16b500fd9201faeb2.cloudfront.net (CloudFront)
date
Sat, 29 Apr 2023 10:55:31 GMT
x-amz-cf-pop
JFK50-P8
age
49971
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-disposition
attachment; filename="launchpad-liveramp.js"
last-modified
Fri, 22 Apr 2022 17:52:36 GMT
server
AmazonS3
etag
W/"862af1285f6bfb523bc7fcb34a8cf69f"
vary
Accept-Encoding
content-type
text/javascript
x-amz-cf-id
GmceAJCMRdtgQ2VlR40jMnrPkWc7iJHgMQJvApkELMO_2fCfW8ppYA==
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5K8DK4V
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 29 Apr 2023 23:22:23 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
5159
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Sun, 30 Apr 2023 01:22:23 GMT
chartbeat.js
static.chartbeat.com/js/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.chartbeat.com/js/chartbeat.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:24f1:3600:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
7b307f2ce73aec07bfa1ab1d6462f491de0497c8819b1d6fed66eda9638a3530

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 11:15:05 GMT
content-encoding
gzip
via
1.1 57eada8217c838cfdc4ec177bbe3523c.cloudfront.net (CloudFront)
last-modified
Thu, 08 Dec 2022 17:25:10 GMT
server
nginx
x-amz-cf-pop
JFK50-P4
age
48797
etag
W/"63921df6-9377"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-amz-cf-id
pTwDNtl8eFjxSO3LfDNMICj2vfucobFuMD-f8yIDQyF_g4zCVJILlw==
expires
Sun, 30 Apr 2023 11:15:05 GMT
sophi.min.js
cdn.sophi.io/latest/ 		124 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sophi.io/latest/sophi.min.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.34.36 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-34-36.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
096a0419a3787b284e7105edeebc7cf4915cb9549f3b433258f65483acc24510

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 09:40:55 GMT
content-encoding
br
via
1.1 4b5889b0a8c8c6a870b430f05a4e162c.cloudfront.net (CloudFront)
x-amz-version-id
77yKHytHO_pcAyQcoklw1dHdk4sqBtp0
last-modified
Tue, 04 Oct 2022 14:09:32 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
age
54448
x-amz-server-side-encryption
AES256
etag
W/"dfd164092f8d8abc70b55ba8c1bc2e80"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
dyN-unKnhnf5iw_9q__X7jxxKjHA82EIiKSVCoS40azzbUWkO-P_Og==
ml.br.js
js.matheranalytics.com/static/ltm/ma89701/fusion/9/
Redirect Chain
  • https://js.matheranalytics.com/s/ma89701/197837611/fusion/ml.js?cb=1623
  • https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js
150 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
107.178.250.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
234.250.178.107.bc.googleusercontent.com
Software
nginx /
Resource Hash
32e8506d2f282e7132820c2c989104e013938da8c2214f6442eaec6945918211

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 08:34:51 GMT
content-encoding
br
via
1.1 google
last-modified
Thu, 26 May 2022 16:23:18 GMT
server
nginx
age
58411
etag
"31cd74de581fdfc9a6c0d6883d695597"
vary
Accept-Encoding
x-cache
HIT Sun, 18 Dec 2022 11:13:36 GMT
content-type
application/x-javascript
cache-control
public,max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44258

Redirect headers

date
Sun, 30 Apr 2023 00:48:22 GMT
via
1.1 google
server
nginx
vary
Accept-Encoding
location
https://js.matheranalytics.com/static/ltm/ma89701/fusion/9/ml.br.js
cache-control
public, max-age=269200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-served-by
0-gc-northeast1c-54230997
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=6036462&ns__t=1682815701994&ns_c=UTF-8&c8=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answere...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=6036462&ns__t=1682815701994&ns_c=UTF-8&c8=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answer...
0
225 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=6036462&ns__t=1682815701994&ns_c=UTF-8&c8=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&c7=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&c9=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
108.138.128.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-112.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
via
1.1 8ee187646f657ced7afa83005e9249cc.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P4
x-amz-cf-id
nWP_1e95eoVCVWlVwC03zgPxMjSM8XczMQbbI-l3p621uEYR8uwyGQ==
x-cache
Miss from cloudfront

Redirect headers

date
Sun, 30 Apr 2023 00:48:22 GMT
via
1.1 8ee187646f657ced7afa83005e9249cc.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P4
x-cache
Miss from cloudfront
location
/b2?c1=2&c2=6036462&ns__t=1682815701994&ns_c=UTF-8&c8=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&c7=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&c9=
content-length
0
x-amz-cf-id
uMX_yS8pUNLFG7FbYFqRiC-gR4SqD9ZNu2Z78OZGYa1PfBmN_M5HsA==
cf6ad19370aa6afad847f0b7c6922c23
r610.chicagotribune.com/plugin/plugin/ 		131 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/plugin/plugin/cf6ad19370aa6afad847f0b7c6922c23
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
9e1631b5c6188ad7a2ad428d4975d22a284a8eb41d44da812e342ea229eadec1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 08:32:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
age
1527364
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
31784
x-xss-protection
1; mode=block
last-modified
Tue, 11 Apr 2023 08:32:18 GMT
server
-
etag
cf6ad19370aa6afad847f0b7c6922c23
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
4Yz0mfkThZkY1FPAOPUNU-taLe784aJgdW8VAWwAvDVOylzH5w_JTg==
expires
Thu, 11 Apr 2024 08:32:18 GMT
ttj
ib.3lift.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/ttj?inv_code=CHI_ARC_Desktop_business_article
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-3.ewr53.r.cloudfront.net
Software
/
Resource Hash
73824d760b1446718655f257ec0b5f6ee95b9e32487e7cd0e0620b3b966b1449

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:38:26 GMT
content-encoding
gzip
via
1.1 284419e56e7f935ce4c1c55765241348.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C1
age
596
etag
"a74e1d5a1a64750e971c949a3fe5dcc4902cdf95"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=900
alt-svc
h3=":443"; ma=86400
content-length
4311
x-amz-cf-id
DrE4ZBTODU_ymPnps-YIu4ePtie70huu1B9UjyB8Iy0sm5RcrfV78g==
trk.gif
jadserve.postrelease.com/ 		43 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_at=394&ntv_usid=7493426&ntv_pl=1109722
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.210.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-210-94.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
server
nginx/1.12.2
content-type
image/gif
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=a867eba1-9ea8-4312-98cd-3609b53d95d9&ntv_fl=_WTWo83Z82K29ylCK0LanKfs_3JHo8VKmwMj2xlxUpCliLQIZX6eTX0fiQ9hC9pfDdrvAL7yRhMsozApoTJAEd6NPDkdCcB7ltr_b_ST4mogI1J2nlg3gl69P33_J-IK0yl4_MZVls20_eWonANu6oeDqKHCAVZgheUYIWe7KZrriB-uKOPkdxDqAPtZKBPRF4Qlv70DqimOmcItZYSiDPKez7Zlk1InGQ8eQcHCiJ-EZQoaHW8XMrjN2jcm6Nkesc2PJ_31OHuTgQ4470IMcoYRuXS9NZ0MMfIKqJ8BlAWAsZp3nCRPnof_fsIExLY5smMvF4Lz7w-syhHL_3RslocjxvASjdnxTETUPAr-k1c=&ntv_ht=1bpNZAA&ntv_at=303,302&ntv_a=AAAAAAAAAA2u4QA&ord=1682815702029&ntv_it
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.210.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-210-94.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
server
nginx/1.12.2
content-type
image/gif
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=a867eba1-9ea8-4312-98cd-3609b53d95d9&ntv_fl=_WTWo83Z82K29ylCK0LanKfs_3JHo8VKmwMj2xlxUpCliLQIZX6eTX0fiQ9hC9pfDdrvAL7yRhMsozApoTJAEd6NPDkdCcB7ltr_b_ST4mogI1J2nlg3gl69P33_J-IK0yl4_MZVls20_eWonANu6oeDqKHCAVZgheUYIWe7KZrriB-uKOPkdxDqAPtZKBPRF4Qlv70DqimOmcItZYSiDPKez7Zlk1InGQ8eQcHCiJ-EZQoaHW8XMrjN2jcm6Nkesc2PJ_31OHuTgQ4470IMcoYRuXS9NZ0MMfIKqJ8BlAWAsZp3nCRPnof_fsIExLY5smMvF4Lz7w-syhHL_3RslocjxvASjdnxTETUPAr-k1c=&ntv_ht=1bpNZAA&ntv_at=806&ntv_a=AAAAAAAAAA2u4QA&ntv_sat=5&ord=1682815702037&ntv_it
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.210.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-210-94.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
server
nginx/1.12.2
content-type
image/gif
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
trk.gif
jadserve.postrelease.com/ 		43 B
624 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=a867eba1-9ea8-4312-98cd-3609b53d95d9&ntv_fl=_WTWo83Z82K29ylCK0LanKfs_3JHo8VKmwMj2xlxUpCliLQIZX6eTX0fiQ9hC9pfDdrvAL7yRhMsozApoTJAEd6NPDkdCcB7ltr_b_ST4mogI1J2nlg3gl69P33_J-IK0yl4_MZVls20_eWonANu6oeDqKHCAVZgheUYIWe7KZrriB-uKOPkdxDqAPtZKBPRF4Qlv70DqimOmcItZYSiDPKez7Zlk1InGQ8eQcHCiJ-EZQoaHW8XMrjN2jcm6Nkesc2PJ_31OHuTgQ4470IMcoYRuXS9NZ0MMfIKqJ8BlAWAsZp3nCRPnof_fsIExLY5smMvF4Lz7w-syhHL_3RslocjxvASjdnxTETUPAr-k1c=&ntv_ht=1bpNZAA&ntv_at=321,322,333&ntv_a=AAAAAAAAAA2u4QA&ntv_jlt=1079&ntv_jad=336&ntv_jte=11&ntv_it
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.210.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-210-94.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
server
nginx/1.12.2
content-type
image/gif
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
load.js
widget.perfectmarket.com/tribunedigital-network/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.perfectmarket.com/tribunedigital-network/load.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b9214ca684d83a4198b1a41d1746ed05a1ca7f51ffd72daa6564242bed1d688

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
kZroo5ra6JVknEnjFuyGO4UKxaqwcS.1
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sun, 30 Apr 2023 00:48:22 GMT
x-amz-request-id
BDY7SK91M6VV2NS0
age
301
x-cache
HIT, HIT
content-length
1504
x-amz-id-2
L4JxKoTf3obFchOU4ZrNdgGy6cwz2IzexzUM/cMGtzBHZ9PMOiiLcwOyfmx44xAS0ia5GJ4KAHg=
x-served-by
cache-bur-kbur8200134-BUR, cache-yul12825-YUL
last-modified
Wed, 26 Apr 2023 10:11:16 GMT
server
AmazonS3
x-timer
S1682815702.171514,VS0,VE2
etag
"75294f7dbdf42fdf244f6bacc8b9cf80"
vary
Accept-Encoding,,
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
accept-ranges
bytes
x-cache-hits
3740, 1
impl.20230427-7-RELEASE.js
cdn.taboola.com/libtrc/ 		758 KB
158 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/impl.20230427-7-RELEASE.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3-br /
Resource Hash
85f6aeeb69393d338e4706202f7bdb924ee1c8f080a2c7b08e32e6740f8103ac

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
mGtqqC6fcZ4B_YXYmmCFaRKmlFeudzj9
content-encoding
br
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:22 GMT
x-amz-request-id
1M6TH04QZQ8N7CX8
age
27886
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
161509
x-amz-id-2
YbXLqR4M1SjwmHTyKtQDrTnLe5xT/dZ1oRtgnt5ALFZXHPqYpOlO5aGjK6puxNyu1rwXMo0k3A0=
x-served-by
cache-yyz4581-YYZ
last-modified
Thu, 27 Apr 2023 08:55:12 GMT
server
AmazonS3-br
x-timer
S1682815702.137682,VS0,VE0
etag
"afa7bf6383170a8d1496444a032ed8a0"
vary
Accept-Encoding
content-type
application/javascript
abp
57
access-control-allow-origin
*
cache-control
private,max-age=31536000
accept-ranges
bytes
x-cache-hits
16561
beacon.js
sb.scorecardresearch.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/tribunedigital-network/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-112.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:41:24 GMT
content-encoding
gzip
via
1.1 8ee187646f657ced7afa83005e9249cc.cloudfront.net (CloudFront)
last-modified
Thu, 09 Mar 2023 09:22:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
30635
x-amz-server-side-encryption
AES256
etag
W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
_u5TtM6lzC0xyv_UJwNNDt1LDKY5KRw7nW96d5Vk2kCVsHOqKOzScg==
skeleton.gif
static.adsafeprotected.com/ 		43 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.adsafeprotected.com/skeleton.gif?bannnerid=243003_advertisement_
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21dd:5000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 05 Feb 2023 07:41:00 GMT
x-amz-version-id
iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via
1.1 94344436af750794f6bc9899d89d3a0a.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2
age
7232842
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
43
last-modified
Mon, 17 Aug 2020 23:55:15 GMT
server
AmazonS3
etag
"45cf913e5d9d3c9b2058033056d3dd23"
content-type
image/gif
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
GfzLtwodDvUYsCRa3U_FG1ETqdm5__BFF7GSh9cpUl6m3qEwCbbUMQ==
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304270101/ 		398 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304270101/pubads_impl.js?cb=31074205
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4ca2039a328b8430658284ee603ab8b1a8554e7e35afae2a094ea9838af9f60e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 06:12:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
66971
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
126154
x-xss-protection
0
server
cafe
etag
17925783384364415813
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Sun, 28 Apr 2024 06:12:11 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		915 B
417 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.chicagotribune.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c3e7ac3cc794ed5900daf83aac9c7489cb779a88c1c3f3fe2a1742d44312b257
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
392
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:22 GMT
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.151.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-151-99.ewr52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:35:19 GMT
x-amz-version-id
ZtsI5FMPcYjgnUSe6fFwOoK3szNfqbqS
content-encoding
gzip
via
1.1 0d3bc0372b2119705524079214a98b3e.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C2
age
784
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Thu, 27 Apr 2023 23:46:51 GMT
server
AmazonS3
etag
W/"a4d296427fc806b21335359e398c025c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
vary
Accept-Encoding,Origin
x-amz-cf-id
ZtSHvCILlHxHQGxYmAm6fkGajK6qdshcBOSX94XZs0iT1NbdYh1kzw==
/
cmp.osano.com/ Frame F8BF 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cmp.osano.com/
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:c000:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

age
77531
content-encoding
br
content-type
text/html
date
Sat, 29 Apr 2023 03:16:12 GMT
etag
W/"287b497c992487af362d33204f87d28f"
last-modified
Thu, 21 Oct 2021 22:01:08 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding Origin
via
1.1 58a45bf3f07dfdca95ebcb7935e84994.cloudfront.net (CloudFront)
x-amz-cf-id
CebkLSsJ2lsjWzrrfPUd8VONW9UKHpewrmFibJfxdBHBJFHFO5ojvw==
x-amz-cf-pop
JFK50-P5
x-amz-version-id
xT1PkIFehetvNf5lINcU02FbT3u47kBr
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
FUtg69tL.js
cdn.jwplayer.com/libraries/ Frame 26E5 		108 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jwplayer.com/libraries/FUtg69tL.js
Requested by
Host: tags.remixd.com
URL: https://tags.remixd.com/player/v5/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:d200:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
3a478f1c24febd62d91f8aed4e8cfe81850fac9d2ec4e6369004c0f4797f140f

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:46:17 GMT
content-encoding
gzip
via
1.1 1baed9857df8e3a07a6cd7cd51feb3f8.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
EWR53-P1
age
125
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180
x-robots-tag
noindex, indexifembedded
content-length
41196
x-amz-cf-id
KXCKXxy7vLHZBx8uosGtpTlLsqkR9AgpSW1VhO7Gi1jS1siAHx66BA==
63ea5e0b-f407-4da5-ad86-3d0dac913678
https://www.chicagotribune.com/ 		390 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.chicagotribune.com/63ea5e0b-f407-4da5-ad86-3d0dac913678
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Length
390
Content-Type
text/javascript
read_auth
authenticate.chicagotribune.com/ 		101 B
708 B 		Script
General
Check archive.org
Download Go to
Full URL
https://authenticate.chicagotribune.com/read_auth?product_code=chiarc&master_id=&callback=jQuery381218440514921300_186910943880667970
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.237.8.143 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-237-8-143.us-west-2.compute.amazonaws.com
Software
Apache /
Resource Hash
f75a1898d3ba7d8a5a47bf54a149b506b81291348702c2440bd09c8e67b5472f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-request-id
8e5d3af64c4bf231d0ce8881c901d57e
x-ua-compatible
IE=Edge,chrome=1
x-runtime
0.002087
server
Apache
x-host-info
3424f606440c,; c58e7c33fd8a1664c21a3ce7f87f865abe88c662 (HEAD -> refs/heads/release/2304.1.1, refs/remotes/origin/release/2304.1.1) DSS-17366 & DSS-1733 : update auht0 id creation logic in utilities & ensuring present in export
etag
"a9658c841ea41328dc7f40a09063b705"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
must-revalidate, private, max-age=0
httpd-identifier
3424f606440c
x-rack-cache
miss
swg.js
news.google.com/swg/js/v1/ 		199 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/swg.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b9dd3ac5da6732c952d1fcf8130a7e403e4b48c08460e3b2f62f2aed37fe6957
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:45:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
185
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
59003
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 17:14:37 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/javascript
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Sun, 30 Apr 2023 01:35:17 GMT
chiarc-reaction-1q2w3-1580939748189956228.min.js
www.tribdss.com/meter/assets/
Redirect Chain
  • https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js
  • https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international
64 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tribdss.com/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Server
23.7.73.96 Eden Prairie, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-7-73-96.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
8fc4c656fb606d73535160204c5fcb9786950480c185715d4cb677e04687a334
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Status
200 OK
Connection
keep-alive
Content-Length
14251
X-Request-Id
36790d8fb9e612530b4ba84a3465a1e4
X-UA-Compatible
IE=Edge,chrome=1
X-Runtime
0.009261
X-Content-Digest
c9ca80d4d04a3c68e0ddbe3fb7bf02448f0875e0
Last-Modified
Tue, 27 Sep 2022 09:54:52 GMT
Server
Apache
X-Host-Info
49d66e17b79a,; 6bc1041e00adf70b2570b8110e71a863d7d26646 (HEAD -> refs/heads/release/2208.1.0, refs/remotes/origin/release/2208.1.0, refs/remotes/origin/release/2207.1.0) dss-17031 added service account for health check app
ETag
1580939748189956228
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Cache-Control
public, max-age=29933052
Httpd-Identifier
49d66e17b79a
X-Rack-Cache
fresh

Redirect headers

Location
/meter/assets/chiarc-reaction-1q2w3-1580939748189956228.min.js?disabled=international
Date
Sun, 30 Apr 2023 00:48:22 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
features
zephr.chicagotribune.com/zephr/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://zephr.chicagotribune.com/zephr/features
Requested by
Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-99.ewr50.r.cloudfront.net
Software
/
Resource Hash
65b72c57b7d3e026f367272cac181935f22cf55a317943e7a7458cb122c840a2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
via
1.1 11ab138d0b995a9fa4daabbae7fc0b0c.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
public, max-age=300
access-control-allow-credentials
true
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
5FOwKJlD59BbIuemxRIsMfOudLBfCZmLOwaLbvb4qMi81UYCbnSOAw==
x-blaize-request
ffffffff92711e07
ping
ping.chartbeat.net/ 		43 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=chicagotribune.com&p=%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&u=DOtafEC2mPPPDSXTME&d=chicagotribune.com&g=3906&g0=business&g1=Matt%20O%27Brien%20and%20Frank%20Bajak&n=1&f=00001&c=0&x=0&m=0&y=6294&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&b=1812&t=FhjPYBpCRiYB5yLIHDvoe0PBd3QK&V=139&i=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20T&tz=0&sn=1&sv=XjGQmtSqGKVDm6kDV8RgJBp5Kxc&sd=1&im=067b0fff&_
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.172.179.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-172-179-242.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-length
43
expires
0
/
p1.parsely.com/plogger/ 		43 B
257 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p1.parsely.com/plogger/?rand=1682815702447&plid=96656284&idsite=chicagotribune.com&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&sref=&sts=1682815702436&slts=0&title=Was+my+workplace+hit+by+SolarWinds+hack%3F+And+four+more+cybersecurity+questions+answered.+%E2%80%93+Chicago+Tribune&date=Sun+Apr+30+2023+00%3A48%3A22+GMT%2B0000+(GMT)&action=pageview&pvid=59004348&u=pid%3D0c848a4ff8250762a92761ae1b25b3d5
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.194.161.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-194-161-83.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:22 GMT
Cache-Control
no-cache
Last-Modified
Sunday, 30-Apr-2023 00:48:22 GMT
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
collect
www.google-analytics.com/j/ 		4 B
214 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=645661812&t=pageview&_s=1&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&ul=en-us&de=UTF-8&dt=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1317525451&gjid=1048238253&cid=521293715.1682815702&tid=UA-6459251-3&_gid=55024982.1682815702&_r=1&_slc=1&gtm=45He34q0n815K8DK4V&cd1=chicagotribune&cd2=business&cd3=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf&cd5=arc%20fusion&cd6=story&cd7=story&cd8=story&cd9=ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m&cd10=ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m&cd12=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.&cd13=Matt%20O%27Brien%20and%20Frank%20Bajak&cd14=Matt%20O%27Brien%20and%20Frank%20Bajak&cd15=2020-12-15%2008%3A54&cd16=2020-12-15%2008%3A54&cd17=chicago-tribune&cd18=Associated%20Press&cd19=QCG4KZGX6VGBHIEHWYGHUSH45M&cd20=QCG4KZGX6VGBHIEHWYGHUSH45M&cd21=(none)&cd22=(none)&cd29=(none)&cd30=(none)&cd34=(none)&cd43=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36&cd44=1025%7C%7C1223&cd95=(none)&cd96=signed-out&cd97=0&cd98=(none)&cd99=(none)&cd100=(none)&cd102=(none)&cd103=(none)&cd119=(none)&cd123=no%20subtype&cd124=(none)&cd127=automatic%20stn&cd135=stories&cd139=&cd162=1035&cd163=%2Fbusiness&cm81=1&z=1835262056
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.130.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a8fd921d2017b5f79.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://www.chicagotribune.com
access-control-max-age
600
content-length
0
date
Sun, 30 Apr 2023 00:48:22 GMT
server
nginx
tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ 		2 B
228 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.sophi.io
URL: https://cdn.sophi.io/latest/sophi.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.130.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a8fd921d2017b5f79.awsglobalaccelerator.com
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:22 GMT
access-control-allow-credentials
true
content-type
text/plain; charset=UTF-8
server
nginx
content-length
2
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=645661812&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&ul=en-us&de=UTF-8&dt=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=ARC%20Sophi%20Rec~nowall~anonymous&ea=(none)&el=false%2C&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=521293715.1682815702&tid=UA-6459251-3&_gid=55024982.1682815702&gtm=45He34q0n815K8DK4V&cd1=chicagotribune&cd2=business&cd3=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf&cd5=arc%20fusion&cd6=story&cd7=story&cd8=story&cd9=ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m&cd10=ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m&cd12=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.&cd13=Matt%20O%27Brien%20and%20Frank%20Bajak&cd14=Matt%20O%27Brien%20and%20Frank%20Bajak&cd15=2020-12-15%2008%3A54&cd16=2020-12-15%2008%3A54&cd17=chicago-tribune&cd18=Associated%20Press&cd19=QCG4KZGX6VGBHIEHWYGHUSH45M&cd20=QCG4KZGX6VGBHIEHWYGHUSH45M&cd21=(none)&cd22=(none)&cd29=(none)&cd30=(none)&cd34=(none)&cd43=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36&cd44=1025%7C%7C1223&cd95=(none)&cd96=signed-out&cd97=0&cd98=(none)&cd99=(none)&cd100=(none)&cd102=(none)&cd103=(none)&cd119=(none)&cd123=no%20subtype&cd124=(none)&cd127=automatic%20stn&cd135=stories&cd139=&cd162=1035&cd163=%2Fbusiness&z=968841883
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 29 Apr 2023 12:11:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
45406
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
launchpad.bundle.js
launchpad.privacymanager.io/1/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://launchpad.privacymanager.io/1/launchpad.bundle.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-116.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b9d318b3157ccbfc3bb00e82a446613294f9a592c01537662386bd848882b7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
IBczV1acfLsLLKzHm11PkizTXPxE9_cH
content-encoding
br
via
1.1 1d45cc40d1dd29d2b3aaefb9f85bceee.cloudfront.net (CloudFront)
date
Sun, 30 Apr 2023 00:05:54 GMT
x-amz-cf-pop
JFK50-P6
age
2549
x-amz-server-side-encryption
AES256
x-amz-meta-codebuild-buildarn
arn:aws:codebuild:eu-west-1:469675294282:build/LaunchPadLibraryBuild-prod:f09170b2-5416-4e55-be91-38e5eec207ec
x-cache
Hit from cloudfront
x-amz-meta-codebuild-content-md5
a78f2a5a4864424e54348ce47b156abb
last-modified
Thu, 10 Mar 2022 13:10:48 GMT
server
AmazonS3
etag
W/"3e312624cdc2445a38a716f92dc3c0cd"
vary
Accept-Encoding
content-type
application/x-javascript
x-amz-meta-codebuild-content-sha256
e4ad213b137401d20a50fe1692169cc5f8b39867b6fe39afed7e307e1b9c967e
cache-control
must-revalidate,public,max-age=3600
x-amz-cf-id
YFfM8FLi4qSpQ7oVvngKyDdKfmtwT5-FPS90JTQvynYZyYP8Rcv-bg==
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pv&page=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&artpubt=1608044078&artsrc=Associated%20Press&artupt=1608044081&auth=Matt%20O%27Brien%7CFrank%20Bajak&cms=fusion&hier=business&ptype=story&pubname=chicagotribune&sec=business&wrdcnt=1035&tv=js-3.0.153&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=9&tvcfg=fusion&tid=4b5e1715-8fef-4a83-9249-be48f79b9217&pid=577140fe-b628-4c1d-b8de-5182b59c641c&dtm=1682815702574&qnm=_matherq&visible=1&tabid=9b3ffb53-6415-4c12-b1f2-a9e9d3b93e2e&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&vp=1600x1200&ds=1600x6294&tofa=1682815703&vid=1&lvidt=1682815703&duid=173b94f8b2185443&fp=792662924&cid=ma89701&mrk=197837611&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY4MjgxNTcwMDU5OSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIyMS43bWIiLCJoZWFwVCI6IjI2bWIiLCJmc3RQYWludCI6IjkwNyIsImZldGNoUyI6IjAiLCJkb21haW5TIjoiMSIsImRvbWFpbkUiOiI2NiIsImNvbm5TIjoiNjYiLCJjb25uRSI6IjEyMCIsInNzbFMiOiI4MyIsInJlcXVTIjoiMTIwIiwicmVzcFMiOiI2OTMiLCJyZXNwRSI6IjY5OCIsImRvbUxvYWQiOiI2OTciLCJkb21JbnRlciI6Ijk1MyIsImRvbUxvYWRTIjoiMTAwMyIsImRvbUxvYWRFIjoiMTA1MiJ9LCJpZGVudGl0aWVzIjpbeyJ0eXBlIjoiZ2EiLCJpZCI6IjUyMTI5MzcxNSIsInJlZlRpbWUiOiIxNjgyODE1NzAyNTczIn1dLCJhdWRpZW5jZSI6W3sicHJvdmlkZXIiOiJ1c2VyREIiLCJzZWdtZW50cyI6WyJNQVRIRVJfVTlfRklSU1RUSU1FTUVUMl8yMDE5MTAxNiJdLCJwYWdlSWQiOiI1NzcxNDBmZS1iNjI4LTRjMWQtYjhkZS01MTgyYjU5YzY0MWMifSx7InByb3ZpZGVyIjoiaVNlZ3MiLCJzZWdtZW50cyI6WyJNQVRIRVJfVTlfRklSU1RUSU1FTUVUMl8yMDE5MTAxNiJdLCJwYWdlSWQiOiI1NzcxNDBmZS1iNjI4LTRjMWQtYjhkZS01MTgyYjU5YzY0MWMifV19
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.216.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-216-79.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date
Sun, 30 Apr 2023 00:48:22 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
5d3f80cd7ae046dff491c81d7688fdbc
r610.chicagotribune.com/plugin/library/ 		294 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/plugin/library/5d3f80cd7ae046dff491c81d7688fdbc
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
a3977a7ae58b6f10201a306505091c8d0629f6e65eef6d804f4f8dc22ed8e078
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 22 Mar 2023 16:41:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
age
3312428
x-cache
Hit from cloudfront
p3p
policyref="", CP="DSP"
content-length
94281
x-xss-protection
1; mode=block
last-modified
Tue, 21 Mar 2023 16:41:14 GMT
server
-
etag
5d3f80cd7ae046dff491c81d7688fdbc
content-type
text/javascript; charset=utf-8
cache-control
public, no-cache="Set-Cookie", max-age=31536000
x-robots-tag
noindex, nofollow
x-amz-cf-id
2nRV-Nq_4kGHjnkzezo4h1d8Q_O_6kyFps2xeI2REk9FdjjLxg6b1Q==
expires
Thu, 21 Mar 2024 16:41:14 GMT
LB-Zone-1
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915/LB-Zone-1?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&bcsessionid=&bctempid=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&overruleReferrer=&time=2023-04-30T00%3A48%3A22%2B00%3A00&ts=1682815702624
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
48f3e5f7a9375010964bbbe094a198635e95eb57607fb22f24d1bfe05b2ae2e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
863
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
JbyiqCRp8x1aZr04hmYVaB5Im9Mq9NTNSSuD9UM8mtJMzJY3nlderw==
expires
Thu, 01 Jan 1970 00:00:00 GMT
b
sb.scorecardresearch.com/ 		0
319 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b?c1=7&c2=34354936&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1682815702626&ns_c=UTF-8&c3=1&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=0&cs_cmp_id=279&cs_cmp_sv=1&cs_cmp_rt=6&c7=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&c8=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&c9=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-112.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
via
1.1 8ee187646f657ced7afa83005e9249cc.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P4
x-amz-cf-id
8OPod0wdULBg_GWat-9M5LXBrBBDRhTsNevNey0WBDTC8seB3_aKSg==
x-cache
Miss from cloudfront
css2
fonts.googleapis.com/ Frame 26E5 		4 KB
613 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1d118629f303ffc076b5d1d89ddcc05c9fdc4e149d4aa07d38cf376fd440239d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 29 Apr 2023 23:46:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 30 Apr 2023 00:48:22 GMT
ping.gif
player-files.remixd.com/ Frame 26E5 		43 B
582 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://player-files.remixd.com/ping.gif?action=playerImpression&userId=null&referrerUrl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&domain=chicagotribune.com&adDuration=&inViewDuration=&sessionDuration=0&sessionId=d331a1b7-6a65-4d19-bf2f-fc15ff5f6a65&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
x-guploader-uploadid
ADPycdv6iXu6fa0YqjlBn2ATJ0WNki1uLbhT2xWPo7vlywDsCTvqATvdb59ddKRDVUxN0Hc5Qx8pWzr1tnpI53-IC-wbeQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Wed, 23 Oct 2019 15:45:02 GMT
server
UploadServer
etag
"cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-generation
1571845502045744
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
access-control-expose-headers
Content-Type
cache-control
no-cache, no-store, must-revalidate
x-goog-stored-content-length
43
accept-ranges
bytes
expires
Mon, 29 Apr 2024 00:48:22 GMT
ping.gif
player-files.remixd.com/ Frame 26E5 		43 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://player-files.remixd.com/ping.gif?action=loading&userId=null&referrerUrl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&domain=chicagotribune.com&adDuration=&inViewDuration=&sessionDuration=1&sessionId=d331a1b7-6a65-4d19-bf2f-fc15ff5f6a65&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
x-guploader-uploadid
ADPycdsqWtYWO3CyvAfy0EH6q1bzgWwRrCiGGUPCNkz1SKPd10ptUEJdXhlz70bjku_n_AYlX5wGo1cpBHG7S4qkV2wRehl79Nr8
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Wed, 23 Oct 2019 15:45:02 GMT
server
UploadServer
etag
"cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-generation
1571845502045744
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
access-control-expose-headers
Content-Type
cache-control
no-cache, no-store, must-revalidate
x-goog-stored-content-length
43
accept-ranges
bytes
expires
Mon, 29 Apr 2024 00:48:22 GMT
ping.gif
player-files.remixd.com/ Frame 26E5 		43 B
197 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://player-files.remixd.com/ping.gif?action=loaded&userId=null&referrerUrl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&domain=chicagotribune.com&adDuration=&inViewDuration=&sessionDuration=3&sessionId=d331a1b7-6a65-4d19-bf2f-fc15ff5f6a65&volume=null&speed=1&position=null&mediaLength=null&isAMP=false
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.38.143 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
143.38.190.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
x-guploader-uploadid
ADPycdvzBA5TobNvnnsR_-TRuTWbgZCycu5iJn7AcM_DZs0-KmOgKkUKCDhqJpZEUVSQsDBtoW43VzlDbpi88yQaOLmPHpVgHWCm
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
last-modified
Wed, 23 Oct 2019 15:45:02 GMT
server
UploadServer
etag
"cc8f8e28fe4d3aa85ca835a029fe08a5"
x-goog-generation
1571845502045744
content-type
image/gif
access-control-allow-origin
*
x-goog-hash
crc32c=CskzBw==, md5=zI+OKP5NOqhcqDWgKf4IpQ==
access-control-expose-headers
Content-Type
cache-control
no-cache, no-store, must-revalidate
x-goog-stored-content-length
43
accept-ranges
bytes
expires
Mon, 29 Apr 2024 00:48:22 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
354 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-6459251-3&cid=521293715.1682815702&jid=1317525451&gjid=1048238253&_gid=55024982.1682815702&_u=YEBAAEAAAAAAACAAI~&z=11714529
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sun, 30 Apr 2023 00:48:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html.js
dyv1bugovvq1g.cloudfront.net/3/www.chicagotribune.com/business/ 		275 B
689 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dyv1bugovvq1g.cloudfront.net/3/www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html.js
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:8400:5:82fd:2500:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fbf3687b4e3fbfa5e6d534f5fd9739dbb29c0ab3111e902f7ce95199501d434c

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:21 GMT
via
1.1 560ae23eb11e8a754d4876989783ad5e.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
EWR53-P1
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-max-age
3000
access-control-allow-methods
GET
access-control-allow-origin
https://www.chicagotribune.com
x-cache
Error from cloudfront
content-type
application/xml
access-control-allow-credentials
true
x-amz-cf-id
qI1We1fTt5hWk3GpQNt-91sRrOVSFmzqAl4tTITJ0BDbC_z5e5n84A==
config
c.amazon-adsystem.com/cdn/prod/ 		743 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3503&u=https%3A%2F%2Fwww.chicagotribune.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.151.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-151-99.ewr52.r.cloudfront.net
Software
Server /
Resource Hash
02be04a70799d79a31b671ea6b5ce156c93710abb438e700d7ba9246850c3ef7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:31:50 GMT
via
1.1 2f5727cd85b40e905349d2b5268f3dbc.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR52-C2
age
18992
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
743
x-amz-cf-id
d4-hua9PBj5970mTa2HA3nIK38udRSvL4QRGzYbhE3lixD21JAmZRg==
bid
aax.amazon-adsystem.com/e/dtb/ 		242 B
689 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3503&u=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&pid=KHrS831rTRJce&cb=0&ws=1600x1200&v=23.426.459&t=2000&slots=%5B%7B%22sd%22%3A%22htlad-1-gpt%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%5D&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.94.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-94-225.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
ae9f88a5ad02f349e7ed3e15515f3c09f08a1232976ca0322efab5918dd60861
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 38bc9c97daf30f968ccac44ef89e14e0.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-amz-rid
1BC6CQMECATQDV8JQKNZ
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
242
x-amz-cf-id
RiYZULpECAYK7Xcp3HCq5KE6cDu3niqjO8lZHtrsvVPAmglVvR0vQw==
auction
tlx.3lift.com/header/ 		19 B
528 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=7.31.0&referrer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tmax=2000&us_privacy=1---
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.227.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-227-89.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
accept-ch
sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness
x-auction-status
12
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
translator
hbopenbid.pubmatic.com/ 		0
121 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:22 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cdb
bidder.criteo.com/ 		18 B
320 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.31.0&cb=42733636611&lsavail=1
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
44
prebid
ib.adnxs.com/ut/v3/ 		19 B
834 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.164 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:22 GMT
AN-X-Request-Uuid
c6c26da5-812b-479f-bdfb-9b9e53c83a0f
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.chicagotribune.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pbjs
htlb.casalemedia.com/openrtb/ 		36 B
573 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=948352
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fba1124022f81856d21aedd0970e92f7ded860791d366c4537677bd044ded33

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=42rY6dS8XN3r1ntYCYkdaUoBtW9XB4eJwtPC4B56xowKmD8VLZ02Kx%2BcIK24C4WYmAY6CsBXaLHcDu3HDoyYNt7ls%2Fq7%2FMLx%2B7Lvg4Z0mNfC2VxuhD%2FUMb13%2BsPny7RmE6LDGtGd"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc75f2db9a220-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36
expires
0
fastlane.json
fastlane.rubiconproject.com/a/api/ 		496 B
831 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7476&site_id=469092&zone_id=2767822&size_id=2&alt_size_ids=55%2C57&us_privacy=1---&rf=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.page=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.domain=chicagotribune.com&tg_i.pbadslot=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%231&tk_flint=pbjs_lite_v7.31.0&x_source.tid=8864be68-8f37-4854-9feb-dae5a7a723fe&l_pb_bid_id=12474eea24bb5ae&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%231&slots=1&rand=0.1841597580606562
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
cfa45ab86314ea28cfeec0071061b7e8c9e74a461d2e7cfe3856edcddca22b4e

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:23 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
496
expires
Wed, 17 Sep 1975 21:32:10 GMT
7cHqv4kjgoGqM7E3_-gs51os.woff2
fonts.gstatic.com/s/barlow/v12/ Frame 26E5 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v12/7cHqv4kjgoGqM7E3_-gs51os.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 28 Apr 2023 02:13:09 GMT
x-content-type-options
nosniff
age
167713
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20960
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:18:28 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 27 Apr 2024 02:13:09 GMT
7cHpv4kjgoGqM7E_DMs5.woff2
fonts.gstatic.com/s/barlow/v12/ Frame 26E5 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/barlow/v12/7cHpv4kjgoGqM7E_DMs5.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow:wght@400;500;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:19:04 GMT
x-content-type-options
nosniff
age
19758
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
21144
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 19:43:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 19:19:04 GMT
config
c.amazon-adsystem.com/cdn/prod/ 		743 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3503&u=https%3A%2F%2Fwww.chicagotribune.com
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.151.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-151-99.ewr52.r.cloudfront.net
Software
Server /
Resource Hash
02be04a70799d79a31b671ea6b5ce156c93710abb438e700d7ba9246850c3ef7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:31:50 GMT
via
1.1 2f5727cd85b40e905349d2b5268f3dbc.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
EWR52-C2
age
18992
x-cache
Hit from cloudfront
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
max-age=21550, s-maxage=21600
access-control-allow-credentials
true
content-length
743
x-amz-cf-id
NpkkAWT9Uf56Jz3BBTT7ulC4V_wPbTWW_AGm5NSS4pevjjDWfKaJQQ==
bid
aax.amazon-adsystem.com/e/dtb/ 		242 B
689 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3503&u=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&pid=KHrS831rTRJce&cb=1&ws=1600x1200&v=23.426.459&t=2000&slots=%5B%7B%22sd%22%3A%22htlad-5-gpt%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22htlad-6-gpt%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22htlad-7-gpt%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%22%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%5D&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.94.225 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-94-225.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
00ed54ced313efe9634c9a3e37f2173fa69808649d973c8027678188a2c97f8a
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=47474747; includeSubDomains; preload
via
1.1 38bc9c97daf30f968ccac44ef89e14e0.cloudfront.net (CloudFront)
server
Server
x-amz-cf-pop
JFK50-P5
x-amz-rid
RVDHC7RQ83ZQ512P19RG
vary
Accept-Encoding,User-Agent
x-cache
Miss from cloudfront
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
timing-allow-origin
*
content-length
242
x-amz-cf-id
G6gkoF3ZTtwDEZ90qvHjLnbZJmAY9vCRcXbTFkDfrNxFBm2UZRdPow==
fastlane.json
fastlane.rubiconproject.com/a/api/ 		474 B
832 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7476&site_id=469092&zone_id=2767810&size_id=15&us_privacy=1---&rf=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.page=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.domain=chicagotribune.com&tg_i.pbadslot=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%234&tk_flint=pbjs_lite_v7.31.0&x_source.tid=8e59e3e4-7447-462a-8bf4-b81d8a8f091f&l_pb_bid_id=148d58473bf840f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%234&slots=1&rand=0.06920326138862398
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
bc37ef799c486ea69aac24a5704a16b0138914f14614d34df8b7ff1661a1d77f

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:23 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
474
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		474 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7476&site_id=469092&zone_id=2767810&size_id=15&us_privacy=1---&rf=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.page=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.domain=chicagotribune.com&tg_i.pbadslot=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%235&tk_flint=pbjs_lite_v7.31.0&x_source.tid=7fce522c-a77f-44e5-a014-0a491ab51371&l_pb_bid_id=158e771b8dd2d26&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%235&slots=1&rand=0.1890274861298662
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
5d68b4dff6fc1975b440cffa800290aeb46c4bef5e2408cfa4629c706895a506

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
474
expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/ 		494 B
828 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=7476&site_id=469092&zone_id=2767812&size_id=15&alt_size_ids=10&us_privacy=1---&rf=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.page=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tg_i.domain=chicagotribune.com&tg_i.pbadslot=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%236&tk_flint=pbjs_lite_v7.31.0&x_source.tid=f1421ef7-983b-4d8d-bac2-5bbea35f2a1b&l_pb_bid_id=16dd4337bcd8d57&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf%236&slots=1&rand=0.5578790525949937
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::116 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
f467ed9b6165deed9a2611603c41428b7cb9b97007e3f41b3ae29eecb94b5a49

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:23 GMT
server
nginx/1.21.4
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
content-length
494
expires
Wed, 17 Sep 1975 21:32:10 GMT
translator
hbopenbid.pubmatic.com/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:21 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cdb
bidder.criteo.com/ 		18 B
319 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=34&wv=7.31.0&cb=67408502946&lsavail=1
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::18 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Finatra /
Resource Hash
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
server
Finatra
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
44
prebid
ib.adnxs.com/ut/v3/ 		19 B
834 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.164 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:22 GMT
AN-X-Request-Uuid
0fcb4ce8-4715-483f-9405-139cdedbcc8c
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.chicagotribune.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
auction
tlx.3lift.com/header/ 		19 B
559 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=7.31.0&referrer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&tmax=2000&us_privacy=1---
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.227.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-227-89.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
accept-ch
sec-ch-ua-arch,sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt
x-auction-status
12, 12, 12
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
19
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
pbjs
htlb.casalemedia.com/openrtb/ 		37 B
309 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=948336
Requested by
Host: htlbid.com
URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca5ef1f9b6b68ac7a0d0cd668ed57f0e8d028391686b8cd6f375f61c84b2aa8e

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOX66wxZRrV64mOFZTW1FPkGBglD2G7wjYNrcq5NpqWVfbsqQ0VrwzYoNTPFTViX2kplI9%2FeZfonsWoZwjK6taOMNG6066EttoyHjW4ShAHDfqzMEcMNaU69wNd86hu01fg8K3bU"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc75f2dbaa220-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
oPS.js
d15kdpgjg3unno.cloudfront.net/ 		115 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=3
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:6e00:11:b309:9100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
38affcb9e2732c13cefa1fdec4cc50517333bc8343b91d7f0b948701a73abc47

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 16:54:03 GMT
x-amz-version-id
02vMKh.90zhQyTQ8aHtjMIJQzHFWmoEd
content-encoding
gzip
last-modified
Fri, 28 Apr 2023 17:23:59 GMT
server
AmazonS3
via
1.1 3c5c6d0ac004d7cc9b79e2835fc1f6a4.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-P1
etag
W/"9dd8a23bd5c9f839a39ecd0adf2bb256"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=84600
age
28460
x-amz-cf-id
_Frg38sKanwMkYCFsdBwPatuRCsDqHXDrublIlczWGlGGRm9w-0aYA==
feature-decisions
zephr.chicagotribune.com/zephr/ 		10 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://zephr.chicagotribune.com/zephr/feature-decisions
Requested by
Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
13.225.214.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-99.ewr50.r.cloudfront.net
Software
/
Resource Hash
532756bc7de280e34a41c4a8a269b351414ea97a468038aaac6a101e58b75f0d

Request headers

Accept
application/json
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
via
1.1 6e131451bd3f2f00145987b931606ec0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=86400
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id
wIzxD51MW8CT5A4UnuL2e7OmH_lluaXU0UKaoEONXAl3qvs32PRwIA==
x-blaize-request
693be240
feature-decisions
zephr.chicagotribune.com/zephr/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://zephr.chicagotribune.com/zephr/feature-decisions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-99.ewr50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
access-control-allow-methods
POST,PUT,PATCH,GET,DELETE,OPTIONS,HEAD
access-control-allow-origin
https://www.chicagotribune.com
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 30 Apr 2023 00:48:22 GMT
via
1.1 11ab138d0b995a9fa4daabbae7fc0b0c.cloudfront.net (CloudFront)
x-amz-cf-id
QB6Q0MsF2euP3dP-GQuq0zv-uQVSVc4xH4b1h39ZPsXyITExdN9oYw==
x-amz-cf-pop
EWR50-C1
x-cache
Miss from cloudfront
/
geo.privacymanager.io/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-12.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Sun, 30 Apr 2023 00:48:23 GMT
via
1.1 d1455588507b7bafbb414a958e6f1640.cloudfront.net (CloudFront), 1.1 e832d261a0bb86f8ba09ea0550c8e77e.cloudfront.net (CloudFront)
x-amz-apigw-id
EKohpH1PjoEFzoA=
x-amz-cf-id
cR1kt4Ra5AJNrltBWElS_fH8wmaF5CqxBhZ-zbjP1HY_mYznLbUxaA==
x-amz-cf-pop
EWR52-C4 EWR53-P1
x-amzn-requestid
609b120e-8e45-4f36-b7b7-b89422939a70
x-cache
Miss from cloudfront
/
geo.privacymanager.io/ 		30 B
610 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://geo.privacymanager.io/
Requested by
Host: launchpad.privacymanager.io
URL: https://launchpad.privacymanager.io/1/launchpad.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-12.ewr53.r.cloudfront.net
Software
/
Resource Hash
70fd869f92915eb3c9f85d2d2b5a473ba45239ae463b35267642335337c46f06

Request headers

Accept
application/json
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 29 Apr 2023 08:17:30 GMT
via
1.1 4eed67f4be7da2537d3407735b8962a8.cloudfront.net (CloudFront), 1.1 e832d261a0bb86f8ba09ea0550c8e77e.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD55-P4, EWR53-P1
age
59453
x-amzn-requestid
e56cd0d6-06e1-448d-9296-725718ea44c8
x-amzn-trace-id
Root=1-644cd29a-35f6fa06697e198b3d57b527;Sampled=0;lineage=06620786:0
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type
application/json
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-apigw-id
EIXYKFDgjoEFs4A=
content-length
30
x-amz-cf-id
Ig96UsHVTULwT0yY1r6VvUvMUwGqvEVFkwJ919qNH9l6amEC2UYOJQ==
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
swg-button.css
news.google.com/swg/js/v1/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/swg-button.css
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2f46926d81be4472495e6dc6a8789d7fc9ffb6acb270b4f6462720e0332fe718
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:16:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1922
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6456
x-xss-protection
0
last-modified
Wed, 26 Apr 2023 21:11:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Sun, 30 Apr 2023 01:06:20 GMT
loader.svg
news.google.com/swg/js/v1/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/js/v1/loader.svg
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:16:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1898
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1049
x-xss-protection
0
last-modified
Mon, 16 Mar 2020 18:14:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="news-frontend"
vary
Accept-Encoding
report-to
{"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type
image/svg+xml
cache-control
public, max-age=3000
accept-ranges
bytes
expires
Sun, 30 Apr 2023 01:06:44 GMT
1x1-pixel.png
ams-pageview-public.s3.amazonaws.com/ 		68 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ams-pageview-public.s3.amazonaws.com/1x1-pixel.png?id=b82feaa73aa9
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.101.187 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:24 GMT
Last-Modified
Mon, 26 Oct 2020 16:52:19 GMT
Server
AmazonS3
x-amz-request-id
RWB9E6SGD5P3Z04W
ETag
"91e42db1c66c0b276abf6234dc50b2eb"
Content-Type
image/png
Cache-Control
no-store
Accept-Ranges
bytes
Content-Length
68
x-amz-id-2
eAQhQEW6Das/izHrrEObRLM2wvBDiDdW2R2lDAPzdAheIACMoYvNT8+YbijjOgPYiPHVRbb33es=
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-6459251-3&cid=521293715.1682815702&jid=1317525451&_u=YEBAAEAAAAAAACAAI~&z=544223805
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:23 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-6459251-3&cid=521293715.1682815702&jid=1317525451&_u=YEBAAEAAAAAAACAAI~&z=544223805
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:23 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.238.216.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-216-149.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length
0
date
Sun, 30 Apr 2023 00:48:23 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
id5-api.js
cdn.id5-sync.com/api/1.0/ 		58 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.id5-sync.com/api/1.0/id5-api.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0325b6c9e68ae3f6ec25f6817b4daef364bd99c2ff5f04588fd6f956bf983b97
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 06 Apr 2023 12:00:04 GMT
server
cloudflare
x-amz-request-id
HBY88C4X7SB2GNAZ
age
2525
etag
W/"b58faeda0c1d193bc50dd25a7640d8ba"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
7bfbc76019e0a24a-YYZ
x-amz-id-2
9tt3h7NuTeNjVVhhEBuGXDokEH+gO8nJ2ojvBPx5trT+ssPar23U+0x6ZYHI6SCwab9u8mDoRvA=
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 		0
456 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.238.216.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-216-149.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Sun, 30 Apr 2023 00:48:23 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
cs
tribune.blueconic.net/DG/DEFAULT/ 		66 B
862 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tribune.blueconic.net/DG/DEFAULT/cs?bcsessionid=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&&callback=bc_json917
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.205.97.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-205-97-187.compute-1.amazonaws.com
Software
- /
Resource Hash
036ca913a79340aa56ea17d23a5284f24c0fc91b4d32e88e6ade0fb865961012
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
-
x-permitted-cross-domain-policies
master-only
content-type
text/javascript; charset=utf-8
p3p
policyref="", CP="DSP"
cache-control
no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag
noindex, nofollow
content-length
86
x-xss-protection
1; mode=block
expires
Thu, 01 Jan 1970 00:00:00 GMT
article
news.google.com/swg/_/api/v1/publication/chicagotribune.com/ 		324 B
271 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/_/api/v1/publication/chicagotribune.com/article
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7a7c108921aec53b21ed74d3979f9c1aea55ae72d724ff49d4e66bef21431c1c
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
text/plain, application/json
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientHttp/cspreport
content-encoding
gzip
content-disposition
attachment; filename="json.txt"; filename*=UTF-8''json.txt
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin; report-to="SubscribewithgoogleClientHttp"
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-methods
GET, POST
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
report-to
{"group":"SubscribewithgoogleClientHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientHttp/external"}]}
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.238.216.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-216-149.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
1800
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length
0
date
Sun, 30 Apr 2023 00:48:23 GMT
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 		0
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.238.216.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-238-216-149.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
date
Sun, 30 Apr 2023 00:48:23 GMT
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
stats
r610.chicagotribune.com/rest/recommendations/ 		16 B
850 B 		Script
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/rest/recommendations/stats?storeId=699df7a9-502c-4c05-85b0-78cce8b0f987&action=view&itemId=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&profileId=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&isEntrypage=true&hash=8e702897b8754f396b974832d7749c9c&lastmodified=1608044080000&referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&&callback=bc_json918
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
631f97233497c8d58e4dc584540bbba9ad7b09bc17db0d9cc6a5d3f045ff1075
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
36
x-xss-protection
1; mode=block
pragma
no-cache
server
-
content-type
text/javascript;charset=utf-8
cache-control
no-cache, no-store, no-transform, must-revalidate, private
x-robots-tag
noindex, nofollow
x-amz-cf-id
l5pby7uAQhQg3Z0qq5_f8G-vvpU0vjYh7UXFo04rT3FHQy18dNKTIw==
expires
Thu, 01 Jan 1970 00:00:00 GMT
915
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 		574 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&bcsessionid=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&bctempid=&overruleReferrer=&time=2023-04-30T00%3A48%3A23%2B00%3A00&ts=1682815703158
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
6cb33c7d8f2d52a0c152287878247466f565855824d367681fd8773b68ec2e95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
184
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
9zy5-HzdFCX7yo_dW3cILBG0qpIz2J650bhIURpGAfF-n9CTIJMIXQ==
expires
Thu, 01 Jan 1970 00:00:00 GMT
915
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 		192 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&bcsessionid=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&bctempid=&overruleReferrer=&time=2023-04-30T00%3A48%3A23%2B00%3A00&ts=1682815703164
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
c0b4843749dd8b5b432e1f4834997b91f187a2b64e8bae449e88fb846a703b2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
171
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
CJ1G2CNkVDYXbTS0C0FlzmjKrr1W4napZcA6x1sXHKHp-Qz12Bc79A==
expires
Thu, 01 Jan 1970 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=645661812&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&ul=en-us&de=UTF-8&dt=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=blueconic&ea=connection&el=dimensions&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=521293715.1682815702&tid=UA-6459251-3&_gid=55024982.1682815702&gtm=45He34q0n815K8DK4V&cd1=chicagotribune&cd2=business&cd3=%2F4011%2Ftrb.chicagotribune%2Fbiz%2Fsf&cd5=arc%20fusion&cd6=story&cd7=story&cd8=story&cd9=ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m&cd10=ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m&cd12=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.&cd13=Matt%20O%27Brien%20and%20Frank%20Bajak&cd14=Matt%20O%27Brien%20and%20Frank%20Bajak&cd15=2020-12-15%2008%3A54&cd16=2020-12-15%2008%3A54&cd17=chicago-tribune&cd18=Associated%20Press&cd19=QCG4KZGX6VGBHIEHWYGHUSH45M&cd20=QCG4KZGX6VGBHIEHWYGHUSH45M&cd21=(none)&cd22=(none)&cd29=(none)&cd30=(none)&cd34=(none)&cd43=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36&cd44=1025%7C%7C1223&cd95=(none)&cd96=signed-out&cd97=0&cd98=(none)&cd99=(none)&cd100=(none)&cd102=(none)&cd103=(none)&cd119=(none)&cd123=no%20subtype&cd124=(none)&cd127=automatic%20stn&cd135=stories&cd139=&cd162=1035&cd163=%2Fbusiness&cd164=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&z=242965836
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 29 Apr 2023 12:11:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
45407
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
v2ecaRd7SXDJMTLARGGx4G6nmrlS6_HSVkCziRn1Dftpfz56-Q9bXBzZdGo1OTlcHqY9uI2Ov
smoggysnakes.com/ 		198 B
225 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://smoggysnakes.com/v2ecaRd7SXDJMTLARGGx4G6nmrlS6_HSVkCziRn1Dftpfz56-Q9bXBzZdGo1OTlcHqY9uI2Ov
Requested by
Host: smoggysnakes.com
URL: https://smoggysnakes.com/v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
66879f406e54c9654a77244ae54f26e1c79ba40ff2f7b6c27124946ad46c7fe6
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Sun, 30 Apr 2023 00:48:23 GMT
via
1.1 google
x-buildnumber
832971200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
198
x-datacenter
gce-us-east1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
x-hostname
fen-hoothoot-us-east1-spot-j11t
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires
Sun, 30 Apr 2023 00:48:22 GMT
config.json
c.go-mpulse.net/api/ 		51 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=DA9NK-5NF4A-5FWA6-EFVPV-RL87Z&d=www.chicagotribune.com&t=5609386&v=1.720.0&sl=0&si=b8159918-4c77-42d8-8531-95208f23e85f-rtwkwl&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=544467
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/DA9NK-5NF4A-5FWA6-EFVPV-RL87Z
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:13:699::11a6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
385b775f1349e9d369a6c6f63a0aafc11c22515ca8c97f2303038a2c6cdaf858

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Sun, 30 Apr 2023 00:48:23 GMT
Cache-Control
private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
51
Content-Type
application/json
integrator.js
adservice.google.ca/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.ca/adsid/integrator.js?domain=www.chicagotribune.com
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=www.chicagotribune.com
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		89 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3220473730311646&correlator=614003581192267&eid=31072020%2C31074205&output=ldjh&gdfp_req=1&vrg=202304270101&ptt=17&impl=fifs&gdpr_consent=tcunavailable&gdpr=0&tcfe=3&us_privacy=1---&iu_parts=4011%2Ctrb.chicagotribune%2Cbiz%2Csf&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=320x50%7C970x250%7C970x90%7C728x90%2C5x1%2C5x1&fluid=height%2C0%2C0&ifi=1&adks=255678973%2C543975087%2C571170953&didk=1622125026~356144529~303353385&sfv=1-0-40&prev_scp=htl_slot%3Dtop_article_fluid%26pos%3D1%26adlite%3Dfalse%7Chtl_slot%3Doutstream%26pos%3D1%26adlite%3Dfalse%7Chtl_slot%3Doutstream%26pos%3D2%26adlite%3Dfalse&eri=1&cust_params=htlbidid%3D18481%26is_testing%3Dno%26has_ats%3Dtrue%26ss%3Dl%26ref%3Dnone%26ptype%3Ds%26subtype%3Dstories%26site%3Dtrb.chicagotribune%26slug%3Dct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m%26cid%3DQCG4KZGX6VGBHIEHWYGHUSH45M%26at%3D%26design%3Darcfusion&sc=1&abxe=1&dt=1682815703251&lmt=1682815701&dlt=1682815701296&idt=1439&adxs=315%2C82%2C82&adys=274%2C1129%2C1975&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C1&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&frm=20&vis=1&psz=1432x0%7C952x0%7C952x0&msz=1432x0%7C952x0%7C952x0&fws=0%2C0%2C0&ohw=0%2C0%2C0&ga_vid=521293715.1682815702&ga_sid=1682815703&ga_hid=645661812&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304270101/pubads_impl.js?cb=31074205
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0f386a44ec6c87a97f68e4c1ed3ab421a23fffb164ac2c22bb5963b7fa7e7495
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22638
x-xss-protection
0
google-lineitem-id
6231794809,6018529605,6018529605
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138423676970,138399251251,138423071710
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame BAF9 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 30 Apr 2023 00:48:23 GMT
expires
Mon, 29 Apr 2024 00:48:23 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		115 KB
26 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3220473730311646&correlator=1604093320360144&eid=31072020%2C31074205&output=ldjh&gdfp_req=1&vrg=202304270101&ptt=17&impl=fifs&gdpr_consent=tcunavailable&gdpr=0&tcfe=3&us_privacy=1---&iu_parts=4011%2Ctrb.chicagotribune%2Cbiz%2Csf&enc_prev_ius=%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3%2C%2F0%2F1%2F2%2F3&prev_iu_szs=300x250%2C300x250%2C300x250%7C300x600&ifi=4&adks=1870952252%2C1749653132%2C3439357933&didk=302699615~302492128~1619800996&sfv=1-0-40&prev_scp=htl_slot%3Dcube%26pos%3D1%26adlite%3Dfalse%7Chtl_slot%3Dcube%26pos%3D2%26adlite%3Dfalse%7Chtl_slot%3Dflex_cube%26pos%3D3%26adlite%3Dfalse&eri=1&cust_params=htlbidid%3D18481%26is_testing%3Dno%26has_ats%3Dtrue%26ss%3Dl%26ref%3Dnone%26ptype%3Ds%26subtype%3Dstories%26site%3Dtrb.chicagotribune%26slug%3Dct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m%26cid%3DQCG4KZGX6VGBHIEHWYGHUSH45M%26at%3D%26design%3Darcfusion&sc=1&abxe=1&dt=1682815703303&lmt=1682815701&dlt=1682815701296&idt=1439&adxs=1134%2C1134%2C1134&adys=729%2C1033%2C1337&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C2&ucis=4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&frm=20&vis=1&psz=464x0%7C464x0%7C464x0&msz=464x0%7C464x0%7C464x0&fws=0%2C0%2C0&ohw=0%2C0%2C0&ga_vid=521293715.1682815702&ga_sid=1682815703&ga_hid=645661812&ga_fc=true
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304270101/pubads_impl.js?cb=31074205
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4a733578143393153bdfbf24f94acdef1b6c3438de751b11a4a1b5975a1e437e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2,-2,-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26930
x-xss-protection
0
google-lineitem-id
6229929582,992535056,5845324479
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138423675818,113579445176,138373666078
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
iu3
s.amazon-adsystem.com/ Frame D43B
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&dcc=t
371 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&dcc=t
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
6de012a512667aa3f2fe482139afc03e1d24bbcc7fb25f314e809e80bb547c0c
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
371
Content-Type
text/html;charset=ISO-8859-1
Date
Sun, 30 Apr 2023 00:48:23 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
49JQXB0TABTPN0PA32WN

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Sun, 30 Apr 2023 00:48:23 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
R2WXRRYRJXG6J6ED0NA5
feature-decisions
zephr.chicagotribune.com/zephr/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://zephr.chicagotribune.com/zephr/feature-decisions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
13.225.214.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-99.ewr50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
access-control-allow-methods
POST,PUT,PATCH,GET,DELETE,OPTIONS,HEAD
access-control-allow-origin
https://www.chicagotribune.com
alt-svc
h3=":443"; ma=86400
content-length
0
date
Sun, 30 Apr 2023 00:48:23 GMT
via
1.1 78151a5252ddc63300143dbe81b1f0c4.cloudfront.net (CloudFront)
x-amz-cf-id
8H1LEgsNnAdkh0jcWgY0IiduE3KEDK3fTDsWAiYQweMUf1IpqYw7EA==
x-amz-cf-pop
EWR50-C1
x-cache
Miss from cloudfront
feature-decisions
zephr.chicagotribune.com/zephr/ 		29 KB
7 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://zephr.chicagotribune.com/zephr/feature-decisions
Requested by
Host: assets.zephr.com
URL: https://assets.zephr.com/zephr-browser/1.3.9/zephr-browser.umd.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
13.225.214.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-99.ewr50.r.cloudfront.net
Software
/
Resource Hash
fe4c072ab2800413eb2b2a82f8b95f9cb90db8887f439c40fc2a9e8579679f73

Request headers

Accept
application/json
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
via
1.1 6e131451bd3f2f00145987b931606ec0.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR50-C1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=86400
access-control-allow-headers
Accept,Origin,Keep-Alive,Content-Type,User-Agent,Referer,Accept-Language,Cookie,Authorization,Cache-Control,Expires,Access-Control-Request-Method,Access-Control-Request-Headers,Accept-Encoding
x-amz-cf-id
cvaUioY8VfjRHO3npmgZTz3yAHNNRRC-5USGAAHD2qJhyBerJ-btjQ==
x-blaize-request
7c090ec3
915
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 		10 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&bcsessionid=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&bctempid=&overruleReferrer=&time=2023-04-30T00%3A48%3A23%2B00%3A00&ts=1682815703352
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
3e7885c38b406a643be4d765345890bb5ba930c96a7a3cf2d145f0bde8f8d0d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
1423
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
AW_nOnQQTiW7kVkMh6JnOV7vobcvtiT210dWocKkPhKYs7SbqxYCxA==
expires
Thu, 01 Jan 1970 00:00:00 GMT
serviceiframe
news.google.com/swg/ui/v1/ Frame FF80 		16 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/ui/v1/serviceiframe?_=1682815703356&publicationId=chicagotribune.com
Requested by
Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ea00ccaf95699dd2e10dfcfec7fd0bbf6c7fa7e9a06efa6277e74d2fee673745
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-g6vAZn07Vg6WEN41E6begQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-g6vAZn07Vg6WEN41E6begQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
unsafe-none; report-to="SubscribewithgoogleClientUi"
cross-origin-resource-policy
same-site
date
Sun, 30 Apr 2023 00:48:23 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
v2sjyAnabtPxFJUaLry-oQY1kCMi7APWgkkvKAfdmSD3j9pV2h5DBGWTj3qARplt56r-u6Ngb
smoggysnakes.com/ 		3 B
27 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://smoggysnakes.com/v2sjyAnabtPxFJUaLry-oQY1kCMi7APWgkkvKAfdmSD3j9pV2h5DBGWTj3qARplt56r-u6Ngb
Requested by
Host: smoggysnakes.com
URL: https://smoggysnakes.com/v2lycXBmloNJvBgX1X4DVpaOIIEDRv-aIb6gvdB6L-b5V3hFPpKkarQ4Y2H5bdtih
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Sun, 30 Apr 2023 00:48:23 GMT
via
1.1 google
x-buildnumber
832971200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
x-datacenter
gce-us-east1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
x-hostname
fen-hoothoot-us-east1-spot-j11t
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
70cbe087ce258f999216b06b28a303755d42601bb9ee1f11f2865bf7a971fac9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
v1
lb.eu-1-id5-sync.com/lb/ 		33 B
409 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
5056ee9f89eca042aeff7a869216c6cc3f8f3af83da9e995cdeccc61f170b7a0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
cspreport
news.google.com/swg/_/SubscribewithgoogleClientUi/ Frame FF80 		0
25 B 		Other
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/_/SubscribewithgoogleClientUi/cspreport
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-iqQYEjjHTuOUWxJJFY7ewQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/swg/ui/v1/serviceiframe?_=1682815703356&publicationId=chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
script-src 'report-sample' 'nonce-iqQYEjjHTuOUWxJJFY7ewQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com;report-uri /swg/_/SubscribewithgoogleClientUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
m=serviceiframeview,_b,_tp,_r
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L.B1.O/am=YOcGAAQ/d=1/ed=1/rs=ABXTjI4QWEPRvzQGURnmvRAPRWGC8RROcA/ Frame FF80 		521 B
967 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/ss/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L.B1.O/am=YOcGAAQ/d=1/ed=1/rs=ABXTjI4QWEPRvzQGURnmvRAPRWGC8RROcA/m=serviceiframeview,_b,_tp,_r
Requested by
Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=1682815703356&publicationId=chicagotribune.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
476d60955514d59fff612bff247149d6c3d8040247ec574886143d08163e1717
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:02:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
20729
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
311
x-xss-protection
0
last-modified
Tue, 18 Apr 2023 19:05:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/css; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 28 Apr 2024 19:02:54 GMT
m=_b,_tp,_r
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1... Frame FF80 		198 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Requested by
Host: news.google.com
URL: https://news.google.com/swg/ui/v1/serviceiframe?_=1682815703356&publicationId=chicagotribune.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9862d720a7bf84f9af0796630be7018e1dc90f9d4177dafe02b42a951d8fc89c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 04:07:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
74425
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71505
x-xss-protection
0
last-modified
Wed, 19 Apr 2023 02:50:51 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 28 Apr 2024 04:07:58 GMT
Test_oPS_Script_Loads
sqs.us-east-1.amazonaws.com/397719490216/ 		378 B
658 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sqs.us-east-1.amazonaws.com/397719490216/Test_oPS_Script_Loads?Action=SendMessage&MessageBody=cid%3D3%26bt%3Dnull
Requested by
Host: d15kdpgjg3unno.cloudfront.net
URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.236.169.117 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-236-169-117.compute-1.amazonaws.com
Software
/
Resource Hash
e0d1617f80366c07a2c68f06e955c64c6f81722619c9a1dea40107885292acd3

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
Date
Sun, 30 Apr 2023 00:48:23 GMT
x-amzn-RequestId
9d847c85-0d00-5ed2-b0d5-2042b017eb28
Content-Length
378
Content-Type
text/xml
css2
fonts.googleapis.com/ 		2 KB
446 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a3fb3097161f7fafdb9c550381e3ddc6fba01a5cff3d5097a9ef7719548d1330
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 30 Apr 2023 00:47:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 30 Apr 2023 00:48:23 GMT
tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.130.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a8fd921d2017b5f79.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://www.chicagotribune.com
access-control-max-age
600
content-length
0
date
Sun, 30 Apr 2023 00:48:23 GMT
server
nginx
tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ 		2 B
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.sophi.io
URL: https://cdn.sophi.io/latest/sophi.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.130.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a8fd921d2017b5f79.awsglobalaccelerator.com
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:23 GMT
access-control-allow-credentials
true
content-type
text/plain; charset=UTF-8
server
nginx
content-length
2
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:23 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:23 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 02:51:39 GMT
x-content-type-options
nosniff
age
79004
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22504
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 16:04:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 02:51:39 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 16:55:55 GMT
x-content-type-options
nosniff
age
28348
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23580
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:48:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 16:55:55 GMT
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pv&page=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&tv=js-3.0.153&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=9&tvcfg=fusion&tid=6a70c242-9296-44da-9ba4-7ca372d2352a&pid=577140fe-b628-4c1d-b8de-5182b59c641c&dtm=1682815703677&qnm=_matherq&visible=1&tabid=9b3ffb53-6415-4c12-b1f2-a9e9d3b93e2e&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&vp=1600x1200&ds=1600x6294&tofa=1682815703&vid=1&lvidt=1682815703&duid=173b94f8b2185443&fp=792662924&cid=ma89701&mrk=197837611&cx=eyJhY3Rpb24iOnsidHlwZSI6InBheXdhbGwiLCJjYXRlZ29yeSI6ImJsb2NrIiwiYWN0aW9uIjoic3RvcCIsIm91dGNvbWVzIjpbeyJmZWF0dXJlTGFiZWwiOiJSZWNfUGF5d2FsbF9UZXN0Iiwib3V0Y29tZUlkIjoidHJhbnNmb3JtYXRpb24vMSIsIm91dGNvbWVMYWJlbCI6IlNpdGUgTm90IEZvdW5kIn1dLCJtZXRlciI6e30sInRyaWFsVHJhY2tpbmdEZXRhaWwiOnt9LCJ2ZW5kb3IiOiJ6ZXBociIsImZsb3dyZWYiOnsiZGF5MCI6eyJmbG93IjoicGF5d2FsbCIsInRpZCI6IjZhNzBjMjQyLTkyOTYtNDRkYS05YmE0LTdjYTM3MmQyMzUyYSIsInRpbWUiOiIxNjgyODE1NzA0In0sImRheTUiOnsidGltZSI6IjE2ODI4MTU3MDQifSwiZGF5MzAiOnsidGltZSI6IjE2ODI4MTU3MDQifX19LCJpZGVudGl0aWVzIjpbeyJ0eXBlIjoiZ2EiLCJpZCI6IjUyMTI5MzcxNSIsInJlZlRpbWUiOiIxNjgyODE1NzAzNjc2In1dLCJhdWRpZW5jZSI6W3sicHJvdmlkZXIiOiJ1c2VyREIiLCJzZWdtZW50cyI6WyJNQVRIRVJfVTlfRklSU1RUSU1FTUVUMl8yMDE5MTAxNiJdLCJwYWdlSWQiOiI1NzcxNDBmZS1iNjI4LTRjMWQtYjhkZS01MTgyYjU5YzY0MWMifSx7InByb3ZpZGVyIjoiaVNlZ3MiLCJzZWdtZW50cyI6WyJNQVRIRVJfVTlfRklSU1RUSU1FTUVUMl8yMDE5MTAxNiJdLCJwYWdlSWQiOiI1NzcxNDBmZS1iNjI4LTRjMWQtYjhkZS01MTgyYjU5YzY0MWMifV19
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.216.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-216-79.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date
Sun, 30 Apr 2023 00:48:23 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
pr
s.amazon-adsystem.com/v3/ Frame E210 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&dcc=t
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
8320451ff8a4c5156ab0b0864389895266c3b47e3c7f306a4dc8bd19be09f5b2
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&dcc=t
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
3824
Content-Type
text/html;charset=ISO-8859-1
Date
Sun, 30 Apr 2023 00:48:23 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
ARHY0TT6BKXXPRESKSF8
/
cmp.osano.com/ Frame 5B19 		4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cmp.osano.com/
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:c000:3:b7e:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

age
77532
content-encoding
br
content-type
text/html
date
Sat, 29 Apr 2023 03:16:12 GMT
etag
W/"287b497c992487af362d33204f87d28f"
last-modified
Thu, 21 Oct 2021 22:01:08 GMT
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding Origin
via
1.1 58a45bf3f07dfdca95ebcb7935e84994.cloudfront.net (CloudFront)
x-amz-cf-id
DY1NKxad_KblfHlepFq5Sk_DGhGTgf4TT1RmUB78d7WObRJhIhqawA==
x-amz-cf-pop
JFK50-P5
x-amz-version-id
xT1PkIFehetvNf5lINcU02FbT3u47kBr
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1; mode=block
bundle.js
ib.3lift.com/rev/1ed5450ac944853f2fb309a890beec56e0763d58/dist/ 		180 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ib.3lift.com/rev/1ed5450ac944853f2fb309a890beec56e0763d58/dist/bundle.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.63.3 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-63-3.ewr53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca4632c98402232ce11da4c8e646385be9993ff53bc0fe70fc5bce163f41f674

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 07 Apr 2023 16:18:14 GMT
content-encoding
gzip
via
1.1 284419e56e7f935ce4c1c55765241348.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C1
age
1931410
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
58649
last-modified
Fri, 07 Apr 2023 15:59:41 GMT
server
AmazonS3
etag
"92969ce251b9c0b6147d989e6fdf8c76"
content-type
text/javascript
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-amz-cf-id
xEJry1RWSD7hcE0tW2cJh15ku_8-GyM67chmOxTTqxstEGLN0cN_rQ==
pmk-20220605.29.js
pm-widget.taboola.com/tribunedigital-network/ 		110 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pm-widget.taboola.com/tribunedigital-network/pmk-20220605.29.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f971bbafd6669c1bf9d5b7039475425bb7751cef461b1af56faa2b795f76d1bc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
R1Drsk3DIktWyo_AgTfZlS8NhaEw98pU
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Sun, 30 Apr 2023 00:48:23 GMT
x-amz-request-id
QEPXXQT40SJDXC1B
age
311826
x-cache
HIT, HIT
content-length
30573
x-amz-id-2
GjsqaGoNoR2TvHsX/q2fBakrY/qwh3y7332dRQ/QRNlII7LHoD486UAt8YpS4fgNJq7LdGymp34=
x-served-by
cache-bur-kbur8200095-BUR, cache-yyz4581-YYZ
last-modified
Wed, 26 Apr 2023 10:11:15 GMT
server
AmazonS3
x-timer
S1682815704.731074,VS0,VE0
etag
"0b1a128df34305d23b4becd2a41c99bc"
vary
Accept-Encoding,,
content-type
application/javascript; charset=utf-8
cache-control
max-age=31536000
accept-ranges
bytes
x-cache-hits
5, 2453
card-interference-detector.20230427-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/card-interference-detector.20230427-7-RELEASE.es6.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
692abe42f4d23f3251297b22d864ff6656a9512b5f5a6590de02670db19b267b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
zuUIcUm7cSZU_wxth8LWVLu6K4mt9EKg
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:23 GMT
x-amz-request-id
FY239C6KE848VR2G
age
145433
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
PENDING
content-length
2181
x-amz-id-2
yOehNrk+Yj7S4iVV4oVH2F2XU36iobaAIMTTY+8Ytfu8vGSlIUPDG7y1a8PbsztGSuheQv1ij6M=
x-served-by
cache-yyz4581-YYZ
last-modified
Fri, 28 Apr 2023 08:24:29 GMT
server
AmazonS3
x-timer
S1682815704.720696,VS0,VE0
etag
"545714f4f3c6e8fe836247d29c6f8c47"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
57
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
12567
sync
gum.criteo.com/ 		46 B
288 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS&us_privacy=1---&gdpr=0&gdpr_consent=&gdpr_pd=
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=3600
server-processing-duration-in-ticks
761616
expires
60
view
securepubads.g.doubleclick.net/pcs/ Frame CE69 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstoDeagW2cGgxqoKr7QMkQOvxj2h0mJzghgw77sCTyjtIhTV-fgpGz_n96LUVcG28zNfxtjUPH36nVIBEbxmCrFpfvt5n1TrKyRpdrUm7DZiwqoZiAse7QSLnF0dsS31CiHRTNhYKSHkyiiOE6d6-ns8x5Ij4VjX3McXL7gvP99YRW7MRJ-fef03nG4QJX76jBMsVZlGMt3Dd44q6x6eTMnQgP9M7nP-1IPeuL3jkwL3rMEJry9qrO2bvrtuKOMljaSlR3AYiO4vagIjmJClKtX3hXZC-v46UExGhnjzIMtdKAt9ZB7C-6hOPKYaY0xl54v142m7mWQPRtPOt4dhg&sai=AMfl-YTxGrEwT9rlXtw96uimmI9SVe4BN5oxkhwNxDaRxDoXw-Egk_Rovm6VEAuH83kDyxbHRJq31-fHt4qsN5A&sig=Cg0ArKJSzBxHFBafv4WZEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:23 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame CE69 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:58:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
17372
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8751
x-xss-protection
0
server
cafe
etag
8024400250147624166
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 May 2023 19:58:51 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame CE69 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:59:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
17361
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 May 2023 19:59:02 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame CE69 		158 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dc34bc082196f1951e9f73b3ad1c681cb38ea1d261031b8f65812db383b057a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49538
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1682508732222081"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:23 GMT
6790818612876119638
tpc.googlesyndication.com/simgad/ Frame CE69 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/6790818612876119638
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d836130940d04033fdfa8cb24a4e556e5ac2a5c607f0c3337fa42f0bb29c8d5c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 04:11:05 GMT
x-content-type-options
nosniff
age
74238
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28611
x-xss-protection
0
last-modified
Thu, 23 Feb 2023 16:27:34 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 28 Apr 2024 04:11:05 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame A784 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssK9M3OEmlHc7vZJGmHWjYpEfH1hyfcTKCt6TCxAuDYcN51G8FFEetWcmyVBQpIKaqkPJFo59ULgoNIaA8DMgtlcBWKlQrfcww2RZRhLa-6llmtabDYKZIjmOgG_DKIq_6clPzq9FiiGtwx1RE8WDtqYPT6D6yC2qpwc-HpxjA3hPcGJ202PXMaczQMQaWol_ONB4Erxvu_7KVYm8TseWazWSAk-Erg8AqNx78P1ugCaers1B-gYOKau6r37_Fax4kuJuuVCPHisWcejFuwJmSl1zhuccYENrdiKixp66DmEbjgVPlKc5c6QbyGKlGXQugzm7SVuzND5n-358sAKwaEdg&sai=AMfl-YTU8MMTm8zcEUcVEztdAx08lrfuXEs_nQ29EMVZsF71mSWIQSaQaDz1NPBwMpSWBJnm-3Ul7h3WbFzK1KQ&sig=Cg0ArKJSzH8dX71MvrOOEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:23 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A784 		158 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dc34bc082196f1951e9f73b3ad1c681cb38ea1d261031b8f65812db383b057a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49538
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1682508732222081"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:23 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame DC2C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsv31Ti0lufNXjdpxRDCbYUMHmGO3Yb60Qm0UpYWAdNnYO-rwkEtviqAQfOF0v8jVjb4gb9j-0MO6KqR1PBITRc1tUUJXKCB6kI3cNMrmKtC21vCunB_42aCmeBDkc9W5tyhFrSyCPKqYgY6FA33gtW0qQjX2w5Am2BI-EJJMgg1szpycMWeD-5IzIMwxaIk8fexpXxxex25DUSqY2XonX0hIOpClyx7m4iEZmQct1HjJ2svWVCg8P14lx48Ar3R-PHA3xYr-qE0NT6ArhFXv8r7vSLqmjDNMoiTaTzFBg_f1EO-GpgNAai2eGzHAh76C679UL4s6u_ODX3AGvTlac1EoA&sai=AMfl-YS6KKXXmDDzp8mRp7Dmc7ydrwqbyo94l3YInEv2htWw9Mp8Q-v_nc8kFL_zk54nvHWCKd6n8x52NqShb6c&sig=Cg0ArKJSzHc9nOWhJoyZEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame DC2C 		158 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dc34bc082196f1951e9f73b3ad1c681cb38ea1d261031b8f65812db383b057a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49538
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1682508732222081"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:23 GMT
si
capi.connatix.com/tr/ Frame A784 		0
330 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capi.connatix.com/tr/si?token=2628d265-2e02-4ab5-9092-d579a5ae32b7&cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/json
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc766587ba1fc-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pixel
protected-by.clarium.io/ Frame A784 		68 B
244 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_bE4zbkRJN0RYRzlwQVdBcW1mSE43NjlTS3o4LzMwMjkxNTg5Nzg6NXgx&v=5&s=v31gv7q3mrb&id=eyJkZnAiOnsiYWQiOjUxNzA2MTQ5NDgsImMiOjEzODM5OTI1MTI1MSwibCI6NjAxODUyOTYwNSwibyI6MzAyOTE1ODk3OCwiQSI6Ii80MDExL3RyYi5jaGljYWdvdHJpYnVuZS9iaXovc2YiLCJ5IjowLCJjbyI6MCwicyI6Imh0bGFkLTItZ3B0In0sInRwX2NyaWQiOm51bGx9&cb=538233&h=www.chicagotribune.com&d=eyJ3aCI6ImJFNHpia1JKTjBSWVJ6bHdRVmRCY1cxbVNFNDNOamxUUzNvNEx6TXdNamt4TlRnNU56ZzZOWGd4Iiwid2QiOnsibyI6MzAyOTE1ODk3OCwidyI6IjUiLCJoIjoiMSJ9LCJ3ciI6Mn0=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.238.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-238-67.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/png
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:24 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0
server
nginx/1.18.0 (Ubuntu)
expires
Sat, 26 Jul 1997 05:00:00 GMT
si
capi.connatix.com/tr/ Frame DC2C 		0
38 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capi.connatix.com/tr/si?token=2628d265-2e02-4ab5-9092-d579a5ae32b7&cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/json
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc766587ea1fc-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pixel
protected-by.clarium.io/ Frame DC2C 		68 B
243 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://protected-by.clarium.io/pixel?tag=wt_bE4zbkRJN0RYRzlwQVdBcW1mSE43NjlTS3o4LzMwMjkxNTg5Nzg6NXgx&v=5&s=v31gv7q3msv&id=eyJkZnAiOnsiYWQiOjUxNzA2MTQ5NDgsImMiOjEzODQyMzA3MTcxMCwibCI6NjAxODUyOTYwNSwibyI6MzAyOTE1ODk3OCwiQSI6Ii80MDExL3RyYi5jaGljYWdvdHJpYnVuZS9iaXovc2YiLCJ5IjowLCJjbyI6MCwicyI6Imh0bGFkLTMtZ3B0In0sInRwX2NyaWQiOm51bGx9&cb=5273624&h=www.chicagotribune.com&d=eyJ3aCI6ImJFNHpia1JKTjBSWVJ6bHdRVmRCY1cxbVNFNDNOamxUUzNvNEx6TXdNamt4TlRnNU56ZzZOWGd4Iiwid2QiOnsibyI6MzAyOTE1ODk3OCwidyI6IjUiLCJoIjoiMSJ9LCJ3ciI6Mn0=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.238.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-238-67.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/png
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:24 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0
server
nginx/1.18.0 (Ubuntu)
expires
Sat, 26 Jul 1997 05:00:00 GMT
687.json
id5-sync.com/g/v2/ 		575 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/687.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
dddbb47a3872596072d2051bd06bea0b6971b23472fc4b47ed72a01d66c05603
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
687.json
id5-sync.com/g/v2/ 		574 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/687.json
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.82 , France, ASN16276 (OVH, FR),
Reverse DNS
ns31532337.ip-162-19-138.eu
Software
/
Resource Hash
04fcd245e1cb01d37d01f1bb412f713864fa443ea565b8ad206d80ca893ad943
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.chicagotribune.com
p3p
CP="CAO PSA OUR"
access-control-allow-credentials
true
ecm3
s.amazon-adsystem.com/ Frame E210
Redirect Chain
  • https://cs.media.net/cksync?cs=31&type=tam&redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dmedia.net%26id%3D%3Cvsid%3E&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3258173041455315000V10
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3258173041455315000V10
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
NM0T4987DMYRKBJ6KSSX
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:24 GMT
Server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Location
https://s.amazon-adsystem.com/ecm3?ex=media.net&id=3258173041455315000V10
Content-Type
text/html
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
154
x-mnet-hl2
E
Expires
Sun, 30 Apr 2023 00:48:24 GMT
ecm3
s.amazon-adsystem.com/ Frame E210
Redirect Chain
  • https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID
  • https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f963f79e
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f963f79e
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
PNM51AVMD9E9AE5YEM5B
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date
Sun, 30 Apr 2023 00:48:24 GMT
via
1.1 6a2d00c5c73022efc4bc2786f44b3cdc.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
EWR53-P1
x-cache
FunctionGeneratedResponse from cloudfront
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://s.amazon-adsystem.com/ecm3?ex=smaato.com&id=f963f79e
cache-control
no-cache, must-revalidate
content-length
0
x-amz-cf-id
dmvQgSY1wNBDbrUXp3ZhFr75OyT6ChTAdJpcYC7B5xDLsTqTt3ldFg==
connatix.playspace.js
cds.connatix.com/p/263050/ Frame BE67
Redirect Chain
  • https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
  • https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25&tier=1
1 MB
270 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25&tier=1
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e99c017fefb48e97fb69d882a8669085f379444a331bc6997f25013d013b507

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-amz-version-id
rqWsjZQzhLjcA00yYfcEzuI.PmD8frLy
content-encoding
br
cf-cache-status
HIT
x-amz-replication-status
FAILED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 28 Apr 2023 11:33:06 GMT
server
cloudflare
etag
W/"140d31dd69b5206604cd57e9821ab90f"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc7686a6ccac4-YYZ
access-control-allow-headers
range
expires
Mon, 29 Apr 2024 00:48:24 GMT

Redirect headers

date
Sun, 30 Apr 2023 00:48:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
surrogate-control
no-cache, no-store, must-revalidate, max-age=0
vary
Accept-Encoding
location
https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25&tier=1
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-ray
7bfbc766d88fcac4-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
connatix.playspace.js
cds.connatix.com/p/263050/ Frame 8D82
Redirect Chain
  • https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
  • https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
1 MB
270 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e99c017fefb48e97fb69d882a8669085f379444a331bc6997f25013d013b507

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-amz-version-id
rqWsjZQzhLjcA00yYfcEzuI.PmD8frLy
content-encoding
br
cf-cache-status
HIT
x-amz-replication-status
FAILED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 28 Apr 2023 11:33:06 GMT
server
cloudflare
etag
W/"140d31dd69b5206604cd57e9821ab90f"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc768aaa5cac4-YYZ
access-control-allow-headers
range
expires
Mon, 29 Apr 2024 00:48:24 GMT

Redirect headers

date
Sun, 30 Apr 2023 00:48:24 GMT
cf-cache-status
DYNAMIC
server
cloudflare
surrogate-control
no-cache, no-store, must-revalidate, max-age=0
vary
Accept-Encoding
location
https://cds.connatix.com/p/263050/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-ray
7bfbc766e892cac4-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
view
securepubads.g.doubleclick.net/pcs/ Frame A287 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuJTx6zAe6uAfSqdwlSoF9mNpL_naPRY_2Aog5N2aSFPJDK113yp2xm-K-b67EHppo11uzvJ0Wo9yFNElURkdFh-fj3m3o5d6q7sEqOx3ED1ryAcwNth6naFUrPb57vPPbIuf-Ec0HxR8RXhA62-qT3efW4ATme90bzD1Opfysxbz-32YqUmuKryRdtCZ_y7kttzGLEUxHGACVLTFpyDOG0x7eIlmt_zbO7OEf2NQb51lUPwx9MLZ9obEPX9WnNw_Pz7qOCG3rR1Vs0n4uLNnJPWEwwk4U8qg4vqCd_bKW5HD6Jmn5R2cuYh170PAE8vzMRbBgZWM0jY8ed81h-2Q&sai=AMfl-YSAzqyFbIfbEfpakSQ9w1PMDQtCJISj-OGgeL_5YETia_yPPE-MCIgwfcVMoJENui_VVg1dJprnpqSxzgU&sig=Cg0ArKJSzCCCWGuml404EAE&uach_m=[UACH]&adurl=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame A287 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:58:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
17373
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8751
x-xss-protection
0
server
cafe
etag
8024400250147624166
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 May 2023 19:58:51 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame A287 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:59:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
17362
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 May 2023 19:59:02 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A287 		158 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dc34bc082196f1951e9f73b3ad1c681cb38ea1d261031b8f65812db383b057a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49538
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1682508732222081"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:24 GMT
1067122242396602805
tpc.googlesyndication.com/simgad/ Frame A287 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/1067122242396602805
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3768b6be6f604aadc5aaa6cace7d2068cedf2e9a2d0bc8d4f3b6385e35bbd078
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 12:05:34 GMT
x-content-type-options
nosniff
age
45770
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51074
x-xss-protection
0
last-modified
Thu, 23 Feb 2023 16:22:58 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 28 Apr 2024 12:05:34 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1532 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsu8fecJC3vj0IYJ3vK8zuuEj7_f-n7iVVZNLE27o5DKho_MoYk_Kem5JRZvo1VfjcC2Gowb1r8BlrPYB1BcQhRClMXiPf8yOAimhjXVym8AEw-a2RIzL5aGpuVpRaXNXY4zHIKwwOfSfD0Lm2iOSXe2j1aqqmjkxVMirm23zl_croyqv_GwsCFjDHqoS-QOcWZTuFrRBQmVSIUr0LuZMaDoXrYcu03DaTQXP9DAOw_nPPkfaDiUyR6hgXzoLGnWWbsm05GtOctoHOUMExrfgW5doVY3pnbaxjGljBecqp0WQDamOcMXUYlRIhh7cWcK9RcjaI0-q7fby3UcjXGrUw&sai=AMfl-YR34WejooU_mL65XEYNIP1pCbUtTDcw-2O2xCLKI-c1_bwzdiX5ufjDZkLUqGzlObIxEQ0ulQUHrQewg_0&sig=Cg0ArKJSzHIbCIoeWBvbEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame 1532 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:58:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
17373
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8751
x-xss-protection
0
server
cafe
etag
8024400250147624166
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 May 2023 19:58:51 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/ Frame 1532 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/client/window_focus_fy2021.js
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:59:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
17362
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 May 2023 19:59:02 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 1532 		158 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dc34bc082196f1951e9f73b3ad1c681cb38ea1d261031b8f65812db383b057a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49538
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1682508732222081"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:24 GMT
15188721046994320104
tpc.googlesyndication.com/simgad/ Frame 1532 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/simgad/15188721046994320104
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
77ba501bcbec49ecf49ad37f427574ed4e50e273e4c582701413b76874c597aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 09:57:00 GMT
x-content-type-options
nosniff
age
53484
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67444
x-xss-protection
0
last-modified
Fri, 17 Feb 2017 17:18:59 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 28 Apr 2024 09:57:00 GMT
container.html
a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 31B8 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, immutable, max-age=31536000
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 30 Apr 2023 00:48:23 GMT
expires
Mon, 29 Apr 2024 00:48:23 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pv&page=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&tv=js-3.0.153&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=9&tvcfg=fusion&tid=c58afc6d-5ae3-4ac9-badb-0ea86095314f&pid=577140fe-b628-4c1d-b8de-5182b59c641c&dtm=1682815703689&qnm=_matherq&visible=1&tabid=9b3ffb53-6415-4c12-b1f2-a9e9d3b93e2e&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&vp=1600x1200&ds=1600x6294&tofa=1682815703&vid=1&lvidt=1682815703&duid=173b94f8b2185443&fp=792662924&cid=ma89701&mrk=197837611&cx=eyJhY3Rpb24iOnsiY2F0ZWdvcnkiOiJkaXNwbGF5IiwiYWN0aW9uIjoiY29udGVudCIsIm91dGNvbWVzIjpbeyJmZWF0dXJlTGFiZWwiOiJSZWNfUGF5d2FsbF9UZXN0Iiwib3V0Y29tZUlkIjoidHJhbnNmb3JtYXRpb24vMSIsIm91dGNvbWVMYWJlbCI6IlNpdGUgTm90IEZvdW5kIn0seyJmZWF0dXJlTGFiZWwiOiJUb2FzdGVyIiwib3V0Y29tZUlkIjoidHJhbnNmb3JtYXRpb24vMTQ3Iiwib3V0Y29tZUxhYmVsIjoiQy1DVC1JWi1ELU4tVHN0In1dLCJtZXRlciI6e30sInRyaWFsVHJhY2tpbmdEZXRhaWwiOnt9LCJvdXRjb21lTGFiZWwiOiJTaXRlIE5vdCBGb3VuZCIsInZlbmRvciI6InplcGhyIiwidHlwZSI6InBheXdhbGwiLCJmbG93cmVmIjp7ImRheTAiOnsiZmxvdyI6InBheXdhbGwiLCJ0aWQiOiI2YTcwYzI0Mi05Mjk2LTQ0ZGEtOWJhNC03Y2EzNzJkMjM1MmEiLCJ0aW1lIjoiMTY4MjgxNTcwNCJ9LCJkYXk1Ijp7InRpbWUiOiIxNjgyODE1NzA0In0sImRheTMwIjp7InRpbWUiOiIxNjgyODE1NzA0In19fSwiaWRlbnRpdGllcyI6W3sidHlwZSI6ImdhIiwiaWQiOiI1MjEyOTM3MTUiLCJyZWZUaW1lIjoiMTY4MjgxNTcwMzY4OCJ9XSwiYXVkaWVuY2UiOlt7InByb3ZpZGVyIjoidXNlckRCIiwic2VnbWVudHMiOlsiTUFUSEVSX1U5X0ZJUlNUVElNRU1FVDJfMjAxOTEwMTYiXSwicGFnZUlkIjoiNTc3MTQwZmUtYjYyOC00YzFkLWI4ZGUtNTE4MmI1OWM2NDFjIn0seyJwcm92aWRlciI6ImlTZWdzIiwic2VnbWVudHMiOlsiTUFUSEVSX1U5X0ZJUlNUVElNRU1FVDJfMjAxOTEwMTYiXSwicGFnZUlkIjoiNTc3MTQwZmUtYjYyOC00YzFkLWI4ZGUtNTE4MmI1OWM2NDFjIn1dfQ
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.216.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-216-79.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date
Sun, 30 Apr 2023 00:48:24 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
record
consent.api.osano.com/ 		0
437 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent.api.osano.com/record
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-44.jfk50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
via
1.1 ae4e162eb9c0a598fcb6475e70daa530.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P6
x-amzn-trace-id
Root=1-644dbad8-1aa0a7fa5928479e25bda462
x-amzn-requestid
a62fd2c8-8976-41c9-8647-d1fe384a88a4
x-cache
Miss from cloudfront
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-allow-headers
Accept, Authorization, Content-Length, Content-Type, Origin, X-Requested-With
x-amz-apigw-id
EKoh2FUGoAMFYig=
x-amz-cf-id
jrKl-EEbPqmi--TvznGgR0JGdt6nLRX2JckXqIWxPf9qexmlLtPS5A==
record
consent.api.osano.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://consent.api.osano.com/record
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-44.jfk50.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Sun, 30 Apr 2023 00:48:24 GMT
via
1.1 ae4e162eb9c0a598fcb6475e70daa530.cloudfront.net (CloudFront)
x-amz-apigw-id
EKoh2GIroAMFYiA=
x-amz-cf-id
ezyM9y57_DfZi_SNHOBS8qUyPAPdJaPUg2iKsvmQVs2Qg3YXcC1C1g==
x-amz-cf-pop
JFK50-P6
x-amzn-requestid
2d7e20cb-ae6c-4a9e-8151-631a25905055
x-cache
Miss from cloudfront
cm
u.openx.net/w/1.0/ Frame 9E7F
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7...
  • https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX...
693 B
732 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
773d4b3e6a07a46bc4cb06e9938b03dd1867b3acced6981e6f42601befc35024

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
400
content-type
text/html
date
Sun, 30 Apr 2023 00:48:24 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sun, 30 Apr 2023 00:48:24 GMT
location
https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
via
1.1 google
ecm3
s.amazon-adsystem.com/ Frame 54B2
Redirect Chain
  • https://ssbsync-us.smartadserver.com/api/sync?callerId=2&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1377982266721079385&gdpr=0&gdpr_consent=
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1377982266721079385&gdpr=0&gdpr_consent=
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sun, 30 Apr 2023 00:48:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
JJSH4TFYFR1PC7DC6H1N

Redirect headers

content-length
0
date
Sun, 30 Apr 2023 00:48:23 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=smart.com&id=1377982266721079385&gdpr=0&gdpr_consent=
ecm3
s.amazon-adsystem.com/ Frame CF0C
Redirect Chain
  • https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&gdpr=0
  • https://amazon-tam-match.dotomi.com/match/bounce/current?DotomiTest=5e8b0011fb480579&is_secure=true&networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D&...
  • https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAABwiddn3rhNgM08Y0sAAAAAAA&expiration=1682902104&is_secure=true&gdpr=0
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAABwiddn3rhNgM08Y0sAAAAAAA&expiration=1682902104&is_secure=true&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sun, 30 Apr 2023 00:48:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
0A6H9D2FCPQ431KJB6QZ

Redirect headers

cache-control
no-cache, private, max-age=0, no-store
content-length
0
date
Sun, 30 Apr 2023 00:48:24 GMT
expires
0
location
https://s.amazon-adsystem.com/ecm3?ex=cnv.com&id=AAABwiddn3rhNgM08Y0sAAAAAAA&expiration=1682902104&is_secure=true&gdpr=0
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
pragma
no-cache
server
nginx
915
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 		192 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&bcsessionid=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&bctempid=&overruleReferrer=&time=2023-04-30T00%3A48%3A24%2B00%3A00&ts=1682815704274
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
82beb162bbcc681c2b78cfc09eafa6a8bc7a078422df6a3c3fa4ca13053be480
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
171
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
Va2B8BhfdHE-xh8EISMuCB9KwI4jJkjwucV-66yCC9FeQcUyvtk2Pg==
expires
Thu, 01 Jan 1970 00:00:00 GMT
915
r610.chicagotribune.com/DG/DEFAULT/rest/rpc/ 		383 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://r610.chicagotribune.com/DG/DEFAULT/rest/rpc/915?referer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&bcsessionid=5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d&bctempid=&overruleReferrer=&time=2023-04-30T00%3A48%3A24%2B00%3A00&ts=1682815704279
Requested by
Host: r610.chicagotribune.com
URL: https://r610.chicagotribune.com/script.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-33.jfk50.r.cloudfront.net
Software
- /
Resource Hash
c7aec999b9688449d1d7d80d307a9728a4ab8349204176ee065c4f1d753a55f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
x-amz-cf-pop
JFK50-P8
x-cache
Miss from cloudfront
p3p
policyref="", CP="DSP"
content-length
180
x-xss-protection
1; mode=block
pragma
no-cache
server
-
accept-ch
sec-ch-ua-platform-version
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, no-transform, must-revalidate, private
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
x-amz-cf-id
2OmPENjE5UaB72xltEAM0IjZw4BzQhDyCjL_0IW6q_NSdFmHG3Hquw==
expires
Thu, 01 Jan 1970 00:00:00 GMT
truncated
/ Frame CE69 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1602af5db234e3be133ddbe4e0320b400320d32a7ff353720dfb33ecf3c81b0f

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame A784 		215 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb4f73b4621161c27979a48ab81a1d0c1bd3a51e4f4d52b3b2daff9cb85e9495

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/png
m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,mUDFmf,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,W93Wdc
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L... Frame FF80 		124 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L.B1.O/am=YOcGAAQ/d=1/exm=_b,_r,_tp/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI6gPBIjTMOKlIGafq2dUhW_JdiApA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/ujg=1/m=byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,ws9Tlc,fKUV3e,aurFic,U0aPgd,LEikZe,NwH0H,OmgaI,gychg,EEDORb,Mlhmy,mUDFmf,ZfAoz,kWgXee,ovKuLd,yDVVkb,KG2eXe,W93Wdc
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce7421f5862e407365973442ea5e7e98575b6f179ed23ad2c8d6c1ab7c9a8d41
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 17:32:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
285362
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42737
x-xss-protection
0
last-modified
Tue, 18 Apr 2023 19:05:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 25 Apr 2024 17:32:22 GMT
m=Wt6vjf,hhhU8,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L... Frame FF80 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L.B1.O/am=YOcGAAQ/d=1/exm=COQbmf,EEDORb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,W93Wdc,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI6gPBIjTMOKlIGafq2dUhW_JdiApA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/ujg=1/m=Wt6vjf,hhhU8,FCpbqb,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
13ee1534cd1c1ee75c6cc66bf9a090aaea63c0018e66190675071723b7a8b6b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 26 Apr 2023 17:32:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
285357
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7427
x-xss-protection
0
last-modified
Tue, 18 Apr 2023 19:05:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 25 Apr 2024 17:32:27 GMT
truncated
/ Frame DC2C 		217 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bde2aa789cdba2262fa845b3435b1b6381c65395d9013a50c009b3b662fec295

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/png
/
match.sharethrough.com/jwumXNuB/v1/ Frame 7DC9 		427 B
944 B 		Document
General
Check archive.org
Download Go to
Full URL
https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.161.237.233 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-237-233.compute-1.amazonaws.com
Software
/
Resource Hash
9a85572ddc51d0a1f1400cadea1cf584d1f34673032c5d93966ebd3ed2777436

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-length
427
date
Sun, 30 Apr 2023 00:48:24 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 625A 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156011&s=165626&predirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dpubmatic.com%26id%3DPM_UID&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.126.113.6 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-126-113-6.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=78310
content-encoding
gzip
content-length
5554
content-type
text/html
date
Sun, 30 Apr 2023 00:48:24 GMT
expires
Sun, 30 Apr 2023 22:33:34 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-akamai-pragma-client-ip
104.126.116.23, 4.7.166.99
x-check-cacheable
YES
x-serial
1
tamptsync
sync-amz.ads.yieldmo.com/ Frame 5FCB 		1019 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.54.178.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-54-178-10.compute-1.amazonaws.com
Software
/
Resource Hash
21fa4039ce11430bd6ebb4a321f737ac59d7453e28da5d8755382582942c6632

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-headers
Cache-Control, Pragma, *
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html;charset=utf-8
date
Sun, 30 Apr 2023 00:48:24 GMT
pragma
no-cache
vary
accept-encoding
usync.html
eus.rubiconproject.com/ Frame 4A44 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.192.31.127 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-192-31-127.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sun, 30 Apr 2023 00:48:24 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding
ecm3
s.amazon-adsystem.com/ Frame 99FF
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&gdpr=0
  • https://ups.analytics.yahoo.com/ups/58251/sync?redir=true&gdpr=0&verify=true
  • https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS00Uk9kdmZCRTJ1SjBsSDZUbVlubko3YmxzRFdSU2kwdH5B&gdpr=0
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS00Uk9kdmZCRTJ1SjBsSDZUbVlubko3YmxzRFdSU2kwdH5B&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sun, 30 Apr 2023 00:48:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
XFJYW66ZXPJ1KXJF0KQW

Redirect headers

age
0
content-length
0
date
Sun, 30 Apr 2023 00:48:24 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=vmg.com&id=eS00Uk9kdmZCRTJ1SjBsSDZUbVlubko3YmxzRFdSU2kwdH5B&gdpr=0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
server
ATS/9.1.10.25
strict-transport-security
max-age=31536000
auction
tlx.3lift.com/web/ Frame C6A2 		48 B
687 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tlx.3lift.com/web/auction?inv_code=CHI_ARC_Desktop_business_article&referrer=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&rev=1ed5450&fe=0&ft=0&cb=7244529181&gdpr=false
Requested by
Host: ib.3lift.com
URL: https://ib.3lift.com/rev/1ed5450ac944853f2fb309a890beec56e0763d58/dist/bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.203.227.89 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-203-227-89.compute-1.amazonaws.com
Software
/
Resource Hash
cf510d6a231298b22311b5b55d5e36d25dd4ea1a020e73ee9e9ed1084fe36be0
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:24 GMT
accept-ch
sec-ch-ua,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-width,sec-ch-ect,user-agent,sec-ch-downlink,sec-ch-ua-mobile,sec-ch-save-data,sec-ch-device-memory,sec-ch-dpr,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-platform,sec-ch-viewport-height,sec-ch-rtt,sec-ch-ua-arch
content-type
application/javascript; charset=utf-8
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control
no-cache, no-store, must-revalidate
content-length
48
x-xss-protection
0
expires
Thu, 15 Oct 1992 20:10:00 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame A784 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuOlEx1wt1odVktQPu5Jb0e1xFJw2v-LC3cHrhbFu2xXSXPHbU8oCFBHv-__CCKEl_2eFKwlAaU-uuHtmFlyCzUJfSGtOy8e5adWDzp5B_5Yt_mdRkXySWYGrxp644Px7XNJwqU-3POW0hmWxdDJdrauC60AY7KpebZZTCaNty1k0RSgEqvbUhx1euat1r6UMkS2ylcJnWtr1lFxbUw6e7GJlKsT6zCKnrJ7AZkO31N2mi5DMD7sqia4C3_9i4UgKlScVwOGWbaAN9LqaOq9n6zD_4TPoAxXvFJ8b7XskuNmbzqFoWmbLdYm6WEWWWqBcx2ZE9RMIKcGCBrJzhZkfWHJ30i&sai=AMfl-YQ7wtV42uPwHI7rGnOjXSrCamcW3Kqbz3_P3GUn2jqKW9dUzFGIQmEHc7EadCTZMFxue4wC8UShLV6YjI8&sig=Cg0ArKJSzJNWx6euW3NuEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:24 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame DC2C 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvIKX6UJdSwvgBXXjE5kMZldGnJaNxbDNFiL6h8kws_tJw1ApMXkKqh_Dpa_7ocvHUsw8xFl2KnZ47KaXKlJoOjkGyG2wvYqbEf68wozpd19zDroq4qF_PGzfn-sclwoZm0ZgfChD_NfLe_UEmIMKNFe-Z8JLszB-EwPIeIJXhU8ULMAMiW6s8it3wYcxMLn92yyUgURsFgZFO3ggLTwttVa8zx9xhWdwBU7swPKbR3b7pOo0XOvF7YhprSOwDJCVe6r7k-3Ti8GyfDU16Ov8jjHMkE-ToO1MdSAAvReVZzzZZPRAyfFDmaIJ2uLjB68Q6rX2HL90zJP4LVmc75uJ-3zCmV&sai=AMfl-YSOID77-T02u0pwYbOh67IV-5E0ho0cM2HvsIuvzyLjZIPL1J6fBtu63ZKT7ojbm_vBiLMr8CbCrFTiki4&sig=Cg0ArKJSzAA_bfnHPHBHEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:24 GMT
ecm3
s.amazon-adsystem.com/ Frame 9E7F 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=openx.com&id=4f5bee74-69c9-8132-b8d9-b361ad22f567
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
Z5M9S7TSJ74AS7D6NFMA
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
834af44d-e5cf-a881-4900-27033a46f3ce
pr-bh.ybp.yahoo.com/sync/openx/ Frame 9E7F 		43 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/openx/834af44d-e5cf-a881-4900-27033a46f3ce?gdpr=0
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4e9:5a02:5b4:577f:5bf1:de22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
dcm
s.amazon-adsystem.com/ Frame 9E7F 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=6e1b1225-4dd8-4d7d-b277-465574a27014&id=4f5bee74-69c9-8132-b8d9-b361ad22f567
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
BYFVZ0T727RQE2AJB94J
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9E7F
Redirect Chain
  • https://match.adsrvr.org/track/cmf/openx?oxid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0
  • https://match.adsrvr.org/track/cmb/openx?oxid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0
  • https://us-u.openx.net/w/1.0/sd?id=537072971&val=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0&gdpr_consent=
43 B
62 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072971&val=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0&gdpr_consent=
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072971&val=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=178d9209-7563-3ac8-78d7-31f6c5113e87&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
335
pixel
cm.g.doubleclick.net/ Frame 9E7F 		170 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=M2JlMjQxYzMtYmMxNC02NDZjLTZkMzctNmI0ZjBmZjNmMGU3
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:24 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9E7F
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBGH5i5MHpjVTKuy0DyUM9E&google_cver=1
43 B
180 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBGH5i5MHpjVTKuy0DyUM9E&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/cm?cc=1&id=e818ca1e-0c23-caa8-0dd3-096b0ada08b7&ph=2d1251ae-7f3a-47cf-bd2a-2f288854a0ba&plm=5&r=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dopenx.com%26id%3D%7BOPENX_ID%7D&gdpr=0
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:24 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBGH5i5MHpjVTKuy0DyUM9E&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20230426/r20110914/ Frame 31B8 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20230426/r20110914/abg_lite_fy2021.js
Requested by
Host: a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
URL: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:58:51 GMT
content-encoding
br
x-content-type-options
nosniff
age
17373
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8751
x-xss-protection
0
server
cafe
etag
8024400250147624166
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 13 May 2023 19:58:51 GMT
ext.js
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 31B8 		24 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js
Requested by
Host: a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
URL: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 19:59:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
17362
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6402
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sun, 28 Apr 2024 19:59:02 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 31B8 		158 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
URL: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dc34bc082196f1951e9f73b3ad1c681cb38ea1d261031b8f65812db383b057a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49538
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1682508732222081"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:24 GMT
truncated
/ Frame A287 		211 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab0a71b885eed47163261f9d4356e2c99d24913b2702b476946db4d107346aff

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 1532 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
74a62ef5ad85d88a52b79dfac8653b7e12fdb58528718dc0060588f9acd62abb

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/png
dinitsync
crb.kargo.com/api/v1/ Frame E1C6 		0
435 B 		Document
General
Check archive.org
Download Go to
Full URL
https://crb.kargo.com/api/v1/dinitsync?partners=A9
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.231.181 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-231-181.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate, private, max-age=0
Connection
keep-alive
Content-Length
0
Date
Sun, 30 Apr 2023 00:48:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 UTC
Pragma
no-cache
Vary
Origin
X-Accel-Expires
0
ecm3
s.amazon-adsystem.com/ Frame E080
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid=%24UID&ex=appnexus.com&gdpr=0
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fs.amazon-adsystem.com%252Fecm3%253Fid%3D%2524UID%26ex%3Dappnexus.com%26gdpr%3D0
  • https://s.amazon-adsystem.com/ecm3?id=2057375735473623847&ex=appnexus.com&gdpr=0
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?id=2057375735473623847&ex=appnexus.com&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sun, 30 Apr 2023 00:48:24 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
V65RYWNRQ4N907Q266XX

Redirect headers

AN-X-Request-Uuid
00c43095-e481-4b32-b1ba-a8796cbbe70b
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
Date
Sun, 30 Apr 2023 00:48:24 GMT
Expires
Sat, 15 Nov 2008 16:00:00 GMT
Location
https://s.amazon-adsystem.com/ecm3?id=2057375735473623847&ex=appnexus.com&gdpr=0
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma
no-cache
Server
nginx/1.21.3
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection
0
amazon
ce.lijit.com/beacon/ Frame 8029
Redirect Chain
  • https://ap.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
  • https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0
  • https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.44 Yorktown Heights, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
1c2f49e321e44089cfb8b8a47027b988e80c149f62da6991805ae77be5f066f4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Encoding
gzip
Content-Length
470
Content-Type
text/html
Date
Sun, 30 Apr 2023 00:48:25 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
Vary
Accept-Encoding, User-Agent
X-Sovrn-Pod
ad_ap4ord1

Redirect headers

Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Content-Length
0
Date
Sun, 30 Apr 2023 00:48:25 GMT
Expires
Fri, 20 Mar 2009 00:00:00 GMT
Location
https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
P3P
CP="CUR ADM OUR NOR STA NID"
Pragma
no-cache
X-Sovrn-Pod
ad_ap4ord1
sync-iframe
cs-server-s2s.yellowblue.io/ Frame 5AA1 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
b930afd42062f8539791cf42766fd386ca93dbc6378fcb7ade3298092340cfac

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
cs-server-s2s.yellowblue.io
content-length
1600
content-type
text/html
date
Sun, 30 Apr 2023 00:48:24 GMT
ping
ping.chartbeat.net/ 		43 B
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ping.chartbeat.net/ping?h=chicagotribune.com&p=%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&u=DOtafEC2mPPPDSXTME&d=chicagotribune.com&g=3906&g0=business&g1=Matt%20O%27Brien%20and%20Frank%20Bajak&n=1&f=00001&c=0.04&x=0&m=0&y=6348&o=1600&w=1200&j=30&R=1&W=0&I=0&E=2&e=2&r=&PA=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&b=1812&t=FhjPYBpCRiYB5yLIHDvoe0PBd3QK&V=139&tz=0&_acct=anon&sn=2&sv=XjGQmtSqGKVDm6kDV8RgJBp5Kxc&sd=1&im=067b0fff&_
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.172.179.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-172-179-242.compute-1.amazonaws.com
Software
/
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:24 GMT
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-length
43
expires
0
view
securepubads.g.doubleclick.net/pcs/ Frame CE69 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvW0TJILhdYYS54HQ-wyJnSNR02xE8H56ROYf1xKr37mnh6ZggEtL_IVvLY4csgnKXZs73eYpZkoiADHsz4DztWJtXKxPN7CIpv0JUUuoOuU_5BrS3Z5nlkVGtzYIrBMg0ZbpN4Ui25cDA3T4CTlAIIrpGkRCdkErMVG3HhAf9lWb7CgX0cBbM7d9hieecZHTbiBNr1tGEv1caFq24-Se-6_eIQOXlmwTY6NjlbONJn9qH_bTjROGVzAjIfLa0UA9h6Nr-9qpf8wWy4Bbq5Z9bD8O02MqEFkAAeuzAyi6096Kb9_z5R2FgGxNkfTDVUoBzHOJjXgWHM6WvQb9o0wnLJ&sai=AMfl-YSqc2SSEpBpEZsNqDx27rWYcMrFSzyQMpxHqlcJI9Q2ylFqzCsAK3TFtw4OeFRoQFfbJOdgbK7faYbO8fw&sig=Cg0ArKJSzG5mvcLEBIvuEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:24 GMT
usync.js
eus.rubiconproject.com/ Frame 4A44 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.192.31.127 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-192-31-127.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
35e2649dfd70401f7b66db7205e20679efd131d4c30bd166302277d276cfa4d2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=a9us&endpoint=us-east&gdpr=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:24 GMT
Content-Encoding
gzip
Last-Modified
Sat, 29 Apr 2023 04:58:52 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=15012
Connection
keep-alive
Content-Length
10020
Expires
Sun, 30 Apr 2023 04:58:36 GMT
ecm3
s.amazon-adsystem.com/ Frame 7DC9 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=sharethrough.com&id=4cdf8cfa-855b-4551-bc8a-ef308856dc98
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:24 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
45F7FHSSXVAYSD9G57AK
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
v1
match.sharethrough.com/sync/ Frame 7DC9
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=1
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&gdpr_consent=
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=97&redir=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DgBgkxrVErPj9wqivTDd2AmVY%26source_user_id%3D%7BuserId%7D&gdpr=0&...
  • https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
68 B
603 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.161.237.233 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-237-233.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:24 GMT
server
A
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://match.sharethrough.com/sync/v1?source_id=gBgkxrVErPj9wqivTDd2AmVY&source_user_id=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
v1
match.sharethrough.com/sync/ Frame 7DC9
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=2
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
68 B
606 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.161.237.233 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-237-233.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
v1
match.sharethrough.com/sync/ Frame 7DC9
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=3
  • https://ssum.casalemedia.com/usermatchredir?s=186046&cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__
  • https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fmatch.sharethrough.com%2Fsync%2Fv1%3Fsource_id%3DGM7HYz3VFjuymbiqnJLyjuPy%26source_user_id%3D__UID__&s=186046&C=1
  • https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZE262cpVGI6SOURNEZz7UQAA%263874
68 B
604 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZE262cpVGI6SOURNEZz7UQAA%263874
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.161.237.233 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-237-233.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://match.sharethrough.com/sync/v1?source_id=GM7HYz3VFjuymbiqnJLyjuPy&source_user_id=ZE262cpVGI6SOURNEZz7UQAA%263874
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
0
Expires
0
v1
match.sharethrough.com/sync/ Frame 7DC9
Redirect Chain
  • https://match.sharethrough.com/jwumXNuB_CMA/v1/?q=4
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sharethrough&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
68 B
602 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
Requested by
Host: match.sharethrough.com
URL: https://match.sharethrough.com/jwumXNuB/v1/?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dsharethrough.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.161.237.233 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-237-233.compute-1.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://match.sharethrough.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cache-control
no-cache
content-length
68
content-type
image/png

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://match.sharethrough.com/sync/v1?source_id=5b286190338513af73f09c28&source_user_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
323
ecm3
s.amazon-adsystem.com/ Frame A4FA
Redirect Chain
  • https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3D3lift.com%26id%3D%24UID&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=2622586526323626602146
43 B
479 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=2622586526323626602146
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
Date
Sun, 30 Apr 2023 00:48:25 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
x-amz-rid
HKZNY9P9CTHR1FFBBWDS

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
0
date
Sun, 30 Apr 2023 00:48:24 GMT
location
https://s.amazon-adsystem.com/ecm3?ex=3lift.com&id=2622586526323626602146
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
view
securepubads.g.doubleclick.net/pcs/ Frame A287 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuSTYiDvSbHHuB410665FScYP35ZeWVzrhKTFZo34ANdfYLdjbyVoEFgp_dKX8csM1SyPj-VOLABNrnssM-ci-tGdRB9DQatjzauSiqwS4mwyG7hRXDRGgHUcO60TcovyJ8YxciQB9KXDIneBaemi3oJN66meb5wnAI6izo-jTk5qI24cG4KznhPL9x2XP-Rmbqu4CnrzDwTLQcRaDDUK0ESoEoJ3BtLpTE94Ezd4y8iXvgH04vzZiHuR5j84r9mD2kYijyczZLNj-24auou5StvGNG86XZv8pAf_az8aOtFu2g7G5iCE8RzB3vDpvxTKIfUrtGnSrXQ9sPD-bUgB5O&sai=AMfl-YST4uzkrknGxEcS1S3fMkJ1aBz85liRwwROb0sw4XL5PQMS0GCAw84fFv6uyrZQgPV0R6RY8aRQNkQofOI&sig=Cg0ArKJSzBAeip30cSJUEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:24 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:24 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1532 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuBFoXHm_CRAkBT8i1hiXOzWeY8eR49pVo7MyDkC-ubGwQDuy68Pr1s5APIFvmLfeWB1HGBX4FIztmZr4ITMPbHyRqSSfsArcwYAuHJCLfqTumP8w7r2aUHwq-5gV4vb2gR2zu8t2HHO01jY_OyxDIXIggTQyn6wO9chTnngBVYPb72jid7MHkr2lM44lfhb97pR3aVnuNBH1xgt5J1Fg3PbTXhM4ZJEO_qd8F3Sx8SY0KQWAoKT_9dNb2NledDvs3TEtT-JSVVX1DHEcMccT6dr7CJHZewc9Kri01cCxy5WoBrLRlxoeXEbMOyTPUZbbumqk5aNPQv0KZOPh4vNcpt&sai=AMfl-YTQ7oKJXaEwoBE6WNGxZqXQcoMxjZ855rjJbkE_cTdoA2PRsB3ev7CXAkzMh8NWfLBGzjZnA_Yna2XM7Xc&sig=Cg0ArKJSzBGI_foCBEkuEAE&uach_m=[UACH]&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:25 GMT
publishertag.prebid.132.js
static.criteo.net/js/ld/ 		89 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.132.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b651b84ce79307c301a1c828d60c08084924177f48eec4aad6df47ec714d9af1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 06 Apr 2023 09:15:31 GMT
server
nginx
etag
W/"642e8db3-16298"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 01 May 2023 00:48:25 GMT
m=bm51tf
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L... Frame FF80 		1 KB
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L.B1.O/am=YOcGAAQ/d=1/exm=COQbmf,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,W93Wdc,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI6gPBIjTMOKlIGafq2dUhW_JdiApA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/ujg=1/m=bm51tf
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa42b353a1443b510839625deac9428844a80039d8bd6f1ad45b9caea9f64d35
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 21:03:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
13516
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
711
x-xss-protection
0
last-modified
Tue, 18 Apr 2023 19:05:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 28 Apr 2024 21:03:09 GMT
connatix.playspace.css
cds.connatix.com/p/263050/ 		114 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cds.connatix.com/p/263050/connatix.playspace.css
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be158c3175158d48b87ed0d5dd5921c17ca0c38ab609a1ec20d97c94c51ffcaf

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
x-amz-version-id
hwTyx65risCc_jv1hnqkW3JRFDJ4QSYL
content-encoding
br
cf-cache-status
HIT
x-amz-replication-status
FAILED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Fri, 28 Apr 2023 11:33:05 GMT
server
cloudflare
etag
W/"99fb5e504da2e2e7f215d326d4071b46"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
text/css
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc76cef27cac4-YYZ
access-control-allow-headers
range
expires
Mon, 29 Apr 2024 00:48:25 GMT
story
capi.connatix.com/core/ Frame 8D82 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/story?v=263050&cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f73192e200788bb6ff537b2ec776ae86e6a4dcaa644a871ab700cc81168f327

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc76d5fb6a1fc-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ecm3
s.amazon-adsystem.com/ Frame 5FCB 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=ym.com&id=g1a81a5dc82040b80225&gdpr=0
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
FQ31YREAN1YT56SDJKMT
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
sync
ads.yieldmo.com/v000/ Frame 5FCB
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=yieldmo&ttd_tpi=1&ttd_puid=g1a81a5dc82040b80225
  • https://ads.yieldmo.com/v000/sync?tdid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
43 B
475 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?tdid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.82.155.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-155-25.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ads.yieldmo.com/v000/sync?tdid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
181
sync
ads.yieldmo.com/ Frame 5FCB
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=yieldmo
  • https://ads.yieldmo.com/sync?pn_id=rc&id=LH2P0QKU-2-6DRE
43 B
687 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/sync?pn_id=rc&id=LH2P0QKU-2-6DRE
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.82.155.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-155-25.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ads.yieldmo.com/sync?pn_id=rc&id=LH2P0QKU-2-6DRE
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
0b388c490ecfef74be7d13328a4f3ac3
Expires
0
sync
ads.yieldmo.com/v000/ Frame 5FCB
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&redir%3Dhttps%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=yieldmo&zcc=1&cb=1682815705436
  • https://ad.turn.com/r/cs?pid=45&rndcb=8780902029
  • https://sync.1rx.io/usersync/turn/9012708831746626512?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005?redir=https%3A%2F%2Fads.yieldmo.com%2Fv000%2Fsync%3Fpn_id%3Dunl%26id%3DRX-100320bb-d1bd-4c5b-abf4-bcc19e80b8...
  • https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005
43 B
809 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.82.155.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-155-25.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:26 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

Date
Sun, 30 Apr 2023 00:48:26 GMT
Server
Tengine
ETag
RX100320bbd1bd4c5babf4bcc19e80b8e0005
Transfer-Encoding
chunked
P3P
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location
https://ads.yieldmo.com/v000/sync?pn_id=unl&id=RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005
Content-Type
text/html
Connection
keep-alive
sync
ads.yieldmo.com/v000/ Frame 5FCB
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=yieldmo_dbm&google_cm&pn_id=c
  • https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEA-I9OIVttMPknyavrrZscA&google_cver=1
43 B
585 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEA-I9OIVttMPknyavrrZscA&google_cver=1
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H2
Server
54.82.155.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-82-155-25.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-methods
POST, GET, OPTIONS
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
access-control-allow-headers
Cache-Control, Pragma, *
content-length
43

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ads.yieldmo.com/v000/sync?pn_id=c&google_gid=CAESEA-I9OIVttMPknyavrrZscA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
299
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
receive
pixel.tapad.com/idsync/ex/ Frame 5FCB
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3107&partner_device_id=g1a81a5dc82040b80225
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3107&partner_device_id=g1a81a5dc82040b80225
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d%252C%252C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d%2C%2C
95 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d%2C%2C
Requested by
Host: sync-amz.ads.yieldmo.com
URL: https://sync-amz.ads.yieldmo.com/tamptsync?callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dym.com%26id%3D%24UID&gdpr=0
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://sync-amz.ads.yieldmo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttd_puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d%2C%2C
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
359
r
eb2.3lift.com/ 		37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/r?inv_code=CHI_ARC_Desktop_business_article&aid=750256341519987187610&rev=1ed5450&domain=www.chicagotribune.com&ref=https%253A%252F%252Fwww.chicagotribune.com%252Fbusiness%252Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&pr=un&rr=auction&cb=59629
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif
cksync.php
contextual.media.net/ Frame 5AA1 		61 B
467 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://contextual.media.net/cksync.php?cs=25&type=ris&ovsid=%7B%7BAPID%7D%7D&redirect=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11585%26id%3D%3Cvsid%3E
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
96.16.24.29 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a96-16-24-29.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Sun, 30 Apr 2023 00:48:27 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
61
x-mnet-hl2
E
expires
Sun, 30 Apr 2023 00:48:27 GMT
cs
cs.yellowblue.io/ Frame 5AA1
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58760/sync?redir=true&gdpr=0&gdpr_consent=
  • https://cs.yellowblue.io/cs?aid=11591&id=y-wiil5XpE2uJT7Q.as3tfa1EQfogf9Y4V~A&gdpr_in_effect=0
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.yellowblue.io/cs?aid=11591&id=y-wiil5XpE2uJT7Q.as3tfa1EQfogf9Y4V~A&gdpr_in_effect=0
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
date
Sun, 30 Apr 2023 00:48:25 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

location
https://cs.yellowblue.io/cs?aid=11591&id=y-wiil5XpE2uJT7Q.as3tfa1EQfogf9Y4V~A&gdpr_in_effect=0
date
Sun, 30 Apr 2023 00:48:25 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
cs
cs.yellowblue.io/ Frame 5AA1
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=rise&gdpr=0&gdpr_consent=&user_id=MQBx5Setkp_s
  • https://x.bidswitch.net/ul_cb/sync?ssp=rise&gdpr=0&gdpr_consent=&user_id=MQBx5Setkp_s
  • https://odr.mookie1.com/t/v2/sync?tagid=V2_790378&src.visitorId=a1dcee34-06ed-41fc-ab2a-7213bef84e56&ssp=rise&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=419&user_id=10615336166152231890&ssp=rise&gdpr=0&gdpr_consent=
  • https://cs.yellowblue.io/cs?aid=11582&id=a1dcee34-06ed-41fc-ab2a-7213bef84e56
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.yellowblue.io/cs?aid=11582&id=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
date
Sun, 30 Apr 2023 00:48:26 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

Location
//cs.yellowblue.io/cs?aid=11582&id=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Date
Sun, 30 Apr 2023 00:48:26 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
cs
cs-server-s2s.yellowblue.io/ Frame 5AA1
Redirect Chain
  • https://sync.go.sonobi.com/us?gdpr=0&consent_string=&loc=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D115667%26uid%3D%5BUID%5D
  • https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=88c28147-94c7-4e7d-9a26-15053fd109c9
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=88c28147-94c7-4e7d-9a26-15053fd109c9
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
date
Sun, 30 Apr 2023 00:48:25 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
go-iad-2-5-130
Content-Type
text/plain; charset=utf8
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://cs-server-s2s.yellowblue.io/cs?aid=115667&uid=88c28147-94c7-4e7d-9a26-15053fd109c9
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
cs
cs.yellowblue.io/ Frame 5AA1
Redirect Chain
  • https://match.sharethrough.com/universal/v1?supply_id=5926d422&gdpr=0&gdpr_consent=
  • https://cs.yellowblue.io/cs?aid=11587&uid=4cdf8cfa-855b-4551-bc8a-ef308856dc98&gdpr=0
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.yellowblue.io/cs?aid=11587&uid=4cdf8cfa-855b-4551-bc8a-ef308856dc98&gdpr=0
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
date
Sun, 30 Apr 2023 00:48:25 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

location
https://cs.yellowblue.io/cs?aid=11587&uid=4cdf8cfa-855b-4551-bc8a-ef308856dc98&gdpr=0
date
Sun, 30 Apr 2023 00:48:25 GMT
content-length
0
cs
cs.yellowblue.io/ Frame 5AA1
Redirect Chain
  • https://ads.stickyadstv.com/user-matching?id=3663&gdpr=0&gdpr_consent=
  • https://cs.yellowblue.io/cs?aid=11601&id=f2a760e63e1ef2affb269349926758e&gdpr_consent=&gdpr=0
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.yellowblue.io/cs?aid=11601&id=f2a760e63e1ef2affb269349926758e&gdpr_consent=&gdpr=0
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
date
Sun, 30 Apr 2023 00:48:25 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://cs.yellowblue.io/cs?aid=11601&id=f2a760e63e1ef2affb269349926758e&gdpr_consent=&gdpr=0
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1682815705392094-268
cs
cs-server-s2s.yellowblue.io/ Frame 5AA1
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID
  • https://image8.pubmatic.com/AdServer/ImgSync?p=160295&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11576%26id%3D%23PMUID&rdf=1
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjY0NENDOUQtNkM2QS00MzQ2LTg0NjgtQUFGNzA3QjZCQTdD&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://cs-server-s2s.yellowblue.io/cs?aid=11576&id=B644CC9D-6C6A-4346-8468-AAF707B6BA7C
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs-server-s2s.yellowblue.io/cs?aid=11576&id=B644CC9D-6C6A-4346-8468-AAF707B6BA7C
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
date
Sun, 30 Apr 2023 00:48:26 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

location
https://cs-server-s2s.yellowblue.io/cs?aid=11576&id=B644CC9D-6C6A-4346-8468-AAF707B6BA7C
date
Sun, 30 Apr 2023 00:48:26 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
115
content-type
text/html; charset=utf-8
cs
cs-server-s2s.yellowblue.io/ Frame 5AA1
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=58ceaaf5-c766-4c17-869a-d76e43401714&gdpr=0&gdpr_consent=&r=https%3A%2F%2Fcs-server-s2s.yellowblue.io%2Fcs%3Faid%3D11563%26id%3D
  • https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=ff8d8e9f-a28c-078d-3390-6d64e4b8eac4
0
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=ff8d8e9f-a28c-078d-3390-6d64e4b8eac4
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://cs-server-s2s.yellowblue.io/
date
Sun, 30 Apr 2023 00:48:25 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://cs-server-s2s.yellowblue.io/cs?aid=11563&id=ff8d8e9f-a28c-078d-3390-6d64e4b8eac4
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ecm3
s.amazon-adsystem.com/ Frame 5AA1 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rise.com&id=MQBx5Setkp_s
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://cs-server-s2s.yellowblue.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
S5S5WTFK4YG9AY9RNY2V
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
dfa7banner_html_inpage_rendering_lib_200_268.js
s0.2mdn.net/879366/ Frame 31B8 		109 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/879366/dfa7banner_html_inpage_rendering_lib_200_268.js
Requested by
Host: a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
URL: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6d28830ef0fdeba41bc402b8b12341e929c6c66db8fe512deb2b1baa9611745b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/
Origin
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 20:31:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15400
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38568
x-xss-protection
0
last-modified
Tue, 14 Jan 2020 17:35:50 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 30 Apr 2023 20:31:45 GMT
ecm3
s.amazon-adsystem.com/ Frame 8029 		43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=GkIQUPZHabnp4gzTSl6doTLN&ex=sovrn.com&gdpr=0&gdpr=0&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
9JS5HDM8SV59DDR7J0R7
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
merge
ce.lijit.com/ Frame 8029
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D12%263pid%3D%24UID&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=12&3pid=2057375735473623847&gdpr=0&gdpr_consent=
43 B
856 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=12&3pid=2057375735473623847&gdpr=0&gdpr_consent=
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol
HTTP/1.1
Server
69.175.41.44 Yorktown Heights, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ord1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Date
Sun, 30 Apr 2023 00:48:25 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 673.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
c47f6323-90b1-4db2-b664-4d1ec65a800f
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://ce.lijit.com/merge?pid=12&3pid=2057375735473623847&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
merge
ce.lijit.com/ Frame 8029
Redirect Chain
  • https://pixel-eu.rubiconproject.com/exchange/sync.php?p=sovrn-onscroll&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=83&3pid=LH2P0QKU-2-6DRE&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=83&3pid=LH2P0QKU-2-6DRE&gdpr=0
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol
HTTP/1.1
Server
69.175.41.44 Yorktown Heights, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:26 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ord1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://ce.lijit.com/merge?pid=83&3pid=LH2P0QKU-2-6DRE&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
7c5d24517ee193cc868994bc18883d1d
Expires
0
merge
ce.lijit.com/ Frame 8029
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://rtb.mfadsrvr.com/ul_cb/sync?ssp=sovrn&gdpr=0&gdpr_consent=
  • https://ce.lijit.com/merge?pid=87&3pid=21de76f5-f82f-4771-9300-4712dea36918
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=87&3pid=21de76f5-f82f-4771-9300-4712dea36918
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol
HTTP/1.1
Server
69.175.41.44 Yorktown Heights, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:26 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ord1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
//ce.lijit.com/merge?pid=87&3pid=21de76f5-f82f-4771-9300-4712dea36918
date
Sun, 30 Apr 2023 00:48:25 GMT
cache-control
no-cache, no-store, must-revalidate
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame 8029
Redirect Chain
  • https://ap.lijit.com/dsp/google/cookiematch/dv?gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R2tJUVVQWkhhYm5wNGd6VFNsNmRvVExO&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R2tJUVVQWkhhYm5wNGd6VFNsNmRvVExO&gdpr=0
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol
H3
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Sun, 30 Apr 2023 00:48:25 GMT
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Location
https://cm.g.doubleclick.net/pixel?google_nid=lijit_dbm&google_hm=R2tJUVVQWkhhYm5wNGd6VFNsNmRvVExO&gdpr=0
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap2dca1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
merge
ce.lijit.com/ Frame 8029
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=
  • https://match.prod.bidr.io/cookie-sync/svr?gdpr=0&gdpr_consent=&_bee_ppp=1
  • https://ce.lijit.com/merge?pid=85&3pid=AAEPr07Im3YAACf-TdAY8g&gdpr=0
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=85&3pid=AAEPr07Im3YAACf-TdAY8g&gdpr=0
Requested by
Host: ce.lijit.com
URL: https://ce.lijit.com/beacon/amazon?url=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fid%3D%24UID&ex=sovrn.com&gdpr=0&dnr=1
Protocol
HTTP/1.1
Server
69.175.41.44 Yorktown Heights, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ce.lijit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:26 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ord1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location
https://ce.lijit.com/merge?pid=85&3pid=AAEPr07Im3YAACf-TdAY8g&gdpr=0
Date
Sun, 30 Apr 2023 00:48:25 GMT
strict-transport-security
max-age=2592000; includeSubDomains
Server
gunicorn
Connection
keep-alive
Content-Length
0
usync.html
eus.rubiconproject.com/ Frame 2A3C
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=rise_engage&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.192.31.127 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-192-31-127.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://cs-server-s2s.yellowblue.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Sun, 30 Apr 2023 00:48:25 GMT
ETag
"403b9-119-5ec73a0a33d00"
Last-Modified
Wed, 02 Nov 2022 02:30:44 GMT
Server
Apache/2.2.15 (CentOS)
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Sun, 30 Apr 2023 00:48:25 GMT
location
https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
server
AkamaiGHost
/
onetag-sys.com/usync/ Frame E31F 		2 KB
815 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=69f48c2160c8113
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.39.187 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip187.ip-51-222-39.net
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://cs-server-s2s.yellowblue.io/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
m=RqjULd
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L... Frame FF80 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L.B1.O/am=YOcGAAQ/d=1/exm=COQbmf,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,U0aPgd,W93Wdc,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI6gPBIjTMOKlIGafq2dUhW_JdiApA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/ujg=1/m=RqjULd
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
808515d245d7d80e18a680941807e7e7827d30b947b283cbd85c52f8eec41d04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 28 Apr 2023 14:07:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
124863
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5097
x-xss-protection
0
last-modified
Tue, 18 Apr 2023 19:05:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sat, 27 Apr 2024 14:07:22 GMT
batchexecute
news.google.com/swg/_/SubscribewithgoogleClientUi/data/ Frame FF80 		165 B
192 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://news.google.com/swg/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&source-path=%2Fswg%2Fui%2Fv1%2Fserviceiframe&f.sid=-9144190720862456453&bl=boq_subscribewithgoogleclientserver_20230419.03_p0&hl=en-US&soc-app=673&soc-platform=1&soc-device=1&_reqid=2906&rt=c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f9b6ac6a111ef0d375ab15de684f75154b385e3d720872151acf7d63746679b9
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

X-Same-Domain
1
Referer
https://news.google.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
require-trusted-types-for 'script';report-uri /swg/_/SubscribewithgoogleClientUi/cspreport
content-encoding
gzip
cross-origin-resource-policy
same-site
content-disposition
attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
insights.bin
ins.connatix.com/395d9b0b-466f-4632-a0a8-2042879a8441/6e17fb2e-f3ef-4365-bed9-084e46392d4f/ Frame 8D82 		648 B
711 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/395d9b0b-466f-4632-a0a8-2042879a8441/6e17fb2e-f3ef-4365-bed9-084e46392d4f/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eee71600fb640a353accc08a20ad88c095914981375d4bc77b6ef7fc7078c2a

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 29 Apr 2023 20:50:41 GMT
server
cloudflare
etag
W/"019f52b0c38192743ab7813686162b22"
access-control-max-age
86400
access-control-allow-methods
GET, HEAD
content-type
application/x-protobuf
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
vary
Accept-Encoding
cf-ray
7bfbc76f4e1c546d-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Mon, 29 Apr 2024 00:48:25 GMT
blockedDomains_2.bin
lit.connatix.com/7d423eb6-dd12-46dd-a98d-b521e68a5053/ Frame 8D82 		24 B
392 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lit.connatix.com/7d423eb6-dd12-46dd-a98d-b521e68a5053/blockedDomains_2.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7207ad268def5e82824e25165cfc184ac71ef884d9499900a7a7e07f09e0a835

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
x-amz-version-id
null
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
24
last-modified
Tue, 23 Aug 2022 15:32:55 GMT
server
cloudflare
etag
"6d610931d2da17b3589ae4747f67eba3"
access-control-max-age
86400
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
accept-ranges
bytes
cf-ray
7bfbc76f4cfaa238-YYZ
expires
Mon, 29 Apr 2024 00:48:25 GMT
sr
capi.connatix.com/tr/ Frame 8D82 		0
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc76f1ea0a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		74 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e308dc4dccc131c5a56d4f2534e6ac8bd3dd98ebe19b7cb7e017e05c86e7e50e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24756
x-xss-protection
0
server
cafe
etag
454 / 19477 / m202304250101 / config-hash: 17856767610576847833
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 30 Apr 2023 00:48:25 GMT
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame 8D82 		360 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e5b6d68ab32f145ca17f333ff43a2644b69887fbec215cb00a09cfc5ecc806b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
123415
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:25 GMT
6e17fb2e-f3ef-4365-bed9-084e46392d4f.bin
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame 8D82 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6e17fb2e-f3ef-4365-bed9-084e46392d4f.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb924d5f70acf0b53300df9cdf721bcb2f797bf56f61c8f913de2639b126621

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sat, 29 Apr 2023 20:49:53 GMT
server
cloudflare
etag
W/"e91836336a0fcf514be1857a1f2ef4b3"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
*
content-type
application/x-protobuf
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc76fafec5437-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:25 GMT
cks
cks.connatix.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=gapzaid&ttd_tpi=1
  • https://cks.connatix.com/cks?pid=19&uid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttl=1685407705
146 B
190 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cks.connatix.com/cks?pid=19&uid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttl=1685407705
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b72f40ec18d3c4c527add738d8f24a47e5a1dbb3f54afcaee252f84351df5bf5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7713bfdcac4-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://cks.connatix.com/cks?pid=19&uid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttl=1685407705
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
213
1000.gif
id.rlcdn.com/
Redirect Chain
  • https://id.rlcdn.com/712202.gif?cparams=6d207b272f1046079e5d5b8b40620389
  • https://id.rlcdn.com/1000.gif?memo=CIq8KxoNCNn1tqIGEgUI6AcQAEIASiA2ZDIwN2IyNzJmMTA0NjA3OWU1ZDViOGI0MDYyMDM4OQ
42 B
310 B 		Script
General
Check archive.org
Download Go to
Full URL
https://id.rlcdn.com/1000.gif?memo=CIq8KxoNCNn1tqIGEgUI6AcQAEIASiA2ZDIwN2IyNzJmMTA0NjA3OWU1ZDViOGI0MDYyMDM4OQ
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
via
1.1 google
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

date
Sun, 30 Apr 2023 00:48:25 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://id.rlcdn.com/1000.gif?memo=CIq8KxoNCNn1tqIGEgUI6AcQAEIASiA2ZDIwN2IyNzJmMTA0NjA3OWU1ZDViOGI0MDYyMDM4OQ
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
us
capi.connatix.com/core/ Frame 8D82
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=7cf4c6c4-b915-4cbd-83cc-28c0f662a829&ph=51e220cb-8c97-4a65-b047-91c933b79b78&r=https%3a%2f%2fcapi.connatix.com%2fcore%2fus%3fDemandPartner%3d8%26UserId%3d6d207b27...
  • https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=1&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
0
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=1&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/json
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc77008eca1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=1&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
/
pl.connatix.com/ Frame BE67 		2 B
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pl.connatix.com/
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
accept-encoding
identity,gzip,x-gzip,deflate,x-deflate,zstd
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/json
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
7bfbc770097ba211-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2
story
capi.connatix.com/core/ Frame BE67 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/story?v=263050&cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f1f2e629eb7a6840efc28904cabc83860e6483775a3d86c8ede2c3e7480cafe

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc76f9fc7a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
usync.js
eus.rubiconproject.com/ Frame 2A3C 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.192.31.127 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-192-31-127.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
35e2649dfd70401f7b66db7205e20679efd131d4c30bd166302277d276cfa4d2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=rise_engage&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:25 GMT
Content-Encoding
gzip
Last-Modified
Sat, 29 Apr 2023 04:58:52 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=15011
Connection
keep-alive
Content-Length
10020
Expires
Sun, 30 Apr 2023 04:58:36 GMT
publishertag.prebid.132.js
static.criteo.net/js/ld/ 		89 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.132.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.132.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
b651b84ce79307c301a1c828d60c08084924177f48eec4aad6df47ec714d9af1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Thu, 06 Apr 2023 09:15:31 GMT
server
nginx
etag
W/"642e8db3-16298"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 01 May 2023 00:48:25 GMT
placeAnAd_tribpub_300x600.html
s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/ Frame 6B1D 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/dfa7banner_html_inpage_rendering_lib_200_268.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9edd70d6d5176cd3ec8d0bff76d7bae89b35f0d4f487bfa2acfa8b4c2ac9e18f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
81579
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
gzip
content-length
1784
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 02:08:46 GMT
expires
Sun, 30 Apr 2023 02:08:46 GMT
last-modified
Mon, 29 Nov 2021 15:34:15 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 31B8 		0
26 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssOG4ijGlIgne6SZC06QTy5wFIxWOl-c3idDlCfsXdKVx2FW3NGMvq3EGLjXjCY_U0kw4MDE8FBkZ6LUWEDkj77YjYawHGQanDX-TnvpOKwqLhj90OoSvrVeEBUHsLYMn15h3YR-tnNPsROBMB7jQ3gPD0736sezX8SZUrY9V67-V2vyBaiXEr-MK04KH7c0So65TxsDkNtM1kl6YkAlecNyiqhqTwsRZiGeiDF1sVhw2ETXSzrLxgUnHvG2KZrXgeHbv7jQ3Ur0RdNQNNCxNn-5SdSupQFApmr0qPGwMX5XGkojzH0xCigDnnKHfOorwidgpC2Ad-6nfv8PcofYQ&sai=AMfl-YRuUn3DBKqBkoNyBj7ZJYw3EFqcIR3UX28zgL_yhirdqLhziXBOQB4nrz_5NeuFqsYYUoGDFN8nqWl5Viw&sig=Cg0ArKJSzPIzCVLI4v-uEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
URL: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
ao
capi.connatix.com/tr/ Frame 8D82 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ao?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc770aa2aa1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ps
capi.connatix.com/tr/ Frame 8D82 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ps?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc770ca55a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
1.png
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/2628d265-2e02-4ab5-9092-d579a5ae32b7/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/2628d265-2e02-4ab5-9092-d579a5ae32b7/1.png
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2eadc69dbec0f51faf61178a2dab3bdce3182613b51be5cb5b2308962a9e0b54
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2968
cf-resized
internal=ok/m q=0 n=312+0 c=0+6 v=2023.2.6 l=2968
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfaC-CuzGgLgUWZU6wMLUAYc5CsZ7-Tzt04sSdBa-5DQ:yFDbsqdgrn9ImC1vquJ8MjDcd6X5MwbBXzvB9mrjP2E"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/webp
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc770eba8cac4-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg?crop=952:608,smart&width=952&height=608&format=jpeg&quality=60&fit=crop
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c297e181fcaa1a47c3d8b9575c48855dbd3d56b9dcf4d2d89768832226f4557
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
73752
cf-resized
internal=ok/h q=0 n=16+0 c=6+115 v=2023.4.2 l=73752
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfR474XASlbTmK7ysnvRNRf8sD5J9Ej2zNzzibsaPnDQ:ee6dc7407565bce68a3afda2bfc08b63"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc770eba5cac4-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L... Frame FF80 		108 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.obpTAUHlBDA.L.B1.O/am=YOcGAAQ/d=1/exm=COQbmf,EEDORb,FCpbqb,KG2eXe,LEikZe,Mlhmy,NwH0H,OTA3Ae,OmgaI,RqjULd,U0aPgd,W93Wdc,WhJNk,Wt6vjf,ZfAoz,_b,_r,_tp,aurFic,bm51tf,byfTOb,fKUV3e,gychg,hhhU8,kWgXee,lsjVmc,mUDFmf,ovKuLd,ws9Tlc,xUdipf,yDVVkb/excm=_b,_r,_tp,serviceiframeview/ed=1/wt=2/rs=ABXTjI6gPBIjTMOKlIGafq2dUhW_JdiApA/ee=cEt90b:ws9Tlc;QGR0gd:Mlhmy;uY49fb:COQbmf;yxTchf:KUM7Z;qddgKe:xQtZb;dIoSBb:SpsfSb;EmZ2Bf:zr1jrb;xqZiqf:wmnU7d;zxnPse:GkRiKb;EVNhjf:pw70Gc;JsbNhc:Xd8iUd;NSEoX:lazG7b;oGtAuc:sOXFj;eBAeSb:zbML3c;Pjplud:EEDORb;io8t5d:yDVVkb;Oj465e:KG2eXe;Erl4fe:FloWmf;ul9GGd:VDovNc;sP4Vbe:VwDzFe;a56pNe:JEfCwb;Me32dd:MEeYgc;kMFpHd:OTA3Ae;NPKaK:SdcwHb;pXdRYb:MdUzUe;nAFL3:s39S4;iFQyKf:QIhFr;SNUn3:ZwDk9d;LBgRLc:SdcwHb;wR5FRb:O1Gjze/ujg=1/m=n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,O6y8ed,PrPYRd,MpJwZc,XVMNvd,L1AAkb,KUM7Z,s39S4,SdcwHb,aW3pY,pw70Gc,wmnU7d,xQtZb,QIhFr,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3ccf03ca5b6fdbc712ccbb0278cdbc4d6aba50772229fa54f6be27371d13fa6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://news.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 16:32:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
29773
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36778
x-xss-protection
0
last-modified
Tue, 18 Apr 2023 19:05:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Sun, 28 Apr 2024 16:32:12 GMT
ecm3
s.amazon-adsystem.com/ Frame 4A44
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=a9us&gdpr=0&gdpr=0&khaos=LH2P0QKU-2-6DRE
  • https://s.amazon-adsystem.com/ecm3?id=LH2P0QKU-2-6DRE&ex=d-rubiconproject.com&status=ok&gdpr=0
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?id=LH2P0QKU-2-6DRE&ex=d-rubiconproject.com&status=ok&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:25 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
3MYA0W79GBKJ1KKZE8X5
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://s.amazon-adsystem.com/ecm3?id=LH2P0QKU-2-6DRE&ex=d-rubiconproject.com&status=ok&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
19c1ac3b9706c83a73951eba4d239689
Expires
0
insights.bin
ins.connatix.com/395d9b0b-466f-4632-a0a8-2042879a8441/6e17fb2e-f3ef-4365-bed9-084e46392d4f/ Frame BE67 		648 B
395 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ins.connatix.com/395d9b0b-466f-4632-a0a8-2042879a8441/6e17fb2e-f3ef-4365-bed9-084e46392d4f/insights.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eee71600fb640a353accc08a20ad88c095914981375d4bc77b6ef7fc7078c2a

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 29 Apr 2023 20:50:41 GMT
server
cloudflare
etag
W/"019f52b0c38192743ab7813686162b22"
access-control-max-age
86400
access-control-allow-methods
GET, HEAD
content-type
application/x-protobuf
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
vary
Accept-Encoding
cf-ray
7bfbc7711905546d-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Mon, 29 Apr 2024 00:48:25 GMT
blockedDomains_2.bin
lit.connatix.com/7d423eb6-dd12-46dd-a98d-b521e68a5053/ Frame BE67 		24 B
85 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://lit.connatix.com/7d423eb6-dd12-46dd-a98d-b521e68a5053/blockedDomains_2.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7207ad268def5e82824e25165cfc184ac71ef884d9499900a7a7e07f09e0a835

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
x-amz-version-id
null
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
24
last-modified
Tue, 23 Aug 2022 15:32:55 GMT
server
cloudflare
etag
"6d610931d2da17b3589ae4747f67eba3"
access-control-max-age
86400
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
accept-ranges
bytes
cf-ray
7bfbc77118d5a238-YYZ
expires
Mon, 29 Apr 2024 00:48:25 GMT
sr
capi.connatix.com/tr/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/sr?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7712b20a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame BE67 		360 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1e5b6d68ab32f145ca17f333ff43a2644b69887fbec215cb00a09cfc5ecc806b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
123415
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:25 GMT
6e17fb2e-f3ef-4365-bed9-084e46392d4f.bin
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame BE67 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6e17fb2e-f3ef-4365-bed9-084e46392d4f.bin
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb924d5f70acf0b53300df9cdf721bcb2f797bf56f61c8f913de2639b126621

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
br
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Sat, 29 Apr 2023 20:49:53 GMT
server
cloudflare
etag
W/"e91836336a0fcf514be1857a1f2ef4b3"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
*
content-type
application/x-protobuf
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc7713aae5437-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:25 GMT
us
capi.connatix.com/core/ Frame BE67
Redirect Chain
  • https://us-u.openx.net/w/1.0/cm?id=7cf4c6c4-b915-4cbd-83cc-28c0f662a829&ph=51e220cb-8c97-4a65-b047-91c933b79b78&r=https%3a%2f%2fcapi.connatix.com%2fcore%2fus%3fDemandPartner%3d8%26UserId%3d6d207b27...
  • https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=2&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
0
250 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=2&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/json
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc772cf13a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
content-length
0
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://capi.connatix.com/core/us?DemandPartner=8&UserId=6d207b272f1046079e5d5b8b40620389&DemandPartnerName=OpenX&tier=2&DemandPartnerUserId=dbb7e2ae-dcff-0727-36c6-92ca519a55f9
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		65 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a394b541109b8415596cca17673db29c5d0ae678aae2e1a173a55a5d4eaa2ee
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
66856
cf-resized
internal=ok/h q=0 n=14+0 c=6+95 v=2023.4.2 l=66856
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfR474XASlbTmK7ysnvRNRf8sDAfWWYkOufA4eWW3YDQ:ee6dc7407565bce68a3afda2bfc08b63"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7714c0dcac4-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
9f29031c-147f-476a-861d-6a07c3925625.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/9f29031c-147f-476a-861d-6a07c3925625.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a83c0c6b4bd96be0ff11f072463322a5a36df77d5be5492b9abfd50e885ce264
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15979
cf-resized
internal=ok/h q=0 n=22+0 c=2+59 v=2023.4.2 l=15979
last-modified
Sat, 29 Apr 2023 20:49:52 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfvaLxYMPr12mEaaa6_QMqMYUlAfWWYkOufA4eWW3YDQ:6f735215b1dddd43754c075db60325ac"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7717c37cac4-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
cf15158d-1df8-4a15-b0e3-04e2c6467cdb.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/cf15158d-1df8-4a15-b0e3-04e2c6467cdb.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1d622430c808607b84ce67cb680dedf0d9fda9e79ff1041b169c5fd402276d5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8032
cf-resized
internal=ok/h q=0 n=16+0 c=2+66 v=2023.4.2 l=8032
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfSzd3knm4u5kMG5RfRYy3otwFAfWWYkOufA4eWW3YDQ:8849e95c1d9868ae11a6d7c43171615f"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7717cdd53ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
574d88d8-30c6-4817-bcb0-4d7d7ddd9d76.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/574d88d8-30c6-4817-bcb0-4d7d7ddd9d76.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bad57a78e6afeebde29e2f6cf112739e68da74693635894d00a8131b601b759
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
53025
cf-resized
internal=ok/h q=0 n=16+0 c=7+94 v=2023.4.2 l=53025
last-modified
Sat, 29 Apr 2023 20:49:52 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfVGcCV872_cnl1ysuknE4bCwVAfWWYkOufA4eWW3YDQ:a103f4bda6e3511297f4ab452dafb65e"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7717ce653ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
31ca8f47-17f5-4abf-ab79-958dca24e472.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/31ca8f47-17f5-4abf-ab79-958dca24e472.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad3fc25cc02c1cd9b5173546fddaca06d0eeae5c5e1421907858b6f1f02b2aa
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36417
cf-resized
internal=ok/h q=0 n=21+0 c=5+70 v=2023.4.2 l=36417
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfUvN67AOr51lQNPmk0ndI41xFAfWWYkOufA4eWW3YDQ:36e4e44be746839921963a3510fd81f6"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7717ceb53ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
createjs.min.js
s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/libs/1.0.0/ Frame 6B1D 		236 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/libs/1.0.0/createjs.min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 14:06:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38497
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63907
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 15:34:15 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 30 Apr 2023 14:06:48 GMT
placeAnAd_tribpub_300x600.js
s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/ Frame 6B1D 		53 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d704ebecc71b232b6e6b8e6f713a21ae68ff6f9c29c58bc12def72698a1be77e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 15:34:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
33246
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10985
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 15:34:15 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 30 Apr 2023 15:34:19 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame A784 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvHXF8z5HqNVpay1vvLuicGf5W5KmV3UqOozqHqMorCzHcfRU26oE9QluW9OZ6szF0y95zbntEZ1ph1X_21hPheV_ujrnKYpLESidNh8uj6rQAboztx&sig=Cg0ArKJSzO960zgUU7g8EAE&id=lidar2&mcvt=1189&p=1155,556,1156,561&mtos=1189,1189,1189,1189,1189&tos=1189,0,0,0,0&v=20230426&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=543975087&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1682815703836&rpt=710&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
g
capi.connatix.com/rtb/ Frame 8D82 		91 B
443 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/rtb/g?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb08fce785f81f7655cd8e5dda8ae9fa0ae562a3da245141cbff924f4e88c09e

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc771b9dda20a-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/ 		2 MB
2 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
295ce65cc3ea684a1f1174267026cedb922e6920b516759487b6342a00629ee3

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2613774/2613775
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2613775
last-modified
Tue, 11 Apr 2023 15:20:47 GMT
server
cloudflare
etag
"686c2c97e8523e4538f9a84d09190e7d"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc771cebd5419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:25 GMT
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/ 		2 MB
2 MB 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99b0f2025ae2b11d710ca5877d9ac1fd73e1ded91b8503b714d6890e6d84eec3

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2542930/2542931
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2542931
last-modified
Tue, 11 Apr 2023 15:05:35 GMT
server
cloudflare
etag
"95763a26eb16671560102744c4fb0529"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc771cebf5419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:25 GMT
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/ 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2613774/2613775
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2613775
last-modified
Tue, 11 Apr 2023 15:20:47 GMT
server
cloudflare
etag
"686c2c97e8523e4538f9a84d09190e7d"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc771ceba5419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:25 GMT
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/ 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2542930/2542931
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2542931
last-modified
Tue, 11 Apr 2023 15:05:35 GMT
server
cloudflare
etag
"95763a26eb16671560102744c4fb0529"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc771cebc5419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:25 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame CE69 		42 B
404 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssX_vv5VwpURCMrH7DRnu_W59gweR0ak3_YOG3qy2Z1QX4klylegLhSULybJwJu8vogp-sLftcCIkgfRZ2qIjCDIAdXK76MIufcEXWjtva4oVizrqGZ&sig=Cg0ArKJSzIq3nL0mmjMsEAE&id=lidar2&mcvt=1090&p=254,436,344,1164&mtos=1090,1090,1090,1090,1090&tos=1090,0,0,0,0&v=20230426&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=255678973&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1682815703789&rpt=980&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:25 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bridge3.569.0_en.html
imasdk.googleapis.com/js/core/ Frame DAF0 		707 KB
226 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
503b21999a416f6bab70f0119d86d140b092689fbadc4ac68d7248dc00d44f11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
58316
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
231159
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 08:36:29 GMT
expires
Sun, 28 Apr 2024 08:36:29 GMT
last-modified
Thu, 20 Apr 2023 19:19:40 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame 8D82 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 30 Apr 2023 00:48:25 GMT
bridge3.569.0_en.html
imasdk.googleapis.com/js/core/ Frame 0E55 		707 KB
226 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
503b21999a416f6bab70f0119d86d140b092689fbadc4ac68d7248dc00d44f11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
58316
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
231159
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 08:36:29 GMT
expires
Sun, 28 Apr 2024 08:36:29 GMT
last-modified
Thu, 20 Apr 2023 19:19:40 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bridge3.569.0_en.html
imasdk.googleapis.com/js/core/ Frame 697F 		707 KB
226 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
503b21999a416f6bab70f0119d86d140b092689fbadc4ac68d7248dc00d44f11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
58317
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
231159
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 08:36:29 GMT
expires
Sun, 28 Apr 2024 08:36:29 GMT
last-modified
Thu, 20 Apr 2023 19:19:40 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
dcm
aax-eu.amazon-adsystem.com/s/ Frame 4A44 		43 B
855 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.95.115.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:26 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
YFE4HQV2ZCW8SBNBPY2M
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ecm3
s.amazon-adsystem.com/ Frame 4A44
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=S1BuzJ5bT5eMX2P-4-yMQw&rk=usync-na&gdpr=0
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=S1BuzJ5bT5eMX2P-4-yMQw&gdpr=0
43 B
479 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=S1BuzJ5bT5eMX2P-4-yMQw&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:26 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
M7ETFNQDV13DAH9W7TW7
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=S1BuzJ5bT5eMX2P-4-yMQw&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
a0d1cefc91c6f8b22fd2adf3abe06a61
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 4A44
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEPX-ohUW4Y2rUrlK0sJynYU&google_cver=1
42 B
710 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEPX-ohUW4Y2rUrlK0sJynYU&google_cver=1
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
0190a17a18f2299b1b85aeb1793e601c
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:26 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEPX-ohUW4Y2rUrlK0sJynYU&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
337
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 4A44
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MWQ5OTU4Yjc0ZGQ0MzMyZThiYTlhOTkzNmI3ZjU0YzE4ZmE2OWY2Mw&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MWQ5OTU4Yjc0ZGQ0MzMyZThiYTlhOTkzNmI3ZjU0YzE4ZmE2OWY2Mw&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H3
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:26 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MWQ5OTU4Yjc0ZGQ0MzMyZThiYTlhOTkzNmI3ZjU0YzE4ZmE2OWY2Mw&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
2fcb300b847bad3e7dd1184ec8a1c2f5
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame 4A44
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584&gdpr=0
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH2P0QKU-2-6DRE&gdpr=0
0
514 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH2P0QKU-2-6DRE&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 3AD71D0C175A4AF8B1F73402D716C46A Ref B: YMQ01EDGE0617 Ref C: 2023-04-30T00:48:26Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX6gxBrFC0pem/B1f2RJQ==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LH2P0QKU-2-6DRE&gdpr=0
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
2fcb300b847bad3e7dd1184ec8a1c2f5
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 4A44
Redirect Chain
  • https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=&expires=30
42 B
710 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=&expires=30
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
966e54b6201ecd300c4db0efc0f5781a
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:26 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&gdpr=0&gdpr_consent=&expires=30
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
289
pixel
cm.g.doubleclick.net/ Frame 4A44
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470&gdpr=0
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEgyUDBRS1UtMi02RFJF&gdpr=0
  • https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&gdpr=0&google_gid=CAESEBuyMmAxsZXUyZ5xf56Sjmw&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEgyUDBRS1UtMi02RFJF&google_push=&gdpr=0
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEgyUDBRS1UtMi02RFJF&google_push=&gdpr=0
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
H3
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:27 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEgyUDBRS1UtMi02RFJF&google_push=&gdpr=0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
19c1ac3b9706c83a73951eba4d239689
Expires
0
tap.php
pixel.rubiconproject.com/ Frame 4A44
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/x8snkhBPbf4Vf0yAG-3tXw?csrc=&gdpr=0
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-yFoy_UZE2oJS0RoiRGoNhdSlB1zWAyJJJESKGQ--~A
42 B
710 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-yFoy_UZE2oJS0RoiRGoNhdSlB1zWAyJJJESKGQ--~A
Requested by
Host: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/v3/pr?exlist=n-MediaNet_ox-db5_smrt_cnv_n-smaato_n-sharethrough_pm-db5_ym_rbd_n-vmg_kg_an-db5_sovrn_n-Rise_3lift&fv=1.0&a=cm&cm3ppd=1&dmt=3&gdpr=0
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
42
X-RPHost
af308bb17a856a105b8c87aaae7d7f8c
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Sun, 30 Apr 2023 00:48:26 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-yFoy_UZE2oJS0RoiRGoNhdSlB1zWAyJJJESKGQ--~A
content-length
0
log
play.google.com/ Frame FF80 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
X-Goog-AuthUser
0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://news.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 30 Apr 2023 00:48:26 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://news.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://news.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sun, 30 Apr 2023 00:48:26 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame FF80 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
X-Goog-AuthUser
0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://news.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 30 Apr 2023 00:48:26 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://news.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://news.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sun, 30 Apr 2023 00:48:26 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
log
play.google.com/ Frame FF80 		131 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.en_US.e7wkp6TnG5k.es5.O/am=YOcGAAQ/d=1/excm=_b,_r,_tp,serviceiframeview/ed=1/dg=0/wt=2/ujg=1/rs=ABXTjI45RlxIBhJZLPv_Pkrop3pmbJbX-Q/m=_b,_tp,_r
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:806::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://news.google.com/
X-Goog-AuthUser
0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
gzip
server
Playlog
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://news.google.com
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
X-Playlog-Web
content-length
131
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 30 Apr 2023 00:48:26 GMT
log
play.google.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://play.google.com/log?format=json&hasfast=true&authuser=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:806::200e New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Playlog /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-goog-authuser
Access-Control-Request-Method
POST
Origin
https://news.google.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Playlog-Web,authorization,origin,x-goog-authuser
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://news.google.com
access-control-max-age
86400
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain; charset=UTF-8
date
Sun, 30 Apr 2023 00:48:26 GMT
server
Playlog
x-frame-options
SAMEORIGIN
x-xss-protection
0
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9F43 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5222306ad5a6598ce35391787b91ddf3c475608a4877aedd8ddd3bc3bc9601f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:52:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3329
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13208
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 20:29:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 30 Apr 2023 00:52:57 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 59D2 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5222306ad5a6598ce35391787b91ddf3c475608a4877aedd8ddd3bc3bc9601f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:52:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3329
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13208
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 20:29:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 30 Apr 2023 00:52:57 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame A287 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstg88RDXTRxOqj-wVoYVOMZ2r50N5OnAsFYAcmZu-wcnUTBxFkMdpiSz_J2qMXX1GnDN-6Dt96Re3DjF2jtaFSn-5i_VoAn0OkGrWOYu13celBAbo0J&sig=Cg0ArKJSzBCD9EXY82L4EAE&id=lidar2&mcvt=1189&p=729,1134,979,1434&mtos=1189,1189,1189,1189,1189&tos=1189,0,0,0,0&v=20230426&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1870952252&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1682815704076&rpt=855&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 1532 		42 B
108 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsth3g44Ld_UDeWm35xzauUQQhJJltfpnUK7FnIqaxlyepFri7zNeY6ssuS6JRMs1D98XgHgvmrL6j0SaVBRy7OyGJviQtjwL48X4OkhA7d04tkkZych&sig=Cg0ArKJSzOdy0chwrqyzEAE&id=lidar2&mcvt=1192&p=1033,1134,1283,1434&mtos=0,0,1192,1192,1192&tos=0,0,1192,0,0&v=20230426&bin=7&avms=nio&bs=1600,1200&mc=0.67&vu=1&app=0&itpl=3&adk=1749653132&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1682815704108&rpt=855&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:26 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame ACBD 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5222306ad5a6598ce35391787b91ddf3c475608a4877aedd8ddd3bc3bc9601f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:52:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3329
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13208
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 20:29:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 30 Apr 2023 00:52:57 GMT
6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame BE67 		0
0
6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		72 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg?crop=952:608,smart&width=952&height=608&format=jpeg&quality=60&fit=crop
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c297e181fcaa1a47c3d8b9575c48855dbd3d56b9dcf4d2d89768832226f4557
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
73752
cf-resized
internal=ok/h q=0 n=16+0 c=6+115 v=2023.4.2 l=73752
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfR474XASlbTmK7ysnvRNRf8sD5J9Ej2zNzzibsaPnDQ:ee6dc7407565bce68a3afda2bfc08b63"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7748a3d53ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
ao
capi.connatix.com/tr/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ao?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7748aa2a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ps
capi.connatix.com/tr/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ps?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7748aada1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
mq
capi.connatix.com/tr/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/mq?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7749abba1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
xuid
eb2.3lift.com/
Redirect Chain
  • https://eb2.3lift.com/sync?px=1&src=prebid&us_privacy=1---&
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3658&xuid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&dongle=0cfd&gdpr=0&gdpr_consent=
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3658&xuid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
date
Sun, 30 Apr 2023 00:48:26 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:26 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://eb2.3lift.com/xuid?mid=3658&xuid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&dongle=0cfd&gdpr=0&gdpr_consent=
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
251
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=948336&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://sync.srv.stackadapt.com/sync?nid=68
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=bi9sRiiwWD1K7xIXMFDTrZU4mbk
43 B
632 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=bi9sRiiwWD1K7xIXMFDTrZU4mbk
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
HTTP/1.1
Server
192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:27 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=bi9sRiiwWD1K7xIXMFDTrZU4mbk
Date
Sun, 30 Apr 2023 00:48:26 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
ImgSync
image8.pubmatic.com/AdServer/
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=162936&us_privacy=1---
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=-1&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=-1&gdpr_consent=&piggybackCookie=CAESEBX7bZCPMczGH7PDFrP6jTI&google_cver=1
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:13B0F7F62BE143D5B1F3A679AEFAE476
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
0
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Server
8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
date
Sun, 30 Apr 2023 00:48:27 GMT
cache-control
no-store, no-cache, private
server
nginx
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
us
capi.connatix.com/core/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc775b96ea20a-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
us
capi.connatix.com/core/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/core/us?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc775b972a20a-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame BE67 		0
0
6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		65 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a394b541109b8415596cca17673db29c5d0ae678aae2e1a173a55a5d4eaa2ee
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
66856
cf-resized
internal=ok/h q=0 n=14+0 c=6+95 v=2023.4.2 l=66856
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfR474XASlbTmK7ysnvRNRf8sDAfWWYkOufA4eWW3YDQ:ee6dc7407565bce68a3afda2bfc08b63"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7764e4953ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
9f29031c-147f-476a-861d-6a07c3925625.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame BE67 		0
0
9f29031c-147f-476a-861d-6a07c3925625.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/9f29031c-147f-476a-861d-6a07c3925625.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a83c0c6b4bd96be0ff11f072463322a5a36df77d5be5492b9abfd50e885ce264
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
15979
cf-resized
internal=ok/h q=0 n=22+0 c=2+59 v=2023.4.2 l=15979
last-modified
Sat, 29 Apr 2023 20:49:52 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfvaLxYMPr12mEaaa6_QMqMYUlAfWWYkOufA4eWW3YDQ:6f735215b1dddd43754c075db60325ac"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7764e5f53ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
cf15158d-1df8-4a15-b0e3-04e2c6467cdb.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame BE67 		0
0
cf15158d-1df8-4a15-b0e3-04e2c6467cdb.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/cf15158d-1df8-4a15-b0e3-04e2c6467cdb.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1d622430c808607b84ce67cb680dedf0d9fda9e79ff1041b169c5fd402276d5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8032
cf-resized
internal=ok/h q=0 n=16+0 c=2+66 v=2023.4.2 l=8032
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfSzd3knm4u5kMG5RfRYy3otwFAfWWYkOufA4eWW3YDQ:8849e95c1d9868ae11a6d7c43171615f"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7765e9553ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
574d88d8-30c6-4817-bcb0-4d7d7ddd9d76.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame BE67 		0
0
574d88d8-30c6-4817-bcb0-4d7d7ddd9d76.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		52 KB
52 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/574d88d8-30c6-4817-bcb0-4d7d7ddd9d76.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bad57a78e6afeebde29e2f6cf112739e68da74693635894d00a8131b601b759
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
53025
cf-resized
internal=ok/h q=0 n=16+0 c=7+94 v=2023.4.2 l=53025
last-modified
Sat, 29 Apr 2023 20:49:52 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfVGcCV872_cnl1ysuknE4bCwVAfWWYkOufA4eWW3YDQ:a103f4bda6e3511297f4ab452dafb65e"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7766ea253ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
31ca8f47-17f5-4abf-ab79-958dca24e472.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ Frame BE67 		0
0
31ca8f47-17f5-4abf-ab79-958dca24e472.jpg
img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/31ca8f47-17f5-4abf-ab79-958dca24e472.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad3fc25cc02c1cd9b5173546fddaca06d0eeae5c5e1421907858b6f1f02b2aa
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
x-content-type-options
nosniff
cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36417
cf-resized
internal=ok/h q=0 n=21+0 c=5+70 v=2023.4.2 l=36417
last-modified
Sat, 29 Apr 2023 20:49:51 GMT
cf-bgj
imgq:60,h2pri
server
cloudflare
etag
"cfUvN67AOr51lQNPmk0ndI41xFAfWWYkOufA4eWW3YDQ:36e4e44be746839921963a3510fd81f6"
vary
Accept, Accept-Encoding
access-control-allow-methods
*
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
accept-ranges
bytes
cf-ray
7bfbc7766eeb53ef-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
g
capi.connatix.com/rtb/ Frame BE67 		91 B
407 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/rtb/g?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb08fce785f81f7655cd8e5dda8ae9fa0ae562a3da245141cbff924f4e88c09e

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7766aa9a20a-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/ 		254 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2613774/2613775
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2613775
last-modified
Tue, 11 Apr 2023 15:20:47 GMT
server
cloudflare
etag
"686c2c97e8523e4538f9a84d09190e7d"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc77678285419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:26 GMT
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/ 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2542930/2542931
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2542931
last-modified
Tue, 11 Apr 2023 15:05:35 GMT
server
cloudflare
etag
"95763a26eb16671560102744c4fb0529"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc776782c5419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:26 GMT
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/ 		1 MB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/e64d6b7d-7e11-44fb-8ee3-860b927dfe06/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2613774/2613775
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2613775
last-modified
Tue, 11 Apr 2023 15:20:47 GMT
server
cloudflare
etag
"686c2c97e8523e4538f9a84d09190e7d"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc776782f5419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:26 GMT
360_h264.mp4
vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/ 		365 KB
0 		Media
General
Check archive.org
Download Go to
Full URL
https://vid.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/5d62da12-6c76-4c5d-be1a-daa1c47be298/360_h264.mp4
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.204 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.chicagotribune.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Range
bytes=0-

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
cf-cache-status
HIT
Content-Range
bytes 0-2542930/2542931
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2542931
last-modified
Tue, 11 Apr 2023 15:05:35 GMT
server
cloudflare
etag
"95763a26eb16671560102744c4fb0529"
vary
Accept-Encoding
access-control-allow-methods
*
content-type
video/mp4
access-control-allow-origin
*
cache-control
public,max-stale=31536000,stale-while-revalidate=31536000,immutable,max-age=31536000
access-control-max-age
86400
cf-ray
7bfbc77678325419-YYZ
access-control-allow-headers
range
xpid
2628d265-2e02-4ab5-9092-d579a5ae32b7
expires
Mon, 29 Apr 2024 00:48:26 GMT
cs
cs.yellowblue.io/ Frame 2A3C
Redirect Chain
  • https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=rise_engage&khaos=LH2P0QKU-2-6DRE
  • https://cs.yellowblue.io/cs?aid=11590&id=LH2P0QKU-2-6DRE
0
284 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cs.yellowblue.io/cs?aid=11590&id=LH2P0QKU-2-6DRE
Requested by
Host: cs-server-s2s.yellowblue.io
URL: https://cs-server-s2s.yellowblue.io/sync-iframe?redirect=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Drise.com%26id%3D%7BpartnerId%7D&gdpr=0
Protocol
H2
Server
3.216.207.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-207-32.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://eus.rubiconproject.com/
date
Sun, 30 Apr 2023 00:48:27 GMT
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
content-length
0
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/javascript

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://cs.yellowblue.io/cs?aid=11590&id=LH2P0QKU-2-6DRE
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
83041abbe8494cb29eff3083edd6dff6
Expires
0
placeAnAd_tribpub_300x600_atlas_P_1.png
s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/images/ Frame 6B1D 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/images/placeAnAd_tribpub_300x600_atlas_P_1.png
Requested by
Host: a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
URL: https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
04df67bdba09ff8847c898604e9e959fb5ea6bae2e89601d53832f527e7d3d84
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:22:27 GMT
x-content-type-options
nosniff
age
1559
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10072
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 15:34:15 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 01 May 2023 00:22:27 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 31B8 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss0Nv41jizhaRghJZTgnb1-EnsRm7VGPPanoNztiv-2gC2XnFI8Emkm_c5asKCESFP5yUepiKLlVkRwUZ1pyNqRo-2pwcWRoBX4O4zOfDYF-JMsGhu_mECLUAP9FYJA3Bw5SmO_rmbFsLuctYmSJG41NMMsEYoA1NCeKv4dDl49xV2fCPJVnikspW2j6Fqu5ZvjkfyVUJ1ZNV092a-I4cdm2-6B4LfYUB1HxSdytyqgndp_ikYwJHP4Myrf4_7ymaO_VRGsbT8YThg1EIhIDIwW4x5WOqWV77_AFYxidNAquH16KHvpoBQIKaUcVyQ2hJAUIUiFkQHBML4QGTToO0MT&sai=AMfl-YS9iQAWkwQiO-IyskmoKJWzywZKgOtTt6YqGkHZe_bjUArXKN28sgpsKRXFIBk-BnDZmVn3oPiYX3xTQs4&sig=Cg0ArKJSzJvGNFGcGEskEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:807::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 30 Apr 2023 00:48:26 GMT
bridge3.569.0_en.html
imasdk.googleapis.com/js/core/ Frame 14D8 		707 KB
226 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
503b21999a416f6bab70f0119d86d140b092689fbadc4ac68d7248dc00d44f11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
58317
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
231159
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 08:36:29 GMT
expires
Sun, 28 Apr 2024 08:36:29 GMT
last-modified
Thu, 20 Apr 2023 19:19:40 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
client.js
s0.2mdn.net/instream/video/ Frame BE67 		44 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 30 Apr 2023 00:48:26 GMT
bridge3.569.0_en.html
imasdk.googleapis.com/js/core/ Frame 1F57 		707 KB
226 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
503b21999a416f6bab70f0119d86d140b092689fbadc4ac68d7248dc00d44f11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
58317
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
231159
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 08:36:29 GMT
expires
Sun, 28 Apr 2024 08:36:29 GMT
last-modified
Thu, 20 Apr 2023 19:19:40 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
bridge3.569.0_en.html
imasdk.googleapis.com/js/core/ Frame 02E6 		707 KB
226 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.569.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80c::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
503b21999a416f6bab70f0119d86d140b092689fbadc4ac68d7248dc00d44f11
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
58317
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
231159
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 08:36:29 GMT
expires
Sun, 28 Apr 2024 08:36:29 GMT
last-modified
Thu, 20 Apr 2023 19:19:40 GMT
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 4C79 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5222306ad5a6598ce35391787b91ddf3c475608a4877aedd8ddd3bc3bc9601f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:52:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3329
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13208
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 20:29:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 30 Apr 2023 00:52:57 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 84F5 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5222306ad5a6598ce35391787b91ddf3c475608a4877aedd8ddd3bc3bc9601f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:52:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3330
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13208
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 20:29:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 30 Apr 2023 00:52:57 GMT
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 6EE2 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5222306ad5a6598ce35391787b91ddf3c475608a4877aedd8ddd3bc3bc9601f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:52:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
3330
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13208
x-xss-protection
0
last-modified
Tue, 14 Mar 2023 20:29:12 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Sun, 30 Apr 2023 00:52:57 GMT
placeAnAd_tribpub_300x600_atlas_NP_1.jpg
s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/images/ Frame 6B1D 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/images/placeAnAd_tribpub_300x600_atlas_NP_1.jpg
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2006 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bc587490ff4131aea44419237ae5f16fd19d581536e5c9277354854002f839db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://s0.2mdn.net/dfp/262976/647662736/1638200055258/300x600_2/placeAnAd_tribpub_300x600.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 09:27:43 GMT
x-content-type-options
nosniff
age
55244
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18934
x-xss-protection
0
last-modified
Mon, 29 Nov 2021 15:34:15 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sun, 30 Apr 2023 09:27:43 GMT
ai
capi.connatix.com/tr/ Frame 8D82 		2 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ai?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37aa3970b6801c9d286464f7d86e50bf41c88e54c7b4d08f3ff61935b3f59c3c

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:27 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc77a8edea1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ai
capi.connatix.com/tr/ Frame BE67 		2 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/ai?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37aa3970b6801c9d286464f7d86e50bf41c88e54c7b4d08f3ff61935b3f59c3c

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:27 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc77d2cfca1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
json
trc.taboola.com/tribunedigital-chicagotribune/trc/3/ 		115 KB
32 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/tribunedigital-chicagotribune/trc/3/json?tim=00%3A48%3A27.741&lti=deflated&data=%7B%22id%22%3A451%2C%22ii%22%3A%22%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1682588258899%2C%22vi%22%3A1682815707735%2C%22cv%22%3A%2220230427-7-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22cmps%22%3A0%2C%22ga%22%3Afalse%2C%22gwto%22%3Atrue%2C%22ccpa_ps%22%3A%221---%22%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%22%2C%22vpi%22%3A%22%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A7509%2C%22nsid%22%3A%22tribunedigital-network%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbs-1r%3Apub%3Dtribunedigital-network%3Aabp%3D0%22%2C%22uip%22%3A%22below-article-thumbs_ARC%22%2C%22orig_uip%22%3A%22below-article-thumbs_ARC%22%2C%22cd%22%3A6786.96875%2C%22mw%22%3A952%7D%2C%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A4%2C%22uim%22%3A%22thumbnails-rr2%3Apub%3Dtribunedigital-network%3Aabp%3D0%22%2C%22uip%22%3A%22taboola-right-rail-thumbnails_arc%22%2C%22orig_uip%22%3A%22taboola-right-rail-thumbnails_arc%22%2C%22cd%22%3A2913%2C%22mw%22%3A464%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%2Cbelow-article-thumbs_ARC%3Dthumbs-1r%3Apub%3Dtribunedigital-network%3Aabp%3D0%2C%2Ctaboola-right-rail-thumbnails_arc%3Dthumbnails-rr2%3Apub%3Dtribunedigital-network%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230427-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a15d00e8396510d01f02cc39b183e6dd54d5b4170d763145be3b8ed5b47d4d66

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

x-vcl-time-ms
562
date
Sun, 30 Apr 2023 00:48:28 GMT
content-encoding
gzip
via
1.1 varnish
x-served-by
cache-yyz4581-YYZ
server
nginx
x-timer
S1682815708.760810,VS0,VE562
vary
Accept-Encoding
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.chicagotribune.com
content-type
application/javascript; charset=utf-8
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.130.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a8fd921d2017b5f79.awsglobalaccelerator.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.chicagotribune.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://www.chicagotribune.com
access-control-max-age
600
content-length
0
date
Sun, 30 Apr 2023 00:48:27 GMT
server
nginx
tp2
collector2.sophi.io/com.snowplowanalytics.snowplow/ 		2 B
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collector2.sophi.io/com.snowplowanalytics.snowplow/tp2
Requested by
Host: cdn.sophi.io
URL: https://cdn.sophi.io/latest/sophi.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.130.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a8fd921d2017b5f79.awsglobalaccelerator.com
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:27 GMT
access-control-allow-credentials
true
content-type
text/plain; charset=UTF-8
server
nginx
content-length
2
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
web
onesignal.com/api/v1/sync/3f49be5a-bc89-48d8-b745-f51873a6c36f/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/3f49be5a-bc89-48d8-b745-f51873a6c36f/web?callback=__jp0
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22a1f8b91b34d286771a2370f5de60c3ff5ed51d52328fa551358497a2b7cdd1
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:27 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
age
2613
cf-polished
origSize=5659
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
dc98e24a-fc95-4535-85f4-b39a32c63317
x-runtime
0.028093
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"e1663a4fe7e95e328d109bcac84d68e5"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
7bfbc77e9b644bca-YUL
access-control-allow-headers
SDK-Version
expires
Sun, 30 Apr 2023 01:48:27 GMT
/
zn3mj4uj3nxslnmih-tribune.siteintercept.qualtrics.com/SIE/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn3mj4uj3nxslnmih-tribune.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3mJ4UJ3nXSLnMih
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2795829e0c301bbfd2136711f76461257b9c9f84a9496e348d012cd79c020311
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
87406
cf-polished
origSize=9051
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"235b-sI1qVt8SoyTV65va5qyL9VuDS6M"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7bfbc77f3cdda234-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202304270101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202304270101/pubads_impl.js?cb=31074205
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e39a9a1365ebd1217c68d42149e7ad944fa6053d2d167c47ccfc58bc014173ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:27 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11192
x-xss-protection
0
sync
eb2.3lift.com/ Frame C29E 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
1a37abe1346bd1a4c333d51a6386af22e4068e657dd5aa23c56fb8444d0c8354

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
1133
content-type
text/html; charset=utf-8
date
Sun, 30 Apr 2023 00:48:27 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
syncframe
gum.criteo.com/ Frame 98B0 		15 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=www.chicagotribune.com&gdpr=0&gdpr_consent=
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::c , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
386d466b8bdd0cda283c79718d2aec07f38b9f9ed81eebe6d5266bb20cd42c10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 30 Apr 2023 00:48:27 GMT
server
Kestrel
server-processing-duration-in-ticks
562786
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
asyncPixelSync
pixel.sitescout.com/dmp/ Frame 0480 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pixel.sitescout.com/dmp/asyncPixelSync
Requested by
Host: www.chicagotribune.com
URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
A /
Resource Hash
a0f5ad14180a1dd1361139dec6faad3744e8e8b586860ec91013ae1d66100134

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
max-age=0,no-cache,no-store
content-length
1162
content-type
text/html;charset=UTF-8
date
Sun, 30 Apr 2023 00:48:27 GMT
expires
Tue, 11 Oct 1977 12:34:56 GMT
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
server
A
analytics-1.5.12.min.js
cdn.keywee.co/dist/
Redirect Chain
  • https://cdn.keywee.co/dist/analytics.min.js
  • https://cdn.keywee.co/dist/analytics-1.5.12.min.js
22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.keywee.co/dist/analytics-1.5.12.min.js
Protocol
H2
Server
2600:9000:2209:d600:e:ec66:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d29d84e698eb10452f97d8a6f249b73496beb844cef58e920e3832bd321d64a2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 28 Apr 2023 07:28:53 GMT
content-encoding
gzip
via
1.1 1baed9857df8e3a07a6cd7cd51feb3f8.cloudfront.net (CloudFront)
last-modified
Mon, 28 Dec 2020 09:55:56 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-P1
age
148776
etag
W/"13a05c433850fad0455e2ee1a1707eb0"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=259200,public
x-amz-cf-id
6yWs9TpmWDRWdChjY8ni58xGWUhaGOh0hTwyIo33k8ZvSb5LgY6Rpg==

Redirect headers

date
Sun, 30 Apr 2023 00:48:22 GMT
via
1.1 1baed9857df8e3a07a6cd7cd51feb3f8.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
EWR53-P1
age
7
x-cache
Hit from cloudfront
location
/dist/analytics-1.5.12.min.js
content-length
0
x-amz-cf-id
qCUUc831xb_Y-SqClKqC-IFJe0C5y4bf9AUC1cwd-lY-USqQjN2iSA==
a-01d0.min.js
b-code.liadm.com/ 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://b-code.liadm.com/a-01d0.min.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23cb:1600:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7ea2b9b7a90c2cb46557a81b397fccebdff115c917c3c02c46930cdf0b5586ca

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 07:20:51 GMT
content-encoding
gzip
via
1.1 694c2ab22098fd212b8d6808ee6c5aaa.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P1
age
62857
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
"public, max-age=86400"
x-amz-cf-id
0WAm3anxn4MoorLEgVdjj1ya-okMOXIYn8NQzX2PPz0w35Xe9RkVxQ==
c780cfde9d493686
pixel.sitescout.com/iap/ 		0
341 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.sitescout.com/iap/c780cfde9d493686
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
207.198.113.230 Herndon, United States, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:27 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
expires
Tue, 11 Oct 1977 12:34:56 GMT
ebda
eb2.3lift.com/ Frame C29E
Redirect Chain
  • https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MjYyMjU4NjUyNjMyMzYyNjYwMjE0Ng%3D%3D
  • https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
37 B
139 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
content-type
image/gif

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
248
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
xuid
eb2.3lift.com/ Frame C29E
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEH2PAsQWtZfklp7eaEanq6w&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEH2PAsQWtZfklp7eaEanq6w&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEH2PAsQWtZfklp7eaEanq6w&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
332
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame C29E
Redirect Chain
  • https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MjYyMjU4NjUyNjMyMzYyNjYwMjE0Ng%3D%3D
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MjYyMjU4NjUyNjMyMzYyNjYwMjE0Ng%3D%3D
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H3
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=MjYyMjU4NjUyNjMyMzYyNjYwMjE0Ng%3D%3D
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
setuid
px.ads.linkedin.com/ Frame C29E 		0
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=2622586526323626602146&dbredirect=true&gdpr=0&consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:27 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 56C6305FB90643BD80E124D2B3D11B76 Ref B: YMQ01EDGE0617 Ref C: 2023-04-30T00:48:28Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAX6gxCBq3W0HSXBVKqhSw==
xuid
eb2.3lift.com/ Frame C29E
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=triplelift&user_id=2622586526323626602146&gdpr=0&gdpr_consent=
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent=
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=triplelift&bsw_custom_parameter=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=b675a3f7-4c92-4683-8d39-1d5f7770a480&ssp=triplelift&expires=30&user_group=5&bsw_param=a1dcee34-06ed-41fc-ab2a-7213bef84e56
  • https://eb2.3lift.com/xuid?mid=2409&xuid=a1dcee34-06ed-41fc-ab2a-7213bef84e56&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2409&xuid=a1dcee34-06ed-41fc-ab2a-7213bef84e56&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
date
Sun, 30 Apr 2023 00:48:29 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Location
//eb2.3lift.com/xuid?mid=2409&xuid=a1dcee34-06ed-41fc-ab2a-7213bef84e56&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Date
Sun, 30 Apr 2023 00:48:28 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
c.gif
c.bing.com/ Frame C29E 		42 B
670 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.bing.com/c.gif?xid=2622586526323626602146&Red3=TLMS_pd
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:27 GMT
last-modified
Mon, 24 Apr 2023 16:43:50 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D7234B53ED7049F6BCF25FCE12AC4F00 Ref B: YMQ01EDGE0614 Ref C: 2023-04-30T00:48:28Z
etag
"97b0d0f2cb76d91:0"
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-type
image/gif
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42
xuid
eb2.3lift.com/ Frame C29E
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/triplelift/2622586526323626602146?gdpr=0&gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=2662&xuid=y-3xT8OhBE2oQ6GBkHxQDUYjmq1tmg7QgUlpMlPY5Kcg--~A&dongle=0883
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=2662&xuid=y-3xT8OhBE2oQ6GBkHxQDUYjmq1tmg7QgUlpMlPY5Kcg--~A&dongle=0883
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://eb2.3lift.com/xuid?mid=2662&xuid=y-3xT8OhBE2oQ6GBkHxQDUYjmq1tmg7QgUlpMlPY5Kcg--~A&dongle=0883
content-length
0
xuid
eb2.3lift.com/ Frame C29E
Redirect Chain
  • https://b1sync.zemanta.com/usersync/triplelift?gdpr=0&gdpr_consent=
  • https://stags.bluekai.com/site/23178?id=XOqUeEAtuZ0MzgQqZr29&redir=https%3A%2F%2Fb1sync.zemanta.com%2Fusersync%2Fbluekai%2Fcallback%2F%3Fd%3DNB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLE...
  • https://b1sync.zemanta.com/usersync/bluekai/callback/?d=NB2HI4DTHIXS6ZLCGIXDG3DJMZ2C4Y3PNUXXQ5LJMQ7WI33OM5WGKPLEMJQTQJTFPBRWQYLOM5ST25DSNFYGYZLMNFTHIJTHMRYHEPJQEZWWSZB5GI2DMMBGPB2WSZB5LBHXCVLFIVAXI...
  • https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=XOqUeEAtuZ0MzgQqZr29
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=XOqUeEAtuZ0MzgQqZr29
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:28 GMT
Content-Type
text/html; charset=utf-8
Location
https://eb2.3lift.com/xuid?dongle=dba8&gdpr=0&mid=2460&xuid=XOqUeEAtuZ0MzgQqZr29
P3p
CP="We do not support P3P header."
Cache-Control
no-cache, no-store, must-revalidate
Content-Length
115
Expires
Thu, 01 Dec 1994 16:00:00 GMT
xuid
eb2.3lift.com/ Frame C29E
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D3335%26xuid%3D%24UID%26dongle%3D4d58%26gdpr=0%26gdpr_consent=
  • https://eb2.3lift.com/xuid?mid=3335&xuid=2057375735473623847&dongle=4d58&gdpr=0&gdpr_consent=
37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=3335&xuid=2057375735473623847&dongle=4d58&gdpr=0&gdpr_consent=
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

Date
Sun, 30 Apr 2023 00:48:28 GMT
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
7c080a3c-58e2-4e9c-9474-041dd0c1061a
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Origin
*
Location
https://eb2.3lift.com/xuid?mid=3335&xuid=2057375735473623847&dongle=4d58&gdpr=0&gdpr_consent=
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
ib.adnxs.com/prebid/ Frame C29E 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=0&gdpr_consent=&uid=2622586526323626602146
Requested by
Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&gdpr=false&cb=29230
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.179.164 North Bergen, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://eb2.3lift.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:28 GMT
AN-X-Request-Uuid
80010698-36be-49d9-82e0-5b3e91ab4b90
Server
nginx/1.21.3
Accept-CH
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
149.56.153.185; 149.56.153.185; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
i.js
tag.wknd.ai/2051/ 		46 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.wknd.ai/2051/i.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.253.250 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
250.253.120.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
f445677b83f970889e8ebdfe93274e2efc4faeb82432af069a086879af7073b8

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:47:41 GMT
content-encoding
gzip
via
1.1 google
age
47
x-envoy-upstream-service-time
1
x-region
us-central1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11195
server
istio-envoy
etag
b5ac3cb279c483
vary
Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=60
timing-allow-origin
*
link
<https://assets.bounceexchange.com>; rel=dns-prefetch, <https://events.bouncex.net>; rel=dns-prefetch, <https://data.cdnbasket.net>; rel=dns-prefetch, <https://page.cdnbasket.net>; rel=dns-prefetch, <https://view.cdnbasket.net>; rel=dns-prefetch, <https://ids.cdnwidget.com>; rel=dns-prefetch, <https://u.cdnwidget.com>; rel=dns-prefetch, <https://pix.cdnwidget.com>; rel=dns-prefetch, <https://api.bounceexchange.com>; rel=preconnect, <https://pd.cdnwidget.com>; rel=preconnect
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 30 Apr 2023 00:48:28 GMT
1829da1b-69aa-44cf-9ea4-70e61b495492
https://www.chicagotribune.com/ 		390 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.chicagotribune.com/1829da1b-69aa-44cf-9ea4-70e61b495492
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Length
390
Content-Type
text/javascript
4dae16d4-e802-4b9b-8c08-898e17d7351a
https://www.chicagotribune.com/ 		390 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://www.chicagotribune.com/4dae16d4-e802-4b9b-8c08-898e17d7351a
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Length
390
Content-Type
text/javascript
sid
mug.criteo.com/ Frame 98B0
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertag&domain=chicagotribune.com&sn=ChromeSyncframe&so=0&topUrl=www.chicagotribune.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=9buIAXxpYm53N2l1Szg0N2k2RmlUbk5KUU9XTllXL0JaM0s2WWgvM0dRWWpYZ0YrMFdmRWRWQW84T0pyMGthZVpMdlJTSWw1dnJxOHVTZ2h5NkxobU1GRXNxRE1hOXJSbFRMRDdrQzVTbzJacEpYR3FOeFVSMWFlb0F0Ry...
454 B
675 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=9buIAXxpYm53N2l1Szg0N2k2RmlUbk5KUU9XTllXL0JaM0s2WWgvM0dRWWpYZ0YrMFdmRWRWQW84T0pyMGthZVpMdlJTSWw1dnJxOHVTZ2h5NkxobU1GRXNxRE1hOXJSbFRMRDdrQzVTbzJacEpYR3FOeFVSMWFlb0F0Ry9jbWVuU1Y4aWE1WTRlS1pmK2Vab3lDMk9mL2wvVVNDZTYweGQxMFJ5TUZGOWh0NEErcGhxVFo0eWtuU1I5Mm40L2NraTgzUzUrRDJSa2xEMDR1WVlqT1FUZ25PV2dkNUxBUUxMMFVLUXFnQzRmcXkxZFgzcDd0S0ttN01CT1RGaGltN1E2dUZzeHNvbzdscjArVmdHTDk2dWFYU3VrbXFBeWZOd21naWdqZEI1dEsraU45RT18&cppv=2
Protocol
H2
Server
74.119.119.139 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
7853f84e0bb301889ea5670ad8d060aeb5480cdaf01a9f2c7bb664ff414638b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:27 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
4793860
expires
0

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:27 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=9buIAXxpYm53N2l1Szg0N2k2RmlUbk5KUU9XTllXL0JaM0s2WWgvM0dRWWpYZ0YrMFdmRWRWQW84T0pyMGthZVpMdlJTSWw1dnJxOHVTZ2h5NkxobU1GRXNxRE1hOXJSbFRMRDdrQzVTbzJacEpYR3FOeFVSMWFlb0F0Ry9jbWVuU1Y4aWE1WTRlS1pmK2Vab3lDMk9mL2wvVVNDZTYweGQxMFJ5TUZGOWh0NEErcGhxVFo0eWtuU1I5Mm40L2NraTgzUzUrRDJSa2xEMDR1WVlqT1FUZ25PV2dkNUxBUUxMMFVLUXFnQzRmcXkxZFgzcDd0S0ttN01CT1RGaGltN1E2dUZzeHNvbzdscjArVmdHTDk2dWFYU3VrbXFBeWZOd21naWdqZEI1dEsraU45RT18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
278873
content-length
0
expires
0
10.2e1cdb4f7469aa007c8a.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		64 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/10.2e1cdb4f7469aa007c8a.chunk.js?Q_CLIENTVERSION=1.90.0&Q_CLIENTTYPE=web&Q_BRANDID=www.chicagotribune.com
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de28ac7907308ef497da86c8e54eac75a9fc8342f18493978d1cc17ebe7252ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
340288
cf-polished
origSize=66398
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 24 Apr 2023 23:27:23 GMT
cf-bgj
minify
server
cloudflare
etag
W/"1035e-187b597e378"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7bfbc7800e13a234-YYZ
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1052291973/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1052291973/?random=1682815707998&cv=11&fst=1682815707998&bg=ffffff&guid=ON&async=1&gtm=45He34q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&hn=www.googleadservices.com&frm=0&tiba=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&us_privacy=1---&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0143aac740a26a78b5969ca94c5cbd47bec9f2c115a794a8b13847efd65c1218
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
demconf.jpg
dpm.demdex.net/ Frame 0480
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=82530&dpuuid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
42 B
942 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
54.148.169.223 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-148-169-223.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pixel.sitescout.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

DCS
dcs-prod-usw2-2-v044-0a85e5e5e.edge-usw2.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
rp1TRV0gT2s=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-usw2-1-v044-080d73e0e.edge-usw2.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
y8U3OCmuTyg=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=82530&dpuuid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
receive
pixel.tapad.com/idsync/ex/ Frame 0480 		95 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=2499&partner_device_id=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pixel.sitescout.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000
via
1.1 google
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type
image/png
access-control-allow-origin
*
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95
pixel.gif
load77.exelator.com/ Frame 0480
Redirect Chain
  • https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
  • https://loadm.exelator.com/load/?p=204&g=700&j=0&buid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=&xl8blockcheck=1
  • https://load77.exelator.com/pixel.gif
43 B
365 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://load77.exelator.com/pixel.gif
Protocol
H2
Server
2a02:6ea0:c400::12 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pixel.sitescout.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-77-pop
newyorkUSNY
date
Sun, 30 Apr 2023 00:48:28 GMT
x-cache
HIT
x-77-cache
HIT
x-age
657232
x-accel-date
1682158476
content-length
43
x-77-nzt
AVm7sQ/KV/f/UAcKAA
x-accel-expires
@1683195276
last-modified
Wed, 25 Oct 2017 17:03:56 GMT
server
CDN77-Turbo
etag
"59f0c3fc-2b"
x-77-nzt-ray
49be1408196ae092dcba4d641d9c6e39
content-type
image/gif
access-control-allow-origin
*
accept-ranges
bytes

Redirect headers

date
Sun, 30 Apr 2023 00:48:28 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://load77.exelator.com/pixel.gif
content-type
image/gif
cache-control
no-cache
access-control-allow-credentials
true
content-length
0
um
sync.teads.tv/ Frame 0480 		23 B
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.teads.tv/um?eid=73&uid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.77.241.160 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-77-241-160.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.10 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pixel.sitescout.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires
Sun, 30 Apr 2023 00:48:28 GMT
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.10
content-length
23
content-type
image/gif
qmap
sync.crwdcntrl.net/ Frame 0480
Redirect Chain
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=&ct=y
49 B
733 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=&ct=y
Protocol
H2
Server
52.204.7.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-7-99.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://pixel.sitescout.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
server
Jetty(9.4.38.v20210224)
content-type
image/gif
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
*
cache-control
no-cache
x-server
10.40.8.239
content-length
49
expires
0

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=429a518f-08f4-44f4-bb88-e3752138e3b8-644dbad9-4341&gdpr=0&gdpr_consent=&ct=y
cache-control
no-cache
x-server
10.40.10.65
content-length
0
expires
0
cs.js
sb.scorecardresearch.com/internal-c2/default/
Redirect Chain
  • https://sb.scorecardresearch.com/c2/6036462/cs.js
  • https://sb.scorecardresearch.com/internal-c2/default/cs.js
0
340 B 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/internal-c2/default/cs.js
Protocol
H2
Server
108.138.128.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-112.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:40:12 GMT
via
1.1 8ee187646f657ced7afa83005e9249cc.cloudfront.net (CloudFront)
last-modified
Mon, 01 Mar 2021 20:42:20 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
497
etag
"d41d8cd98f00b204e9800998ecf8427e"
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
0
x-amz-cf-id
3nt0N3jP9Slc9sii8ukJ1TfC7gZyap94x4uMMHhuMUdoFHgzAXHpYg==

Redirect headers

date
Sun, 30 Apr 2023 00:48:28 GMT
via
1.1 8ee187646f657ced7afa83005e9249cc.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK50-P4
x-cache
Miss from cloudfront
location
/internal-c2/default/cs.js
content-length
0
x-amz-cf-id
vHKFWpcYjkhFhQd1xn-lqIcNgfZuzzOH4-eQLuNQ8wZRTto5-TEhDw==
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1C43 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
age
17363
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 29 Apr 2023 19:59:05 GMT
expires
Sun, 28 Apr 2024 19:59:05 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame E347 		783 B
968 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b3e4006b2fc077ffe79a6667f337b4d07960c420b6053228db6bbacaed708930
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-_tTAiLb1bkwQ2cE8WM8EJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-_tTAiLb1bkwQ2cE8WM8EJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 30 Apr 2023 00:48:28 GMT
expires
Sun, 30 Apr 2023 00:48:28 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
38.js
cdn.keywee.co/config/ 		231 B
563 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.keywee.co/config/38.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:d600:e:ec66:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
00eb5bf1d3e20107c280977e3cd0e4cb31ac7fdb1e5ef3f614d5b10db327a9ad

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 15:44:07 GMT
via
1.1 1baed9857df8e3a07a6cd7cd51feb3f8.cloudfront.net (CloudFront)
last-modified
Wed, 24 Jun 2020 14:11:17 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-P1
age
32848
etag
"6d0b593a97a5b1fd5bd8688dc305a346"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
content-length
231
x-amz-cf-id
fhDKq7ahuGxkbOqw8FnhqEbQ5d2KtvByz2u7s5FCdWuQlCE8KAcOCA==
runtime_ed54d7cacf42ca7551642baa572e3495.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/runtime_ed54d7cacf42ca7551642baa572e3495.br.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
70ca695827ee799ccb27df51756e9391870e9abd2ce148c269070152e300e248

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 01:30:45 GMT
content-encoding
br
age
83863
x-guploader-uploadid
ADPycds3K1-G-hH9VyJED6raAa_m_p0YiA2Ux9j_C4fHh4ApEXSTwtJA-jxj2tVk3KtqR28ZnZzQwcvDitLeO3QLZ28Fqt04Cmdk
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
672
last-modified
Wed, 26 Apr 2023 18:32:26 GMT
server
UploadServer
etag
"6b390255ab99a0cfade03457a44da3e1"
x-goog-generation
1681322387171695
x-goog-hash
crc32c=uPCEAw==, md5=azkCVauZoM+t4DRXpE2j4Q==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
672
accept-ranges
bytes
content-type
text/javascript
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		1 KB
862 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3mJ4UJ3nXSLnMih&Q_CLIENTVERSION=1.90.0&Q_CLIENTTYPE=web
Requested by
Host: siteintercept.qualtrics.com
URL: https://siteintercept.qualtrics.com/dxjsmodule/10.2e1cdb4f7469aa007c8a.chunk.js?Q_CLIENTVERSION=1.90.0&Q_CLIENTTYPE=web&Q_BRANDID=www.chicagotribune.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f47dcc4291b9c84cf460c129650c43305c436bf9885e5a814bf9fe3412fcb1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
permissions-policy
camera=(), geolocation=(), microphone=()
trace-id
19375a56865289a2
cf-ray
7bfbc7814831a234-YYZ
timing-allow-origin
*
any
idx.liadm.com/idex/unknown/ 		54 B
437 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/unknown/any?duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&us_privacy=1---&gdpr=0
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-01d0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.40.206 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-40-206.compute-1.amazonaws.com
Software
/
Resource Hash
17ea6e990e6cd536c8c66c591033719d1f403b092dee1d66cd481c5ce51fd798
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
request-time
2
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
trace-id
408ef1f999ac9767
content-length
54
expires
Mon, 01 May 2023 00:48:28 GMT
any
idx.liadm.com/idex/unknown/ 		54 B
437 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://idx.liadm.com/idex/unknown/any?duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&us_privacy=1---&gdpr=0
Requested by
Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-01d0.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.1.40.206 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-1-40-206.compute-1.amazonaws.com
Software
/
Resource Hash
17ea6e990e6cd536c8c66c591033719d1f403b092dee1d66cd481c5ce51fd798
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
request-time
3
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
trace-id
f5f4d342d1a6e624
content-length
54
expires
Mon, 01 May 2023 00:48:28 GMT
explore-more.20230427-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/explore-more.20230427-7-RELEASE.es6.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9ca9f09fd888168eaa6fbaeb6305f77192e22689d6648f75249b27b89469fafa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
aCaelB.I6.002MZc9OprusQ1nqFSmPc.
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:28 GMT
x-amz-request-id
K1N0KYHJZPCCBTVG
age
145432
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
PENDING
content-length
7554
x-amz-id-2
/zqpwaMKPG2FUYeKVu4QA67v8ldmKSZyo2fmnAZwNbcS3KDe8nCUdITpVoxMUhaTSpblclcl5L8=
x-served-by
cache-yyz4581-YYZ
last-modified
Fri, 28 Apr 2023 08:24:36 GMT
server
AmazonS3
x-timer
S1682815708.438745,VS0,VE0
etag
"183528c666f49b54092265493111af43"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
43
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
20581
feed-card-placeholder.20230427-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/feed-card-placeholder.20230427-7-RELEASE.es6.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9b76acaf40bb58b64fcc644504641c93f5091e0aeddcc55db81ff58b4a802e6a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
lykY8tvsxn49RywfWLirxEJmAMDhR9sx
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:28 GMT
x-amz-request-id
K4XHCWMDBF2G28X9
age
145431
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
PENDING
content-length
1262
x-amz-id-2
sVuNOVyVFI0mzNqUEaLqJHOrcQ7JokQavLumjMdJ0TAEMkC2Vw/TZD4xWc2cmzBDJ8Jr7C+oVoc=
x-served-by
cache-yyz4581-YYZ
last-modified
Fri, 28 Apr 2023 08:24:37 GMT
server
AmazonS3
x-timer
S1682815708.443069,VS0,VE0
etag
"10ac00fa6d0dda809a73bea40c206cf5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
43
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
44380
userx.20230427-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/userx.20230427-7-RELEASE.es6.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9b8625c4402d86800b7897daba8aab22235ca8ca1f711b577558ccf73b8817c7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
Impp0E3AOkcLKlBUBj8zlyqTggheLDUl
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:28 GMT
x-amz-request-id
3RNEJCSWV2G2RYVH
age
145405
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
PENDING
content-length
5398
x-amz-id-2
zbg/XMD2h9cEvtZyAyXpUispWZf8xxCPjQ/8NUYlUEvWKBCVYOEeZ2kmDWafTFQZc5e6iPBVTf4=
x-served-by
cache-yyz4581-YYZ
last-modified
Fri, 28 Apr 2023 08:25:03 GMT
server
AmazonS3
x-timer
S1682815708.471965,VS0,VE0
etag
"902ec59d9ad5a82b954f8d0b83b65cdb"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
43
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
15865
UnitFeedManagerDesktop.min.js
vidstat.taboola.com/lite-unit/3.9.9/ 		111 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vidstat.taboola.com/lite-unit/3.9.9/UnitFeedManagerDesktop.min.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c0a7b78b741975a40bcc99c4b89e39855248aa76b3c8d639c8dc39245ebe1441

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
via
1.1 1005873908b937da8d6e408eda0fb9e0.cloudfront.net (CloudFront), 1.1 varnish
content-encoding
gzip
x-amz-cf-pop
YTO50-P1
age
2805258
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront, HIT
content-length
30995
x-served-by
cache-yyz4581-YYZ
last-modified
Sun, 05 Mar 2023 10:04:45 GMT
server
AmazonS3
x-timer
S1682815709.570471,VS0,VE0
etag
"c04a240008c67910556582d1bf159ad7"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
accept-ranges
bytes
access-control-allow-headers
*
x-amz-cf-id
wk9dkDNJ0kmEwmCMNKMFse9J8ttP7wgqqe7hZsRuA8AwzvO4UY-vWA==
x-cache-hits
86746
f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:28 GMT
x-amz-request-id
FDNQJ5JX1VJPS0MT
age
96
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1758
x-amz-id-2
8MAcOgZZj0f3S7rA7UUIpD4jrZoV7TPv5x/ZcnVb5EzAfa+PIbsZhLcASFf2anRS8iE2h0dDhNc=
x-served-by
cache-yyz4581-YYZ
last-modified
Wed, 07 Feb 2018 11:15:52 GMT
server
AmazonS3
x-timer
S1682815709.638605,VS0,VE0
etag
"b8b410e4b18d45aa2f3d9bc09cd335fb"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
abp
43
cache-control
private,max-age=31536000
accept-ranges
bytes
access-control-allow-headers
*
x-cache-hits
40
supply-feature
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/supply-feature?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22ADOPTED%22%2C%22event_value%22%3A%22%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=00%3A48%3A28.423&id=9046&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
abtests
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/abtests?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1682815708447%7D&tim=00%3A48%3A28.447&id=6123&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
debug
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/2/ 		0
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/2/debug?tim=00%3A48%3A28.660&type=info&msg=Load%20publisher%20card%3A%20%23taboola-skip%20on%20Card%3A%207%20with%20the%20anchor%20element%20selector%3A%20%23taboola-skip%20succeed&llvl=2&id=2070&cv=20230427-7-RELEASE&lt=deflated&idx=pc&pc=%23taboola-skip&st=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:28 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22388
abtests
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/abtests?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22pageLoad%22%2C%22type%22%3A%7B%22storageRef%22%3Anull%2C%22referrer%22%3A%22%22%7D%2C%22eventTime%22%3A1682815708664%7D&tim=00%3A48%3A28.664&id=3340&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
/
www.google.com/pagead/1p-user-list/1052291973/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1052291973/?random=1682815707998&cv=11&fst=1682812800000&bg=ffffff&guid=ON&async=1&gtm=45He34q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&frm=0&tiba=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&fmt=3&is_vtc=1&random=2553707976&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/1052291973/ 		42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/1052291973/?random=1682815707998&cv=11&fst=1682812800000&bg=ffffff&guid=ON&async=1&gtm=45He34q0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&frm=0&tiba=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&fmt=3&is_vtc=1&random=2553707976&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame E347 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202304270101&jk=3220473730311646&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers
sp-2.9.1.js
cdn.keywee.co/dist/ 		75 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.keywee.co/dist/sp-2.9.1.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2209:d600:e:ec66:e40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8ae5b95f24ba3bf0fa5b9b21ffca4ef8a683558ae0a4985abf835f7b71ad0579

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 16:28:03 GMT
content-encoding
gzip
via
1.1 1baed9857df8e3a07a6cd7cd51feb3f8.cloudfront.net (CloudFront)
last-modified
Sun, 14 Oct 2018 12:37:03 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-P1
age
2967626
etag
W/"e0e6c30dc2f18c8cee12448a4cbb07eb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/x-javascript
cache-control
max-age=315360000
x-amz-cf-id
Z6P6p6qjW8PAZx6cgjQ5SKNU2-NaYl7fFPMpnThjNCWSN4o-ajzEkw==
social
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/social?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&st=social-available&d=%7B%22data%22%3A%5B%7B%22i%22%3A%22ctx%22%2C%22ism%22%3Afalse%2C%22srx%22%3A1600%2C%22sry%22%3A1200%2C%22pd%22%3Anull%2C%22tpl%22%3A%22%22%2C%22url%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%22%2C%22rref%22%3A%22%22%2C%22sref%22%3A%22_sessionPending_%22%2C%22hdl%22%3A%22Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%22%2C%22sec%22%3A%22business%22%2C%22aut%22%3A%5B%22Matt%20O%27Brien%22%2C%22Frank%20Bajak%22%5D%2C%22img%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fresizer%2FWrgFs9Pd-pimADuc4zwSh5kvnyc%3D%2F3276x2184%2Ffilters%3Aformat(jpg)%3Aquality(70)%2Fcloudfront-us-east-1.images.arcpublishing.com%2Ftronc%2FYNEJMDCSNZQBKEHASTPB2C7KZY.jpg%22%2C%22v%22%3A15%2C%22pw%22%3Afalse%7D%5D%7D&tim=00%3A48%3A28.699&id=5233&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
abtests
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/abtests?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22recommendation-reel%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1682815708729%7D&tim=00%3A48%3A28.730&id=1980&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:28 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
j
rp4.liadm.com/
Redirect Chain
  • https://rp.liadm.com/j?dtstmp=1682815708761&aid=a-01d0&se=e30&duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&tna=v2.7.1&pu=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cy...
  • https://rp4.liadm.com/j?dtstmp=1682815708761&aid=a-01d0&se=e30&duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&tna=v2.7.1&pu=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-c...
51 B
591 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rp4.liadm.com/j?dtstmp=1682815708761&aid=a-01d0&se=e30&duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&tna=v2.7.1&pu=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&us_privacy=1---&wpn=lc-bundle&gdpr=0&c=PHRpdGxlPldhcyBteSB3b3JrcGxhY2UgaGl0IGJ5IFNvbGFyV2luZHMgaGFjaz8gQW5kIGZvdXIgbW9yZSBjeWJlcnNlY3VyaXR5IHF1ZXN0aW9ucyBhbnN3ZXJlZC4g4oCTIENoaWNhZ28gVHJpYnVuZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkdvdmVybm1lbnRzIGFuZCBtYWpvciBjb3Jwb3JhdGlvbnMgd29ybGR3aWRlIGFyZSBzY3JhbWJsaW5nIHRvIHNlZSBpZiB0aGV5LCB0b28sIHdlcmUgdmljdGltcyBvZiBhIGdsb2JhbCBjeWJlcmVzcGlvbmFnZSBjYW1wYWlnbiB0aGF0IHBlbmV0cmF0ZWQgbXVsdGlwbGUgVS5TLiBnb3Zlcm5tZW50IGFnZW5jaWVzLiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vd3d3LmNoaWNhZ290cmlidW5lLmNvbS9idXNpbmVzcy9jdC1iaXotc29sYXJ3aW5kLW9yaW9uLWN5YmVyc2VjdXJpdHktaGFja2luZy1jYi0yMDIwMTIxNS1xY2c0a3pneDZ2Z2JoaWVod3lnaHVzaDQ1bS1zdG9yeS5odG1sIj48aDEgY2xhc3M9InByaW1hcnktZm9udF9fUHJpbWFyeUZvbnRTdHlsZXMtbzU2eWQ1LTAgZ1ZCTXBpIGhlYWRsaW5lIj5XYXMgbXkgd29ya3BsYWNlIGhpdCBieSBTb2xhcldpbmRzIGhhY2s_IEFuZCBmb3VyIG1vcmUgY3liZXJzZWN1cml0eSBxdWVzdGlvbnMgYW5zd2VyZWQuPC9oMT4&i6=MjYwNzo1MzAwOjYwOjc4Njc6OjU%3D
Protocol
H2
Server
3.221.86.84 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-221-86-84.compute-1.amazonaws.com
Software
/
Resource Hash
c3c34417df3ed3b0cff89bcc28a4d01f4bb506c4fe30836b1664598946d6c4f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:29 GMT
x-pixel-event-id
ceaa4720-6df7-425c-b0c0-9040b0837244
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
strict-transport-security
max-age=31536000; includeSubDomains
x-frame-options
DENY
vary
Origin
content-type
application/json
request-time
0
access-control-allow-origin
null
access-control-allow-credentials
true
trace-id
73b8ebe1f99a3771
content-length
51
x-xss-protection
1; mode=block

Redirect headers

date
Sun, 30 Apr 2023 00:48:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
vary
Origin
location
https://rp4.liadm.com/j?dtstmp=1682815708761&aid=a-01d0&se=e30&duid=91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf&tna=v2.7.1&pu=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&us_privacy=1---&wpn=lc-bundle&gdpr=0&c=PHRpdGxlPldhcyBteSB3b3JrcGxhY2UgaGl0IGJ5IFNvbGFyV2luZHMgaGFjaz8gQW5kIGZvdXIgbW9yZSBjeWJlcnNlY3VyaXR5IHF1ZXN0aW9ucyBhbnN3ZXJlZC4g4oCTIENoaWNhZ28gVHJpYnVuZTwvdGl0bGU-PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkdvdmVybm1lbnRzIGFuZCBtYWpvciBjb3Jwb3JhdGlvbnMgd29ybGR3aWRlIGFyZSBzY3JhbWJsaW5nIHRvIHNlZSBpZiB0aGV5LCB0b28sIHdlcmUgdmljdGltcyBvZiBhIGdsb2JhbCBjeWJlcmVzcGlvbmFnZSBjYW1wYWlnbiB0aGF0IHBlbmV0cmF0ZWQgbXVsdGlwbGUgVS5TLiBnb3Zlcm5tZW50IGFnZW5jaWVzLiI-PGxpbmsgcmVsPSJjYW5vbmljYWwiIGhyZWY9Imh0dHBzOi8vd3d3LmNoaWNhZ290cmlidW5lLmNvbS9idXNpbmVzcy9jdC1iaXotc29sYXJ3aW5kLW9yaW9uLWN5YmVyc2VjdXJpdHktaGFja2luZy1jYi0yMDIwMTIxNS1xY2c0a3pneDZ2Z2JoaWVod3lnaHVzaDQ1bS1zdG9yeS5odG1sIj48aDEgY2xhc3M9InByaW1hcnktZm9udF9fUHJpbWFyeUZvbnRTdHlsZXMtbzU2eWQ1LTAgZ1ZCTXBpIGhlYWRsaW5lIj5XYXMgbXkgd29ya3BsYWNlIGhpdCBieSBTb2xhcldpbmRzIGhhY2s_IEFuZCBmb3VyIG1vcmUgY3liZXJzZWN1cml0eSBxdWVzdGlvbnMgYW5zd2VyZWQuPC9oMT4&i6=MjYwNzo1MzAwOjYwOjc4Njc6OjU%3D
access-control-allow-origin
https://www.chicagotribune.com
request-time
0
access-control-allow-credentials
true
trace-id
b23a033133f79aa2
content-length
0
x-xss-protection
1; mode=block
wWfSKEvm5m71ncvuKkb75n2aRSa4xnPTVaXx3Fl3SgU.js
pagead2.googlesyndication.com/bg/ Frame 1C43 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/wWfSKEvm5m71ncvuKkb75n2aRSa4xnPTVaXx3Fl3SgU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c167d2284be6e66ef59dcbee2a46fbe67d9a4526b8c673d355a5f1dc59774a05
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 11:44:41 GMT
content-encoding
br
x-content-type-options
nosniff
age
47027
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14195
x-xss-protection
0
last-modified
Tue, 25 Apr 2023 09:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 28 Apr 2024 11:44:41 GMT
main-v2_4ee6f298671782ef8e51f5ad1efd9a7c.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		384 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_4ee6f298671782ef8e51f5ad1efd9a7c.br.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
793fdca2b6e80d9ee6173423de6a9b665ee173601e83a64a098778e64eed15f2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 16:15:19 GMT
content-encoding
br
age
30789
x-guploader-uploadid
ADPycduFDcAHgyt1Q0kcdM2ac9cNB6sw2XSCfPJ5yn9Ik8J-_tEiYJ7aAikju8KboFCKGs0kScQvOoxjAVgmyYm1yzXkX44VgYzq
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77022
last-modified
Wed, 26 Apr 2023 18:32:05 GMT
server
UploadServer
etag
"b59593d87cff18d2d60d650bb3712569"
x-goog-generation
1682533925470354
x-goog-hash
crc32c=xdD7mg==, md5=tZWT2Hz/GNLWDWULs3ElaQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
77022
accept-ranges
bytes
content-type
text/javascript
cjs_min_d3355f68087fd22ff9c44c4cf827ba03.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		47 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_d3355f68087fd22ff9c44c4cf827ba03.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
69ec733c4a71a96f08667815fa76edab074e72ca45fe1501fd3e01bf5dd91190

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 15:26:08 GMT
content-encoding
gzip
age
33740
x-guploader-uploadid
ADPycdtLnttYyJPWEI3zDbOAWYeGHdiWjxIXRtuJV_r2qM2wIPxhT65-s_37ywDKBL6hkugx0XDlCqTVJ1QQnWyhy3FiSYOA-SIO
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15372
last-modified
Wed, 26 Apr 2023 15:26:59 GMT
server
UploadServer
etag
"d64f26d4ebe6f763c106536b6f705227"
x-goog-generation
1682522819317887
x-goog-hash
crc32c=XlYXmA==, md5=1k8m1Ovm92PBBlNrb3BSJw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600,no-transform
x-goog-stored-content-length
15372
accept-ranges
bytes
content-type
text/javascript; charset=utf-8
i
pixel.keywee.co/ 		43 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.keywee.co/i?stm=1682815709028&e=pv&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&page=Was%20my%20workplace%20hit%20by%20SolarWinds%20hack%3F%20And%20four%20more%20cybersecurity%20questions%20answered.%20%E2%80%93%20Chicago%20Tribune&tv=js-2.9.1&tna=cf&aid=38&p=web&tz=UTC&lang=en-US&cs=UTF-8&f_pdf=1&f_qt=0&f_realp=0&f_wma=0&f_dir=0&f_fla=0&f_java=0&f_gears=0&f_ag=0&res=1600x1200&cd=24&cookie=1&f_passive=1&f_wheel=wheel&eid=777ab99c-1f80-45b3-b1b5-fc46d2045c26&dtm=1682815709016&vp=1600x1200&ds=1600x12635&vid=1&sid=24e58466-f1da-4f91-a802-ab140e7fbadb&duid=5d25c2b0-6049-45f0-aa86-718ca54aa4af&fp=792662924
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
34.226.179.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-226-179-32.compute-1.amazonaws.com
Software
nginx/1.21.3 /
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

status
200 OK
date
Sun, 30 Apr 2023 00:48:29 GMT
x-content-type-options
nosniff
content-type
image/gif
server
nginx/1.21.3
content-length
43
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Menu_Icon.svg
www.chicagotribune.com/pf/resources/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/pf/resources/icons/Menu_Icon.svg?d=136
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20230427-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
94dba5e97bd9780046fc76db034ae0132c04cdf51858c680ef043f841ee3a468
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000
date
Sun, 30 Apr 2023 00:48:29 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NYAZBG8086BMYV
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815709.1115544f
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286610511_37_10806_17_0";dur=1
content-length
505
x-amz-id-2
XXWIDILSyzO1OtLcfmenAp2V8u+z8WrfwfXT5nC2uim80V2M2UYjGKO9gaMZTIyn6GepAAwNYIh54HN9FbDgVRxIlecn+e+uBBnqTgt7Cg8=
last-modified
Wed, 26 Apr 2023 20:02:17 GMT
server
openresty
etag
W/"3078b03aa176e280460db6374ed5934b"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:29 GMT
Chicago_Tribune-chiblue.svg
www.chicagotribune.com/pf/resources/logo/ 		13 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/pf/resources/logo/Chicago_Tribune-chiblue.svg?d=136
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20230427-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
37f8ab8769785287d8b890ba001c44d93c98ec851e4abe769e8a5e243bbe1f0b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:29 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
7Q76F335K3C6C38R
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815709.11155456
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286610518_1785_10775_17_0";dur=1
content-length
5118
x-amz-id-2
7P9TPl3sUZ0UfglqX/8/fTePlEvm6xRtCqqzWTJ95G/ZtIFy/w2oGRh4tqkr6iRsq25wBj7N0bA=
last-modified
Wed, 26 Apr 2023 20:02:18 GMT
server
openresty
etag
W/"71456cc06238c3a185cccb135bec0329"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:29 GMT
Search_Icon.svg
www.chicagotribune.com/pf/resources/icons/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.chicagotribune.com/pf/resources/icons/Search_Icon.svg?d=136
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20230427-7-RELEASE.es6.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
9729f3eab64671484b7dc72a11b62aa1f6f7841711fa84c318e01007dd03e6c2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
31536000, 31536000
date
Sun, 30 Apr 2023 00:48:29 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
x-amz-request-id
S3NH075F7SRRW9P5
x-amz-server-side-encryption
AES256
x-arc-request-id
0.8d747e68.1682815709.11155457
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467448_1753117837_286610519_108_10690_17_0";dur=1
content-length
700
x-amz-id-2
ml/1sVaK7WWsEaXDnkeZXN3uIfFnKCcsZ4sGUDmUvmnLjDL3zl/u+vt2HKbCJaxOBZwp9NSostI=
last-modified
Wed, 26 Apr 2023 20:02:17 GMT
server
openresty
etag
W/"d947de375e50e50a1aa4f7951e3c56b0"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
expires
Mon, 29 Apr 2024 00:48:29 GMT
css2
fonts.googleapis.com/ 		2 KB
445 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:817::200a New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a3fb3097161f7fafdb9c550381e3ddc6fba01a5cff3d5097a9ef7719548d1330
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 30 Apr 2023 00:48:29 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 29 Apr 2023 23:27:23 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 30 Apr 2023 00:48:29 GMT
spa-detector.20230427-7-RELEASE.es6.js
cdn.taboola.com/libtrc/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/libtrc/spa-detector.20230427-7-RELEASE.es6.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c28ee863ec98028922af754b8f10e8fbd8d9563c4f159debcb860be5774f6643

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
NzvEFxz.B3zu0dJkfY6bXMqj.43bxoDP
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:29 GMT
x-amz-request-id
Y9WS9R2KR2VPYTQM
age
145417
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
PENDING
content-length
810
x-amz-id-2
7f9z6sbROAFJCLLDguiofMAustftwAxyvixT4h2USjXQJPMc3HjPVf1G1pW0liG15bw8LQFGi00=
x-served-by
cache-yyz4581-YYZ
last-modified
Fri, 28 Apr 2023 08:24:51 GMT
server
AmazonS3
x-timer
S1682815709.122392,VS0,VE0
etag
"d6aaac70ca4999be096449fc3d9d9673"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
abp
43
access-control-allow-origin
*
cache-control
private,max-age=2629743
accept-ranges
bytes
x-cache-hits
21996
supply-feature
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/supply-feature?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22AVAILABLE%22%2C%22event_value%22%3A%22%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=00%3A48%3A29.066&id=3624&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:29 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
abtests
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/abtests?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22explore-more%22%2C%22type%22%3A%22header%20found%22%2C%22eventTime%22%3A1682815709082%7D&tim=00%3A48%3A29.083&id=1358&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:29 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
supply-feature
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/supply-feature?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22CLICKABLE%22%2C%22event_value%22%3A%22tblOriginalState%3A%20true%22%2C%22event_msg%22%3A%22back%20button%20enabled%2C%20history%20changed.%22%2C%22event_key%22%3A%22%22%7D&tim=00%3A48%3A29.090&id=7695&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:29 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
abtests
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/abtests?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22explore-more%22%2C%22type%22%3A%22explore-more-available%22%2C%22eventTime%22%3A1682815709110%7D&tim=00%3A48%3A29.110&id=4558&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:29 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
baker
sli.chicagotribune.com/ 		19 B
371 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sli.chicagotribune.com/baker?dtstmp=1682815709194
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.51.148.176 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-51-148-176.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Expires
Sun, 30 Apr 2023 00:48:29 GMT
Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:29 GMT
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
19
Content-Type
image/gif
S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v23/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 02:51:39 GMT
x-content-type-options
nosniff
age
79010
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
22504
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 16:04:16 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 02:51:39 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:wght@300;400;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2003 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.chicagotribune.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 16:55:55 GMT
x-content-type-options
nosniff
age
28354
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23580
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 15:48:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 28 Apr 2024 16:55:55 GMT
flipptag.js
cdn-gateflipp.flippback.com/tag/js/ Frame 6039 		73 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=1190282
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230427-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-80.jfk50.r.cloudfront.net
Software
envoy /
Resource Hash
d8254c34b46b988a144dcfa0897a7f8cb6a5588e9d115ad18981c0b94ba6cfb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:29 GMT
via
1.1 8fd21502425077e617fde7325b45e112.cloudfront.net (CloudFront)
server
envoy
x-amz-cf-pop
JFK50-P2
vary
Origin,Origin, Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
no-store
x-envoy-upstream-service-time
3
x-amz-cf-id
PeJ21-5ZaMbuTII4uyJF0WE3xrPerqK1LnZZj9888Ln-pSFB6XgKAw==
inbox-v2_1f1650b71f3eef0016a17d90fcebc5b6.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		27 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/inbox-v2_1f1650b71f3eef0016a17d90fcebc5b6.br.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
187b5acd618b7995f08dce701392ed8f4b15bafd54b1368279c733f4042da994

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 13:32:37 GMT
content-encoding
br
age
40552
x-guploader-uploadid
ADPycdvE2R7IPR8fuj3Qn12GGp7q0QODDHEAW_QC7mhqmSbaX6QdgLKVfYAXLmQh20utyD3DxsLVijQszGEkC46xavc_KFpEM1nc
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7523
last-modified
Wed, 26 Apr 2023 18:31:57 GMT
server
UploadServer
etag
"b50e84a25b22a6b39eec1daa706aa706"
x-goog-generation
1682007789506354
x-goog-hash
crc32c=2D1ggA==, md5=tQ6EolsiprOe7B2qcGqnBg==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
7523
accept-ranges
bytes
content-type
text/javascript
sms-v2_39633073cdef983477ef5397e5ed193e.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		5 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/sms-v2_39633073cdef983477ef5397e5ed193e.br.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
2e3d6fd9a0af1ad680b036add4063d2d1d8718321ee26bef90289c86ca0b99a6

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 15:14:39 GMT
content-encoding
br
age
34430
x-guploader-uploadid
ADPycdtgoaMdWMp9viuBEBSJQ4ANEneh0YJpLuuGdWqRqshcoGMWoMA-dOZ7PluhS1Kda5LMK-YgG1pofTMeKuNOH8x7tMIIiQ7L
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1504
last-modified
Wed, 26 Apr 2023 18:32:30 GMT
server
UploadServer
etag
"917b415989de3eda09376704b6314bcb"
x-goog-generation
1681917248133270
x-goog-hash
crc32c=XIYVTA==, md5=kXtBWYnePtoJN2cEtjFLyw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
1504
accept-ranges
bytes
content-type
text/javascript
onsite-v2_ed2994641ad6d97e7617ed368e39d897.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/onsite-v2_ed2994641ad6d97e7617ed368e39d897.br.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1ee26762e2224737d899a3a3ff533c0277943862e1183ee8ec5123875f5cb9ba

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 08:22:08 GMT
content-encoding
br
age
59181
x-guploader-uploadid
ADPycdtcVKciUFYIV8eF02ALnsNMkdxe7dZAagx2joq6jMjxCkz2xIglqh7-XuaFdRdoAKyJLr6ztuWaBWsRfaUclmBFvClAHCfT
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5823
last-modified
Wed, 26 Apr 2023 18:32:13 GMT
server
UploadServer
etag
"08429fe3983810b5f6d237990c89af71"
x-goog-generation
1682007807098849
x-goog-hash
crc32c=KRSxYQ==, md5=CEKf45g4ELX20jeZDImvcQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
5823
accept-ranges
bytes
content-type
text/javascript
ads-v2_6eb3a1c6399ab7bf2a66cb7773c7cc26.br.js
assets.bounceexchange.com/assets/smart-tag/versioned/ 		248 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/smart-tag/versioned/ads-v2_6eb3a1c6399ab7bf2a66cb7773c7cc26.br.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
560858382d7e96a40a8bfa4e9c3fc05d84fdec133649734d7acca44a675ecfd2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 10:50:35 GMT
content-encoding
br
age
50274
x-guploader-uploadid
ADPycdvKthOHpLHjmdHZG1ZvfuguwFiQ5xeIm47XKHyoWR1SynSmckRYOpri2IG13mmM5ufO0NErdz4JVC77RAYkF_E8qDcuPRYg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
45914
last-modified
Wed, 26 Apr 2023 18:31:48 GMT
server
UploadServer
etag
"3098272e4269dcdaf6ac552e806a8744"
x-goog-generation
1682344481393804
x-goog-hash
crc32c=vUIJKg==, md5=MJgnLkJp3Nr2rFUugGqHRA==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
45914
accept-ranges
bytes
content-type
text/javascript
fc0b5eb20fe0f5a03096a68749ef8001.br.json
assets.bounceexchange.com/assets/gam/4011/ 		664 KB
119 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/gam/4011/fc0b5eb20fe0f5a03096a68749ef8001.br.json
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_4ee6f298671782ef8e51f5ad1efd9a7c.br.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
5d46c9190c0d74b7a4d88dcf48d0c714f23052032f890949888d6b34b836f607

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 23:03:10 GMT
content-encoding
br
age
6319
x-guploader-uploadid
ADPycdsfvKyQrOzseaAgdxjdktkNCF2LINyL6i-bLjFEELL7IP8FqaO9fsM9am2pvvQW9s9hBNTSNJQo0QAfkygNIBssj0ECHu3O
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
121870
last-modified
Sat, 29 Apr 2023 23:00:59 GMT
server
UploadServer
etag
"62785c3b03bc042527ede911c750f042"
x-goog-generation
1682722859715535
x-goog-hash
crc32c=18rzlw==, md5=YnhcOwO8BCUn7ekRx1DwQg==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace, etag
cache-control
public,max-age=3600
x-goog-stored-content-length
121870
accept-ranges
bytes
content-type
text/plain; charset=UTF-8
abtests
us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
362 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-trc-events.taboola.com/tribunedigital-chicagotribune/log/3/abtests?route=US:US:V&lti=deflated&ri=e1c0d9758804768ec61b1e5360d597dc&sd=v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB&ui=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&pi=/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&wi=4805873460494427169&pt=text&vi=1682815707735&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22explore-more%22%2C%22type%22%3A%22explore-more-available-spa%22%2C%22eventTime%22%3A1682815709422%7D&tim=00%3A48%3A29.422&id=4456&llvl=2&cv=20230427-7-RELEASE&
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:29 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
/
data.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_d3355f68087fd22ff9c44c4cf827ba03.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.239.87 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
87.239.149.34.bc.googleusercontent.com
Software
/
Resource Hash
5930c52386428cfc5a608b256ce54b1688495c985d54500dce5b7cc18af7d01c

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
page.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://page.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_d3355f68087fd22ff9c44c4cf827ba03.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.149.31.64 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
64.31.149.34.bc.googleusercontent.com
Software
/
Resource Hash
d2964eaca64abdde2289ae57bc1f0a0950a04eede167f609a291ec8d1ad588c5

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
/
view.cdnbasket.net/ 		14 B
338 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://view.cdnbasket.net/
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_d3355f68087fd22ff9c44c4cf827ba03.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
34.117.121.15 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
15.121.117.34.bc.googleusercontent.com
Software
/
Resource Hash
0869744a5242249d78d150c4fa9496c32192f67745486c9681180d6a18fd0550

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:29 GMT
Transfer-Encoding
chunked
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Access-Control-Allow-Headers
Origin, Content-Type, Accept
Expires
0
st
imprnjmp.taboola.com/ Frame BD2A 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imprnjmp.taboola.com/st?cijs=convusmp&ttype=0&cisd=convusmp&cipid=66361655&crid=-1&dast=V8nR4CLAYgA64ib8xvXBBABlxF3pjfuCgAAABgYID-AImMNpOJbeRbi2yjiVs08q3cwtHKslZ4dqPRYmUaLWwbIyCR0WYysY18a5FtNHGLRr6VWzhaWdYKz240WqxMo4VtYwUfxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOGwQaoul0-Fz3et3vd9cYnR6Hz2-6PC2uu8uu8bv9EtfnaXd5Pn-N6S1xWt-av9lh-T3tJrfe8vTb3RrnxWX5vDyuy9P0fAsdHq_T7nNrLG7JYDJYTBarteLjM22tP-Nt9rMYnS6j7_kzuj5H02rt1pz-luddaHqb7QAAAADgwf___z8EAAAAgAgAAAAAEgAAAAAoBFT4tyBwAQAAAADD____vwYAkw0C0SEHhPbbTZeXw-wPAAAAACAAAAAASAAQ_MSVALB4XT7x_________x9jgD7zRsb_____DYUeAA8-AB6EAAAAXAxhPmQWLOZ4QCJCQFiEEQAAAIBKnMzcI5N0gopFlf___34rAFcAAAIOn0PVi7PoDkq8hQEAABAYs0APi99vdtg1frfL_P________-b-T_zj0aopn44jfAkir2aX0AAgDW_gAAAbNQNAMCbADhBh6AVg8HqDORoMDsAAAAAd_7____1gMzGtthMXKaFYbkbLUyrzXIwMQ6GC8tishwujMvtoQslSMIZTNTrEyIus9_3VlhOT4_Z5RYdXW-L59-gdAjig4ZhORkE8zNhi9FqMtksh7PlYjIYjoaj0f4MxGIyQBMxWC4nk8VktxqtRpvhbjQbLJBADCaIokWDyWo0miwmw9VospotF7vdBlG0ajUbbQbD1Wwy2-1Ww8FwORqhCVuMVpPJZjmcLReTwXA0HI2GCCZXi4nJsVqsRSvHbC1aWSZr4Wi4XIssk-VqsLItZp7NWvT6mC6m3WiwmniRYADkXiRPi3SiWi0nq5nDsJk4Rq6FabXYOAYLh3ExM848ppnFORFLNCeLdCK77Dsb22IzcZkWhuVutDCtNsvBxDgYLiyLyXK4MC73zdViYnKsFmvRyjFbi1aWyVo4Gi7XIstkuRqsbIuZZ7MWvT6mi2k3Gqwm_sZsOBkuVrvBbt-YDSfDxWo32O07dIbv6nM2Kh-_c0enuYr-znDNYVC4DBbvSnVaaQuSgzZ7FTldmpmyqDP6_X6_3-_3-_1-v0HrOZgNCt93aB2OI9ePM7v4HsQGhSKWCC7SiejytLjuLpPT5zQ9zG6N0elx-Pymy9PiurssYonSdJFO9BLX52l3eT5_jektcVrfmr_ZYfk97Sa33vL0290a58Vl-bw8rsvT9HwLHR6v0-5zayxuyWAyWEwWq7Xi4zNtrT_jbfazGJ0uo-_5M7o-R9Nq7dac_pbnXWh6my1iieB0kU5EL-Ppov4jhxgt56rZXLHazBXD1SoBAAAAAAAAAFiCSaabAAAAADgZyG64Ga7W6SBGw9luuVougIeyFl0_4yEdWIMl_MUae6yDLk-L6-4yOX1O08Ps1hidHofPb7o8La67y8oAHspYmG32GUGs1WpZAwAAEMAGAAAQwE033gSiQ3H_____4wAAAADIoQcAAEC_D-ip0AM3ar2QH0HuJsv9A1Ah1mq1ut1Yq9UC!&cmcv=&pix=undefined&cb=1682815709459&uv=3270&tms=1682815709459&abt=nonrv_vA!ntvc_vA!t45!testmsn_vB!ufm_vE&ft=0&su=6&unm=FEED_MANAGER&aure=false&agl=1&cirid=2432b6d7-d64b-4d7e-84e2-a37441e44a6c&excid=e22lLINE_ITEM_ID_WILL_BE_HERE_ON_SERVINGc&tst=1&docw=0&cs=true&cias=1
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
c7d75d7a1b69a6183878cd8418017d01d2e60f6a1c100758439b2f758b8bf5ee

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
content-encoding
gzip
content-type
text/html;charset=ISO-8859-1
date
Sun, 30 Apr 2023 00:48:29 GMT
server
nginx
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-served-by
cache-yyz4581-YYZ
x-timer
S1682815709.482206,VS0,VE18
sync
us-match.taboola.com/ Frame A4AC 		6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://us-match.taboola.com/sync?dast=V8nR4CLAYgA64ib8xvXBBABlxF3pjfuCgAAABgYID-AImMNpOJbeRbi2yjiVs08q3cwtHKslZ4dqPRYmUaLWwbIyCR0WYysY18a5FtNHGLRr6VWzhaWdYKz240WqxMo4VtYwUfxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOGwQaoul0-Fz3et3vd9cYnR6Hz2-6PC2uu8uu8bv9EtfnaXd5Pn-N6S1xWt-av9lh-T3tJrfe8vTb3RrnxWX5vDyuy9P0fAsdHq_T7nNrLG7JYDJYTBarteLjM22tP-Nt9rMYnS6j7_kzuj5H02rt1pz-luddaHqb7QAAAADgwf___z8EAAAAgAgAAAAAEgAAAAAoBFT4tyBwAQAAAADD____vwYAkw0C0SEHhPbbTZeXw-wPAAAAACAAAAAASAAQ_MSVALB4XT7x_________x9jgD7zRsb_____DYUeAA8-AB6EAAAAXAxhPmQWLOZ4QCJCQFiEEQAAAIBKnMzcI5N0gopFlf___34rAFcAAAIOn0PVi7PoDkq8hQEAABAYs0APi99vdtg1frfL_P________-b-T_zj0aopn44jfAkir2aX0AAgDW_gAAAbNQNAMCbADhBh6AVg8HqDORoMDsAAAAAd_7____1gMzGtthMXKaFYbkbLUyrzXIwMQ6GC8tishwujMvtoQslSMIZTNTrEyIus9_3VlhOT4_Z5RYdXW-L59-gdAjig4ZhORkE8zNhi9FqMtksh7PlYjIYjoaj0f4MxGIyQBMxWC4nk8VktxqtRpvhbjQbLJBADCaIokWDyWo0miwmw9VospotF7vdBlG0ajUbbQbD1Wwy2-1Ww8FwORqhCVuMVpPJZjmcLReTwXA0HI2GCCZXi4nJsVqsRSvHbC1aWSZr4Wi4XIssk-VqsLItZp7NWvT6mC6m3WiwmniRYADkXiRPi3SiWi0nq5nDsJk4Rq6FabXYOAYLh3ExM848ppnFORFLNCeLdCK77Dsb22IzcZkWhuVutDCtNsvBxDgYLiyLyXK4MC73zdViYnKsFmvRyjFbi1aWyVo4Gi7XIstkuRqsbIuZZ7MWvT6mi2k3Gqwm_sZsOBkuVrvBbt-YDSfDxWo32O07dIbv6nM2Kh-_c0enuYr-znDNYVC4DBbvSnVaaQuSgzZ7FTldmpmyqDP6_X6_3-_3-_1-v0HrOZgNCt93aB2OI9ePM7v4HsQGhSKWCC7SiejytLjuLpPT5zQ9zG6N0elx-Pymy9PiurssYonSdJFO9BLX52l3eT5_jektcVrfmr_ZYfk97Sa33vL0290a58Vl-bw8rsvT9HwLHR6v0-5zayxuyWAyWEwWq7Xi4zNtrT_jbfazGJ0uo-_5M7o-R9Nq7dac_pbnXWh6my1iieB0kU5EL-Ppov4jhxgt56rZXLHazBXD1SoBAAAAAAAAAFiCSaabAAAAADgZyG64Ga7W6SBGw9luuVougIeyFl0_4yEdWIMl_MUae6yDLk-L6-4yOX1O08Ps1hidHofPb7o8La67y8oAHspYmG32GUGs1WpZAwAAEMAGAAAQwE033gSiQ3H_____4wAAAADIoQcAAEC_D-ip0AM3ar2QH0HuJsv9A1Ah1mq1ut1Yq9UC!&excid=22&docw=0&cijs=1&nlb=false
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
39cf896ce3187adab7bf1c4c53eca961aa153bbc073c427393a19b8a3d5158be

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-type
text/html;charset=ISO-8859-1
date
Sun, 30 Apr 2023 00:48:29 GMT
machineid
3106
server
nginx
st
us-vid-events.taboola.com/ 		0
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-vid-events.taboola.com/st?cijs=convusmp&ttype=45&cisd=convusmp&cipid=66361655&crid=-1&dast=V8nR4CLAYgA64ib8xvXBBABlxF3pjfuCgAAABgYID-AImMNpOJbeRbi2yjiVs08q3cwtHKslZ4dqPRYmUaLWwbIyCR0WYysY18a5FtNHGLRr6VWzhaWdYKz240WqxMo4VtYwUfxnKZDGqBxGX2-94Ky-npMbvcoqPrbfH8G5QOGwQaoul0-Fz3et3vd9cYnR6Hz2-6PC2uu8uu8bv9EtfnaXd5Pn-N6S1xWt-av9lh-T3tJrfe8vTb3RrnxWX5vDyuy9P0fAsdHq_T7nNrLG7JYDJYTBarteLjM22tP-Nt9rMYnS6j7_kzuj5H02rt1pz-luddaHqb7QAAAADgwf___z8EAAAAgAgAAAAAEgAAAAAoBFT4tyBwAQAAAADD____vwYAkw0C0SEHhPbbTZeXw-wPAAAAACAAAAAASAAQ_MSVALB4XT7x_________x9jgD7zRsb_____DYUeAA8-AB6EAAAAXAxhPmQWLOZ4QCJCQFiEEQAAAIBKnMzcI5N0gopFlf___34rAFcAAAIOn0PVi7PoDkq8hQEAABAYs0APi99vdtg1frfL_P________-b-T_zj0aopn44jfAkir2aX0AAgDW_gAAAbNQNAMCbADhBh6AVg8HqDORoMDsAAAAAd_7____1gMzGtthMXKaFYbkbLUyrzXIwMQ6GC8tishwujMvtoQslSMIZTNTrEyIus9_3VlhOT4_Z5RYdXW-L59-gdAjig4ZhORkE8zNhi9FqMtksh7PlYjIYjoaj0f4MxGIyQBMxWC4nk8VktxqtRpvhbjQbLJBADCaIokWDyWo0miwmw9VospotF7vdBlG0ajUbbQbD1Wwy2-1Ww8FwORqhCVuMVpPJZjmcLReTwXA0HI2GCCZXi4nJsVqsRSvHbC1aWSZr4Wi4XIssk-VqsLItZp7NWvT6mC6m3WiwmniRYADkXiRPi3SiWi0nq5nDsJk4Rq6FabXYOAYLh3ExM848ppnFORFLNCeLdCK77Dsb22IzcZkWhuVutDCtNsvBxDgYLiyLyXK4MC73zdViYnKsFmvRyjFbi1aWyVo4Gi7XIstkuRqsbIuZZ7MWvT6mi2k3Gqwm_sZsOBkuVrvBbt-YDSfDxWo32O07dIbv6nM2Kh-_c0enuYr-znDNYVC4DBbvSnVaaQuSgzZ7FTldmpmyqDP6_X6_3-_3-_1-v0HrOZgNCt93aB2OI9ePM7v4HsQGhSKWCC7SiejytLjuLpPT5zQ9zG6N0elx-Pymy9PiurssYonSdJFO9BLX52l3eT5_jektcVrfmr_ZYfk97Sa33vL0290a58Vl-bw8rsvT9HwLHR6v0-5zayxuyWAyWEwWq7Xi4zNtrT_jbfazGJ0uo-_5M7o-R9Nq7dac_pbnXWh6my1iieB0kU5EL-Ppov4jhxgt56rZXLHazBXD1SoBAAAAAAAAAFiCSaabAAAAADgZyG64Ga7W6SBGw9luuVougIeyFl0_4yEdWIMl_MUae6yDLk-L6-4yOX1O08Ps1hidHofPb7o8La67y8oAHspYmG32GUGs1WpZAwAAEMAGAAAQwE033gSiQ3H_____4wAAAADIoQcAAEC_D-ip0AM3ar2QH0HuJsv9A1Ah1mq1ut1Yq9UC!&cmcv=&pix=31589837&cb=1682815709459&uv=3270&tms=1682815709459&abt=nonrv_vA!ntvc_vA!t45!testmsn_vB!ufm_vE&ft=0&su=6&unm=FEED_MANAGER&debug=pn:!sqg:!torgn:1682815700599.2!ts:1682815709458&mntl=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:29 GMT
content-length
0
server
nginx
jquery-3.5.1.min.js
assets.bounceexchange.com/assets/bounce/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 01:47:34 GMT
content-encoding
gzip
age
82855
x-guploader-uploadid
ADPycdtoRuvDU3nrxBb04VYfTUfHzfpnuVcvKg_5YoMew4q7hdZirpeE1cL0t0jdN3ke0kVLOLaOGj9RtV7wDcTnhda-wu7I_eCr
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30848
last-modified
Wed, 26 Apr 2023 18:31:40 GMT
server
UploadServer
etag
"17663ba4a156c17810bd1f0d721993b1"
vary
Accept-Encoding
x-goog-generation
1682533900239503
x-goog-hash
crc32c=31+ONA==, md5=F2Y7pKFWwXgQvR8NchmTsQ==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
30848
accept-ranges
bytes
content-type
text/javascript; charset=UTF-8
local_storage_frame17.min.html
assets.bounceexchange.com/assets/bounce/ Frame 1ADE 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/assets/bounce/local_storage_frame17.min.html
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
etag Content-Type
age
34
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=3600
content-encoding
gzip
content-length
1073
content-type
text/html; charset=UTF-8
date
Sun, 30 Apr 2023 00:47:55 GMT
etag
"3eb5e4196426ddc1b851935b0652f354"
last-modified
Wed, 26 Apr 2023 18:31:38 GMT
server
UploadServer
vary
Accept-Encoding
x-goog-generation
1682533898168377
x-goog-hash
crc32c=tT3QeQ== md5=PrXkGWQm3cG4UZNbBlLzVA==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
1073
x-guploader-uploadid
ADPycduHdkEPTBQiK5goKltF7r1UIBotxkjUFcPNN4mZR4TqWOjj3DPDuZIzwxl8V0KikDk4S78WlTI9FQflpaZl3PsVbt_iF16j
trk.gif
jadserve.postrelease.com/ 		43 B
339 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://jadserve.postrelease.com/trk.gif?ntv_ui=a867eba1-9ea8-4312-98cd-3609b53d95d9&ntv_fl=_WTWo83Z82K29ylCK0LanKfs_3JHo8VKmwMj2xlxUpCliLQIZX6eTX0fiQ9hC9pfDdrvAL7yRhMsozApoTJAEd6NPDkdCcB7ltr_b_ST4mogI1J2nlg3gl69P33_J-IK0yl4_MZVls20_eWonANu6oeDqKHCAVZgheUYIWe7KZrriB-uKOPkdxDqAPtZKBPRF4Qlv70DqimOmcItZYSiDPKez7Zlk1InGQ8eQcHCiJ-EZQoaHW8XMrjN2jcm6Nkesc2PJ_31OHuTgQ4470IMcoYRuXS9NZ0MMfIKqJ8BlAWAsZp3nCRPnof_fsIExLY5smMvF4Lz7w-syhHL_3RslocjxvASjdnxTETUPAr-k1c=&ntv_ht=1bpNZAA&ntv_at=808&ntv_a=AAAAAAAAAA2u4QA&ntv_sat=5&ord=1682815709693&ntv_it
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.221.210.94 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-221-210-94.compute-1.amazonaws.com
Software
nginx/1.12.2 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:29 GMT
server
nginx/1.12.2
content-type
image/gif
access-control-allow-origin
*
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
expires
Mon, 1 Jan 1990 12:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 1C43 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?hvIKkw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2001 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:29 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
458249.gif
idsync.rlcdn.com/ Frame 6039
Redirect Chain
  • https://idsync.rlcdn.com/712559.gif?partner_uid=583ab674-6fe5-494f-a817-3590f54b5a1e
  • https://pippio.com/api/sync?pid=5324&it=1&iv=42eae8c0364e1ba2252cb74eb667ac0370e7d069f1de5697cd59b324f922ba86791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA0MmVhZThjMDM2NGUxYmEyMjUyY2I3NGViNjY3YWMwMzcwZTdkMDY5ZjFkZTU2OTdjZDU5YjMyNGY5MjJiYTg2NzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA0MmVhZThjMDM2NGUxYmEyMjUyY2I3NGViNjY3YWMwMzcwZTdkMDY5ZjFkZTU2OTdjZDU5YjMyNGY5MjJiYTg2NzkxNDI2YjU0MTdkY2UyMRAAGgwI3fW2ogYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=31b85c5a-f9d3-40bf-a2d8-6efacc430c36
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=31b85c5a-f9d3-40bf-a2d8-6efacc430c36
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=31b85c5a-f9d3-40bf-a2d8-6efacc430c36
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
x-samesite
secure
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111
content-type
text/html; charset=utf-8
bulk
trc.taboola.com/tribunedigital-chicagotribune/log/3/ 		0
387 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://trc.taboola.com/tribunedigital-chicagotribune/log/3/bulk?route=US%3AUS%3AV&lti=deflated&bulkSize=13
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20230427-7-RELEASE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

x-vcl-time-ms
21
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:29 GMT
via
1.1 varnish
x-served-by
cache-yyz4581-YYZ
server
nginx
x-timer
S1682815710.810014,VS0,VE21
x-cache
MISS
p3p
policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin
https://www.chicagotribune.com
content-type
image/gif
cache-control
no-cache
access-control-allow-credentials
true
accept-ranges
bytes
x-cache-hits
0
beacons
p.flipp.com/ Frame 6039 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://p.flipp.com/beacons
Requested by
Host: cdn-gateflipp.flippback.com
URL: https://cdn-gateflipp.flippback.com/tag/js/flipptag.js?site_id=1190282
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.37.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-37-75.ewr52.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Sun, 30 Apr 2023 00:48:29 GMT
via
1.1 af7150da467dea586a5e6a0532adec9c.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C4
vary
Origin
x-cache
Miss from cloudfront
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
x-amz-cf-id
Nhnhv6pRtVO4UAkQD7I56cg7i653kf3MLzZbuBKKUSHQ-lN9jN-oNg==
c
ids.cdnwidget.com/ 		463 B
809 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ids.cdnwidget.com/c?cookieID=&deviceID=&iv=&v=&GCH1=&SCH1=&GCS1=186028118&GCS2=NDdlNmRmNmUtZDhmNy00ZGJhLWI3MWMtNDFhNzM5NTU1NTQ5LmxvY2Fs&pe=false&wsid=2051&varID=&varData=undefined&log=%7B%22config%22%3A%7B%22gmEN%22%3Atrue%2C%22pixEN%22%3Atrue%7D%2C%22apikey%22%3A%222%5EHIykD%22%2C%22cjsversion%22%3A%221.5.9%22%2C%22wsid%22%3A2051%2C%22loadID%22%3A%22xnWBc7gIDjJ1Eqx%22%2C%22timing%22%3A%7B%22sessionStorageLoad%22%3A8%2C%22IDStageStart%22%3A9%2C%22obsReqpage%22%3A182%2C%22obsReqview%22%3A195%2C%22obsReqdata%22%3A196%2C%22netComplete%22%3A483%2C%22IDStagePrefire%22%3A483%7D%2C%22matches%22%3A%7B%22cookie%22%3Afalse%2C%22LS%22%3Afalse%7D%2C%22info%22%3A%7B%22isSpoofed%22%3Afalse%2C%22PM%22%3Afalse%2C%22DNT%22%3Afalse%2C%22deviceTimezone%22%3A0%2C%22extensionID%22%3Anull%2C%22externalID%22%3Anull%2C%22agent%22%3A%7B%22device%22%3Anull%7D%2C%22firstLoad%22%3Atrue%7D%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/cjs_min_d3355f68087fd22ff9c44c4cf827ba03.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.191.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
194.191.107.34.bc.googleusercontent.com
Software
/
Resource Hash
8faf4f6960ac501d02e1651ead1a8ff932fed771827b89c641d98c0815c0f77e

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:29 GMT
content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type
application/json
OneSignalSDKStyles.css
onesignal.com/sdks/ 		82 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:29 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
1369
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
7bfbc78b2b274bb9-YUL
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 30 May 2023 00:48:29 GMT
lookup
pd.cdnwidget.com/ 		49 B
178 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pd.cdnwidget.com/lookup?deviceID=2P7ks0ERZC4tMARB0iytZqK8Eps&bxwid=2051&bxdid=4762296757293307742&visitID=1682815709838249
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/smart-tag/versioned/main-v2_4ee6f298671782ef8e51f5ad1efd9a7c.br.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
/
Resource Hash
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49
content-type
application/json
f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 		254 B
734 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 varnish
x-amz-request-id
C4YX393BV63BMCS9
age
5164
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
254
x-amz-id-2
hJZ9rVKYX0/8YTS367+n1JLWaWxjxwlUGV9luK6w6nrhJtmZXbtiGq/h5BjCJKdhOOZFYFppGpg=
x-served-by
cache-yyz4581-YYZ
last-modified
Wed, 24 Jun 2015 07:14:11 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer
S1682815710.145738,VS0,VE0
etag
"dfa7b52c86e56bd67fa4002f6ed19854"
content-type
image/png
abp
43
access-control-allow-origin
*
cache-control
private,max-age=31536000
accept-ranges
bytes
x-cache-hits
608
init1.js
api.bounceexchange.com/bounce/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/init1.js?wklzs=2984&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYAOAJmPwFYB2fABn2rs2AC8QpmB3AUwCMcqYDwD6qACZRSdSvkwAnHjhAAbOGgwFCdOgA9805opg95i+VGwBDFStQIA5iLjyVUABbBgABxwBSAGYAQT9SADFQsK5ogDokd1QkKwcQYHlUPkQeOJAAW0jMwQQlf3CUAFo+VFZy5RUreS57cXKQdIxypABPPlMcHiQXIS7y9yskAGt7B06+culpAypygEckBwAWCdYHXUIANwc+BJ53Li6Hdzgcdw3KXNrQeS6Yz1yVTH3UQWARJBAQFMeFA-NQAEKhUgqbyQwIhUikTw+UqUYKhSjhdHhaJcOIJJIpNIZLI5fKkDFhQr2EpYsIVKo1OoNJoIFptdAITo9PoDIbAEZjSbTWbzOiLUjLNabba7A5HE5nC5XG53B44J4vN4qWGkADCkPksLRCNh1AAItgAUCQeDIeIJEb4aQNtRCAiAJyEag0UjugIBOjUagbUg6-UIr7iR1EMgUGh0d3EAJkDbu0Lh0j7R2giEIhBwXK9eQiEAwEQNNBIFRKESKKxRk3BfDpyEqEAOBw8cRiBAiGCKHiOmA2fothFtjtdnsibxWB2NoLDlSjvWQjK6ETCdVDkeD1cInj7UwiCed7v2Gdzhuh4JLlcZw-H09T+w75d7h9Jbwifo8XtfH433vSEBisb8cDgPhciEYRu0feQHAHBAgI-ECvx-SDoK8Kd4MQng-0vLouBsbUFzvVCD3QiCoJgnCEGEeRgDnBBcj-YAULHUhQPAzDaO7YouFKG9F13TjuIwmjsO7dweBsYB3A4-cuKo3ipPLFw2isRTPzAiSsNgkRcjaBBphwbxXzI0SlPE6j9KneTZIY7S0N02y+L7dJxCsLoeF0IRnMo1zVIM9h5GQyz3zElTJIMhAwNML5bD3YTyKioKYqnbwQHVIlMmKALlPSuzu3qCYBhARB+QKmzgqnKwcAmKxci6arouKkRHPEdIEAmcQQFaor3K+ejkh4XKsgGniMrglQHAslKrJ0qb2uUdRPBALhwoWyLrLa9y+CtIS4VS3bBrU+0TMcSa9P265qRwI7b0WlzlvckBzJMjBrrctSHL60zvtq7szLaYBHpEnaM3qdVLwkE92wvLzhAKicL1nOGAxELyunBk6MyRsbUFYkQ7ix7zceehEK0SasRC+HhBJJygyZxgrZy6Vj6P+BAYFQeRWOvY7KaherfiJ7xFAejkUdFunUAZqd4gGCYKvYiLgIRQQHGKc9e2uPpDLG48WT6rgCvprhCOI2w+z5rsOPNTjxAcMI+fVAAZEB60dNI4AoxEGnEABJM1swRUgAAVqAmHA6HdrpdAAFQANSCAB5OAVAgRPiDgIIHAATQCAAleoAFUw0hZQYGAEOw4RKOY7oABRYuAC1dQ2YAAFkgmLsE6FQLpgDblYAGliGb3xK4RZ3s1tBFvgjxQvgqnBdWuUBWMNdX-e+ABlSCcCQdIiwd0PzU+BocAAbVR3sjK8lQAF1YF3K-5FvyMeBAGdJbY1+5EP63yrPLei5ZgbuA2ggQB799jXxvuza2Kg-5KAAW-d8wCb4gwQMoT+CRvxK0mLAzB8DP432plWUQs5Oyv19jwLB+ZCzHlLOWRiNMax1nEK-OQZDb5GXou4FQXQ2GVmrDgWssluGcCwZQ2mcVWKvywc+XWHl8IkP6Mo9sZ5pzo2kUAvhiDvKc1+NzXm-MuwaIYYY6ix90jeA0L2fk3geBWKweuTcShgBuJsVYS2dhLjAAOhuACQgfEIPgvDScqi9HhPIZElRPY4kgLsGxCBWM4Y3A2skm+IAjyuG8hhbwEsSgcjofIP2WCki9iyZbPJph6hdByfWE8qBAklhgRgzRhibL4X-N8MJXTrERL2mpXCSEck1Wmh1fJeECJIJIpM0ZBk2KmCYvYExSyzqxQZjgLZr01IyTku4fZN01JWA0vIKwpyfoGSMmFUyH0blA03Echizzpn9gkN5XygyDEjO2VOUKnT-nxOWVOOKLj5CJWrB89qWUcqnyyHC9ypVyqVSaUMrBUz2r1Uas1FFYyrDAC6vYXqIBCUGWGkxTs41iiUpwrNewDLgaq3WptFlIgDqAj2Vinp4LuwXWmJyqkxQHqcvevYMpfKAUHIMn9EAplOUg0Yry0Ft8xjyHEMg1B-R6I5PEDAb88gvbiD4G2YhUASIbSwWkDASAOpfmaewqhm4hCwqgAAdXqliOgzVfVcDaBMbw9QkB7gxHQBIasI18BauSaQ+9VANE9c0FE0hBQTHRAECI8a6BBFZL6mAFUd4RvueG6Q3Qiz9EGOkKquaVh+3VByNNdArC4N4IocQMRsX2ieKgGwIguAJDMseEpervEyvIaAUWo7-76snbfJhRYfxZVVaIjhEiuE5IWbYUgur0HMEMXwcYExeY23EDwENIAOboPccgdsJlQBcotRMfd871U316QReS3xB34QmDk-JlYB0OBIqYERNDXELrvrLPRUTEbEqgx+++sNuyY2xmquBCC5GiH+JVV+h6EHV1+DulBY70EfoJmgYmpMMPOrEaIC2EjaPk0A-LXg3YiEq3UJeGGvAeAAegzhiRFspysQYoO5o2SZH8t0tO9Us60Hvqw2CuTXsFPFnVG2ryWrBCsGoXOidH72YmLMXzAWOS7GqDIw0ZIVzvDuBEMQSzJ9rOXiuYhMCjn8AbByUWixmmj4nwyKYHJ0Mxa5DHYIDAYXZaic4zJSYqsclICQCVb4RmVO30UHNHVPAAkZFpvreQlm2k62nMViR4njZSa4Nu0azikNZZvhbK2JFbadp8RemAn6qJ9Llj8LrPAesobg+h1jfLustfY21m25jLFYv+ICeWm4AQngaJ2LFfBvAyLGjtm+z9MAOLwJaSLdg21hr7PUBwlh9hjEsJq88khI7R1jvHJOqcM5ZxznnQuJdy6YGI2IZ7jdY6tw7l3Xu-dB7D1HhPKeOAgA
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
1567d751940df7235a85602c216a8553bb5f43e651ee45fb24392133d9178e16

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
content-encoding
gzip
via
1.1 google
last-modified
Sun, 30 Apr 2023 00:48:30 GMT
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
80
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202304270101&jk=3220473730311646&bg=!5uWl5bHNAAb9Sbh13Uk7ADkAdvg8WhvaXBC0QINjE1c44nLh9cSt7Ybs1yyCQLjFfTcgpNr4OcBszkf-SFOtIXku9PYacCZgM9sCAAACnVIAAAACaAEHmQLjSAHMOHbzI9YgYLMC6RDabkWOIFWx8zUcUlfgYNTv2EvCPELmsUDM3NI623cA64EBYWV2sCKt4NKqUuwukrUQfBVP5bi3KHueRFfPdw5YPDrreBGq7AdUrJtBh_wNIyz9w5s3f4Nrpns9M_rm1KnnA5OGSviix3uIoQQ_I3Vkw8KbXoiNleyqWl6I-9DRLXE0QGTbannSfCpIvsdZ_1vPJT_aXEK8VSnt4LJzFTqnKxmDzCqTlUpHOWwFnDkBqWIUGVj4RdUHrIdX1r1eS-mYrZ32-G6RGZBCFlY17uA__4--Px_db-VLWERjoxOi1KTrLibjEbIXfHE5ZZ1aCANC1OibtjDXFPf4a4rLG4vGOwkAuU8ZSzwcZAe-DUgwlGWctYvLjn6Kf4QEXmyqxnAlG1aJMi0x-5PcRxjcrXS5xlmu1USHZILi1pu7ecZWjcOf5GEsUt-cJLPuQmqMDi1tgQJrzh7jyw4cqq8qOYkIqoP9Mqc-9nvVnupLNwYOu_0jtPbokLnbIX-EQ10YXPhK9zldrYi_6Ow_2jnFcUIWd4nDuPZ2fHgsqp84nI3j1yOVEvUHnjOgvkJFr36NvVyJ31jfM391x3GvadaI8c-lRs9lOEihEpTu1vXCsVV1C6B-_f5WgKtTGvF7JXeA9BAh7BW-8aR3BJent_Vrm1e3FyvyDXVsSetZjJOQtAI1K_tzmhbb9DO9v_1Dt3m06iE2IFiaNFGgaiKGl6UZUiofjLQyhwk0EmQz2CDbS3KAoNTs3qL_1gnvWzcE4ZH6EBs0gNFsgbcbrdvIRoBeRFvyLo3DcyaneLRUAa3FuL-wbstiFQbArJbkug5vduxmF1z9eW3QRd_uGswTfGxgfObcfQLpMkTz9NZnb5Awvi_RplzCINOsBqML9zKi_2SLiuIjUHBfKVx5dxXCDnFpLug1KRMaCKqmp4WgWh2P7U0AigIaq0C54KWDgUY7F6Qp8xlDhUC19g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:821::2002 New York, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame DF9C 		16 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156512
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.126.113.6 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-126-113-6.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=78304
content-encoding
gzip
content-length
5554
content-type
text/html
date
Sun, 30 Apr 2023 00:48:30 GMT
expires
Sun, 30 Apr 2023 22:33:34 GMT
last-modified
Fri, 16 Dec 2022 06:36:49 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
x-akamai-pragma-client-ip
104.126.116.23, 4.7.166.99
x-check-cacheable
YES
x-serial
1
contextual
contextual-analytics.wunderkind.co/api/ 		170 B
232 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://contextual-analytics.wunderkind.co/api/contextual?url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&website_id=2051
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
9d897bf2ce8b34a8a5c8757df2409c8a7decee530ef0ceedb6b245e45983e8c3

Request headers

Accept
*/*
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
content-type
application/json
2P7ks0ERZC4tMARB0iytZqK8Eps
dfp.bouncex.net/pub/segment/ 		2 B
204 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dfp.bouncex.net/pub/segment/2P7ks0ERZC4tMARB0iytZqK8Eps
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Accept
*/*
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
application/json
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
/
www.chicagotribune.com/arcio/rss/category/news/
Redirect Chain
  • https://www.chicagotribune.com/news/trending/rss2.0.xml
  • https://www.chicagotribune.com/arcio/rss/category/news/?query=display_date:[now-2d+TO+now]&sort=display_date:desc
31 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.chicagotribune.com/arcio/rss/category/news/?query=display_date:[now-2d+TO+now]&sort=display_date:desc
Protocol
H2
Server
2600:1400:9000::687e:7491 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
openresty /
Resource Hash
6d54b63f7236589f8fde2c6b493bd11f1140fec29dd0cdef842a57ea807c641d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

akamai-true-ttl
120, 120
date
Sun, 30 Apr 2023 00:48:30 GMT
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
last-modified
Sun, 30 Apr 2023 00:48:23 GMT
server
openresty
vary
Accept-Encoding
x-arc-request-id
0.8d747e68.1682815710.111557e8
content-type
text/xml; charset=utf-8
cache-control
private, max-age=120
server-timing
cdn-cache; desc=MISS, edge; dur=1, origin; dur=19, ak_p; desc="467448_1753117837_286611432_968_11575_17_0";dur=1
content-length
7725
expires
Sun, 30 Apr 2023 00:50:30 GMT

Redirect headers

akamai-true-ttl
-1, -1
date
Sun, 30 Apr 2023 00:48:30 GMT
content-security-policy
upgrade-insecure-requests
server
openresty
x-frame-options
sameorigin
x-arc-request-id
0.8d747e68.1682815710.111557ac
content-type
text/html
location
/arcio/rss/category/news/?query=display_date:[now-2d+TO+now]&sort=display_date:desc
cache-control
private, max-age=60
server-timing
cdn-cache; desc=REVALIDATE, edge; dur=1, origin; dur=25, ak_p; desc="467448_1753117837_286611372_576_11931_17_0";dur=1
content-length
166
expires
Sun, 30 Apr 2023 00:49:30 GMT
debug
events.bouncex.net/track.gif/ 		42 B
174 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/debug?wklz=MYQwtgDiCWDmB20AmBeAZEgpgIwK6wC5gB7LFWTYgWjGgGcwQAXYACwx3wIBtjQnoxeOix5CYTHTogKKAKQB2AEJyATKsYAPWvCQA6ErnhMATgE8A+iSxrVcgMwBBWwGFn6tS9tad+kseh4TGMrUkxbB3dVADkoz1tYYmJYbkwDYiNTS2twjydbAFUAZQjVL3VE5NT0gKCQnIj89ViIhQARDjECXBNuFFYmJgg6SLUAMXGAd2mDVmhQRNNoPCD0sHG8OkDJEdUx4CYqbGgALyo6Ym4QE0nApCpiE0F4KmAzbEwTOkxgHugmMxUVggYAAa0CsFe2CoqgADHCAIyqBEAVioAEdgLAACygk6wTQANgAbrBsHNMKxJmZYKxcHRWNiUWBzkxHmY9AMwNxOlxfnQ2WALMTrtAQNhUugwGEUEYsAAzbZINCTHBbJiYZAoOEohFoYn0f5ahGEgAcqlNqIUsIAnKb7ObsTaOAbgJrUNiFIT1DbCQoUQpVDb7PZYQoFNjVGgoBQDZhbqg9d90bhgm6tbC0MBuNBgoNoBIBeAICgTebLQGEbCHdiszm8yAINBiZ8tkIUEwZPYXfNMLLdJhFUFlRcem6UKrsGgZHnZd8TGgLvKmBYtaoAAoKUF0WEAUQASgAtFzYpgAWUc+6UsOgZiYh-RAGlTbvhmhgSYkKvUButzuADJmJoAAqABqjgAPK4NwACKwGmrgjiwAAmvY+5XAUQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
visit
events.bouncex.net/track.gif/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/visit?wklz=G4SwziAuBcCuYFMBOBDA5ggdpAvAWQHsAvEAG1JQFIAmAMQFYA6ABhuYAoB1ETAEwIDuYNgDkAKmwCMzFpQDMAITbdMANgAs8pdWYAPDQEo2AQQAOp0gk4IARgGkoNBnIDsjOarbs7ACTF4AGRoAYTZSEABrBDYAcQQAYwiCIx1ggAskAgBbaLpJSWoWRnpVSSYCyTYAZRQAMxQkECd6V3dVADJQCBgkBFrkXqQcTvAoaAo+HjRTdARYJFIcNMhIU2FqFuMaejptugEDxni0kHj0AkhGm1hMBCPsvdpriFuwdZ3aeMgAWhsQIm+YAIFCQAh4vG+BEaBEw33iAE8bMhEPF5lB4d80ihElM4TZvjodBV6N8AI7xNDqCJEND6YBoGwnBBpATwtBpeBpdT0LKAyBQ+GMZZZUgjbrQXpA0iwSAgGG6HCSVTMZhisaS4EyuWYeGKnSqrpjVFgflZYANEAoGyWMA4SgubTUUgENA8AD6WQIvBQpBo1HkW2o1HqpEQfpCftAvAQBDdpklWEg4bkgeDPrDQYjQfi4UTbpQvDdYDSgkwydTIYz-uooSDM3hAh9pDjCew5b9ldy1dr1DAphhQKQxZApjdxwSEXbQc74ZrfoaspzCDjsyn1EusC7WeomFgWSRSDdBFq+aQi5tbt6BbXlUzc6DnuwaVI8NP54QYEvCGvmZTftYd49gupyWG6mAoDka6zj2zpoBghburUvRbn+07plu95Oi68Fuu6MwgLwa4zoBfr1jk2BjjCtQgEgOSEb+FbodBfpgLANhgPEjSmLKMJupA8KmChjGhhhPYgDYuh8R+SYMR2TEkUGYAoAIbrhOykA2AQkmGjJ-qoWmInMUGCDAMgqnYQgCGYCuBFEfJ3Z+iZZmwThPB2YZCnUDmIB5gWbq8ARRYlgI7lVtuBCmQsKCvqx5iShAMJrhuol+mc1nFoIR6RRQ8KhSlQZ+WpyxHmWsloR5DnGWco6IFgbo6XlRnUAkKA1WxWRQJAlluk5SBoMhpV6cJYWYS1bU2B1Kzdb1-UIHV9aNuQjWeWNRbtZ103YMgkAoDw5G6QGckVduq2sRNG2FrcQjLZVzXVWt51TYWaTfqQkBpDdJ33Wdk1dYWKDzFCVBlQZI09qd61PR6UKYFMfZuSDxG3RDj1-XxL0oF1SCfaN32Q2jSEEdFCC6I4iP2V9rUPb93VEDDOPg3jqPdeBglIKA5BCUdYOOUzNOFv2JqXOJNxc+VPNVVTP0XapKBRPEBA3PxDO81L+PdSgYARBBuXk8duNq8zhbfpAvCNJgET8Crkvjfz9U8DtGDC9ctzW3dht2wgpCuoNh3i-l7u2zLQIysspZuyjduaQQETrEN3MB5HMsBbDmBoBHfMy88PAfnHfug4nmdQwQpg8NqGcezL72WQQcMV0HUN9lCkB5-pSPbliSC8Itzbxh+iZu7wtSjpkBbWgQiRrk2ghNZcMLxD11Vu8BS58VAlhrpwmt7MwWS6zszACFCEQWNiuQHycMkHzY+86FUwINCovDvDoWKTxsci0Dvxh8DvtSK9jDYOhPS9B3giA8KI0TKyAcwUkm4TTahfswFAmAwACGQJZRgTVLJQChJaZsAgTh9jMn3RAbY9YS3XAQTWWMWz93IfHf2TVdz7jMk3M8n4V4XivPRRhBcmoLSbNQOhZCDr6QArdGw2IIjUXIP5BAFgCDwn2lBTyPAFZoFhvyN049EgiIHhQwuUs5rWXeuAN06CECTkMU1SKi4fRujQE2ZAr4ZgYDdhQE0NlCywXdN6LqHiXR4V2oWOQzB-LRVbsNAOXDlwKyVmuCR24gS1EgCuBsTZ9EMPzu3TC-iECyhyG6bkET4RRITk1WJ9sEBCGKfQUp5SmGeVADU7q45EiKzSTMLxljrF8NyUBM8IEPzVPQYWHItCwR8BniDJJBtRz8hoSQ1sYjonYPuosk0bCdp8AaM-f4y5SEGP6RTTCZFEwK0wNRWilk3YcUyHImYqB+qtTSG6AAHHcziwJe4NHQKgUwbzJCaBsZ5f+NzDxnXueJZAHiaG4SyKQhKvs26nJgvClpYyxwvQ6TKN28R4g+PAKsipnleiuh7j1NS4lQLwFhaC26EBNHdXdHSocHoClmSmfwEKDLtxuIKQJMW-Dmk+RUoIuR1zbl8pcAAETVDABWMcfJ2gdH6AKvD87qBcKoIMABOVQLh6AuGoHquQYSXAuHUNWW6UZyxKnedQd5ZQXDSA8JIA1nzMLAHbGquV25eBoFoDRE0ARqGapTMlDueyACSsq1zUAAAouFjswAI8JdBiAAGrGAAPKwFIAARTEO82Axg0AAE05AACUKAAFUmopMgHGhNybU0AFFq0AC1gjqEgHgYw1aFDMBAPCSAXbSR2Hee2tYTVA2+sdOARNvRQCKzAMEeApp6VDWImJMAVQ2LQoPOWGc-rMK1GAKsh1TqXXSG3CgAg5YAIwVMGuZYqx3ioQ+I8A4AgjgnDOGgC4VxRb3CyI8bOrwX6fB+H8AEUoGjcshNCWE4DkQJCgRiN+ERcTxHxISZgxIyQUipDSOkDImQsjZByYs3JeQmgFEKSAIpKlROfZGUwPqGK3h7BG1MmrMKAL4U1eIl77WqEdc641d7MIQD498Hjfo0CcXLO8lw25wMMXY0GUgYnuMSZvdJ1gcr2hstmNgaANhMhCGQDgdImQcimcQM8xM0BIrIsVAUIoJQyiMAqE55A5mYCn0gOCrIOAn6CHWIR1UZmMAWejKAeIgrBI4GjFrfkph2jGi3UgaAWIOIwjsZZHAqoMAEGgPE7ASB4QK2jHZ4w7RyuVcVtV2rXoEByAayIJrMYWtKxq+BHIdmUEFhQL1ir5LtQ4ELcECbEoECuhhENhAM3NxIniPN+I6J8AwkuK9ebgsdqkDq6tnwcgYhbb2znbAp2cAiEa56erqp0HsSgAgAiOAdD0EkAqz716pOuuYO6z17REunA+7wHA2rdWmsNca015rmCWute0AVmL-vtEQHArAyXPuqm8omQp0kIKmEVAZwHbq9XUGy7mbArUQDuem47OQYOTIQ7S1jgByWcCvfaEFnAbKuepNwlDpNKawDME7T2vtA6h0jrHROqdM6wDtE7ghMXbbJfpszTm-NRaS1lsrTW+tQA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
5
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
pageview
events.bouncex.net/track.gif/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/pageview?wklz=A4Qw5gpgbglhDuAuArgJwDYF4AWAXXwAzgKQDMAgsQEwBi1N8jAdAMbYwvgD2uqMARsgB2EVlwC29QYRgjCJWi1wBafjABeywl3QhU8WQBNlXPlyHKWAT34RUhCCzQxcV5dhAsA1rLCX+ylQADMEAjFShAKzKAI4sYAAsXupgAB4AbFBg-OwQ2PBWYNjIhNgJkeJauKZWTHji6ABkoJCwCIhOhNXiUHowIPzoEISYxADsAELUVOhcYLIA+uJchiDo02SUVFQAZmsOG1QAwtOwhhBcC8CowxBCuBsU03voB9vUJ9ss6HD3CyCGBalLjwISPLa7fYQQ6fKigKzwNboK43Bz3cHPKEw6aEYDmbT2djABZsRxeDHbF5vKgfaZ6XAcIZXcDQ95Pba8ZCsmnHaZCZDiWyoBZcHb-VAM77DBY3AEUiLY7bLe7YdBWcWSoaEGUQOVsiFBRVUemMiALIQgcTczaHHmw2ZgSCAxY7G7W9mQ17W3nbB1OhaLUAwQzyqne2Hwq1-FjmHYwVBWkP6zFeo2EZD8QgsPjABnmBauYDuiFho0CVIF4YPZOUrHvH1UQggeALH5FXD8LgV2Ayas0j2l+uw6B2Vtzf2BkDB0N1u3TEfCv0QZ1gmue6m0r4-O64f6AwzBoHYEEz1ND6ZcKB2XTq9PAa7DGTmeWc8PTThCI8gkVXjAgKynhuDYAq2MDtiKq79iWs6blQjggMSDh3AsPYuIBb7bPBiEZuILi4MuCwLmAbqQTatZnnOmGcNh-C4fgBFESRzIIki6FGlhQI4XhDH3HYuBTkIUZ9mR64YXB1GcbR3GAiI8AKFBKZAcOEnplJ9GAtguroLg2BseeVEIZJdH4YCIBoKYIB6ZR4mGapxkEcsqBCL4uKyFZsEcXZ0kFppID4ag7kNp5XHqQsrrBv+ECpGha6DtZwVqSZCzqKYpEDjBQUqSFSUWkWqCwOgQyBcptnZQReJdLwAjCMWiliQl9mAroXiOFwwiuMV85ZYlBEgIQXiWgBsUZSVNGNYRfmGHwQheIYXCdQZY3ebA9wslVggiAtNlLaFEDoPMaXQRRHndeN2jIDp1SgltDXeZ2XBePJIlxSdpU9fusi+Ddp13SUsiPt9b3jVwwCfc+w3HZlQPeTpy5cC5gM7UluKmLgT3pZDsIeKghiIoVKK3OiENKdMhg7MSqBcACgxcN48pIie+lULw5gsIR1FbSaUoFi4RVrgA6n11CRME4hDSLQTwKYXjALoLCshL7DVhL-Di8EADKOh6PzRgKIrnjklQkSkHQRvBOQQhJhLOxtQFZtBI5CvBNYQoOE4fAdfbMRcl0MD4sLwQgEIhDwHYy5MOxB7VHwawLPA7C4qOD5osJGMkxyVNdEnqI7lt-KCqOKMStqXNajqeoKeR6dwv+ePoFQBMp-KhpM-wBtxvj5yy1wVhCfKZZCDGYDOdUCw094je58T9UqRAyE6TA2qhxAhuV6JRq-pKsdgEidjqi0tVV2JuhdMyh4Oosqz4VtF+fkGgKkEECyrFY6NHdXpdmjG7XN2moq7vCOuk8iZrxeg2K+EAGRWgWOUZ+-4351SNJ-FCcA5IwMiHA1+W02ih0BKSbwbUAF9V3MvVez0Rp0glKabUOCHKQNHAYS2jM14t3ihJaoxDs6E1Tu-GehkOFZ2FF0IOqwcYyHUGaZOU9QEUO2JGHcMYhBxgTMuLaWZKb41AKgcA2jgDYAWAADjUdmHQyItE6IQvo0ICQto2xUUIjM6iBB2BvsQgM4hk5PkOogpmJ9dy0LwZpAhF0tosBYE1RePCfHWRuPMIBe0wICCZCUFx080xgRECuBYKT7BLHocKRhc14BbQPoWQ+68mY4OYkA5Rqi0nvDGAAEWaCyHBHQuAPTgOIiAmBQjpDGGMFprRUEdCDuYDgawcD4CIGRU2DBmBsAmWAHgfANqiBjJIWg0h-ryHoEoVQGgtBa30EYEwZgLAuzsG7Zwrh3AG18P4QIIQgjhCiLEeISQUgZCyDkOA+RCjFFKOUSoXQah1FwA0RoGzgAdA8ZgIIUKJAwtwCwHYvTEUeJQLidFyxzjwsaKHTMLgIDBkwMESIoRGioQZIYXp6QDFUAMVEMYoQgikHSKEAAnPSxo5xYDy1JQkMY6RtjcrGJEMYVBOWkEfgMhIVAhnQFQaSylDhvZ3AFbSyl3xfj4BgFaYRcK+kMqZRK1lCQggIp1TuBCMBfxeMwPxMApBeVKvlpgQwjRzqoHdYSxoLJ7iYByV6-+AZaVUAAApjEekEAAogAJQAFpHASLgAAsuQeNEwggwCsLgRNMQADSBjY1EEaNjZ04ao0xoADJWFSAAFQAGrkAAPLIHQAARQbQY5A5AwAAE1SDxt0AAVSAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
3
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
sync
ssp.behave.com/
Redirect Chain
  • https://ssp.behave.com/push_sync
  • https://ssp.behave.com/ul_cb/push_sync
  • https://x.bidswitch.net/sync?ssp=bouncex
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=bouncex&ssp_user_id=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-fU5q8cVE2pnuWk7T1QspXLTPuG63iCRbR67iIA--~A&expires=5&ssp=bouncex
  • https://ssp.behave.com/sync?tp_id=2&tp_uid=a1dcee34-06ed-41fc-ab2a-7213bef84e56
43 B
372 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssp.behave.com/sync?tp_id=2&tp_uid=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Protocol
HTTP/1.1
Server
35.207.10.239 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.10.207.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Date
Sun, 30 Apr 2023 00:48:30 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
//ssp.behave.com/sync?tp_id=2&tp_uid=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Date
Sun, 30 Apr 2023 00:48:30 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
rtb-h
sync.taboola.com/sg/supershiprtb-display-network/1/ Frame 7439
Redirect Chain
  • https://tg.socdm.com/aux/idsync?proto=taboola
  • https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZE2638Co8XkAAML5hg4AAAAA
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZE2638Co8XkAAML5hg4AAAAA
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:31 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
27612

Redirect headers

X-SO-Cluster-ID
0
Date
Sun, 30 Apr 2023 00:48:31 GMT
X-SO-LB-Data
{"ban":false,"clean_query":"\/aux\/idsync?proto=taboola","cluster_id":0,"gdpr":false,"ipv4":"149.56.153.185","key":"ZE2638Co8XkAAML5hg4AAAAA","privacy_sensitive":false,"uid":"","upstream_id":"m-ad366"}
X-SO-Key
ZE2638Co8XkAAML5hg4AAAAA
Server
nginx
X-SO-Upstream-ID
m-ad366
P3P
CP="See also http://www.scaleout.jp/privacy/"
Location
https://sync.taboola.com/sg/supershiprtb-display-network/1/rtb-h?taboola_hm=ZE2638Co8XkAAML5hg4AAAAA
Cache-Control
private
X-SO-HostName
m-ad366.dc4p.scaleout.jp
Connection
keep-alive
X-SO-Ads-Time
2
Content-Length
0
X-SO-LB-Hostname
m-tgng21.dc4p.scaleout.jp
X-SO-IP
149.56.153.185
/
sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__
  • https://ih.adscale.de/su?gdpr=0&gdpr_consent=&tpid=22688&cburl=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fstroerrtbeur-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D__STROEER_USER_ID__&nut&uu=d869b54ccab04b5baa...
  • https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=d869b54ccab04b5baa58b7f506359e97
0
221 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=d869b54ccab04b5baa58b7f506359e97
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
28447

Redirect headers

location
https://sync.taboola.com/sg/stroerrtbeur-network/1/rtb-h/?taboola_hm=d869b54ccab04b5baa58b7f506359e97
date
Sun, 30 Apr 2023 00:48:30 GMT
content-length
0
sync
ssbsync.smartadserver.com/api/ Frame 7439 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=4
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.182 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers
/
sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=16698
  • https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LH2P0QKU-2-6DRE
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LH2P0QKU-2-6DRE
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22580

Redirect headers

Pragma
no-cache
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
text/html
Location
https://sync.taboola.com/sg/rubiconvideo-network/1/rtb-h/?taboola_hm=LH2P0QKU-2-6DRE
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
d67ad46d58ddbab9fb03c088eabaaff8
Expires
0
/
sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/taboola/951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b?gdpr=0&gdpr_consent=&us_privacy=1---
  • https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-qSY5rJJE2oRmm1LI09Aif.jacYofeHmrSFUD5g--~A
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-qSY5rJJE2oRmm1LI09Aif.jacYofeHmrSFUD5g--~A
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22580

Redirect headers

date
Sun, 30 Apr 2023 00:48:30 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://sync.taboola.com/sg/yahoodsprtb-network/1/rtb-h/?taboola_hm=y-qSY5rJJE2oRmm1LI09Aif.jacYofeHmrSFUD5g--~A
content-length
0
/
sync.taboola.com/sg/baidurtb-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://trace.mediago.io/ju/cs/taboola
  • https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=cdcffae259db33cb412d304d23e28422
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=cdcffae259db33cb412d304d23e28422
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22240

Redirect headers

location
https://sync.taboola.com/sg/baidurtb-network/1/rtb-h/?taboola_hm=cdcffae259db33cb412d304d23e28422
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8
content-type
text/plain; charset=utf-8
/
trc.taboola.com/sg/google-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_cm&google_sc
  • https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOOWumc1X52Forba5JeBCo0&google_cver=1
0
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOOWumc1X52Forba5JeBCo0&google_cver=1
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-vcl-time-ms
16
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 varnish
x-cache-hits
0
server
nginx
x-timer
S1682815711.562874,VS0,VE16
x-cache
MISS
accept-ranges
bytes
content-length
0
x-served-by
cache-yyz4581-YYZ

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://trc.taboola.com/sg/google-network/1/rtb-h/?taboola_hm=CAESEOOWumc1X52Forba5JeBCo0&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
304
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Pug
simage2.pubmatic.com/AdServer/ Frame 7439 		42 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjcmdGw9MTI5NjAw&piggybackCookie=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b:$UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif; charset=utf-8
date
Sun, 30 Apr 2023 00:48:30 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
pixel
cm.g.doubleclick.net/ Frame 7439
Redirect Chain
  • https://sync.taboola.com/sg/google-network/1/rtb?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dtaboola_dbm%26google_sc%26gdpr%3D0%26gdpr_consent%3D&orig=trc
  • https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
Protocol
H3
Server
142.250.80.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s33-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=taboola_dbm&google_sc&gdpr=0&gdpr_consent=&google_hm=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22580
/
trc.taboola.com/sg/thetradedesk-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=054f32o&ttd_tpi=1
  • https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
0
241 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-vcl-time-ms
17
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 varnish
x-cache-hits
0
server
nginx
x-timer
S1682815711.555103,VS0,VE17
x-cache
MISS
accept-ranges
bytes
content-length
0
x-served-by
cache-yyz4581-YYZ

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://trc.taboola.com/sg/thetradedesk-network/1/rtb-h/?taboola_hm=da3ec3c1-341d-4e53-8cd4-3079e127dd0f
content-type
text/html
cache-control
private,no-cache, must-revalidate
content-length
239
merge
ce.lijit.com/ Frame 7439 		43 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ce.lijit.com/merge?pid=42&3pid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&us_privacy=1---&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
69.175.41.44 Yorktown Heights, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
sovrn-193627-chi03-placeholder
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 30 Apr 2023 00:48:30 GMT
P3P
CP="CUR ADM OUR NOR STA NID"
Content-Type
image/gif
Cache-Control
private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod
ad_ap4ord1
Content-Length
43
Expires
Fri, 20 Mar 2009 00:00:00 GMT
rtset
bh.contextweb.com/bh/ Frame 7439 		49 B
873 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bh.contextweb.com/bh/rtset?do=add&pid=553204&ev=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
198.148.27.140 New York, United States, ASN19189 (PULSEPOINT, US),
Reverse DNS
Software
Jetty(10.0.14) /
Resource Hash
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=15768000
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server
Jetty(10.0.14)
content-language
en-CA
content-type
image/gif;charset=iso-8859-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control
private, max-age=0, no-cache, no-store
cw-server
bh-deployment-stage-0
expires
-1
/
rtb-csync.smartadserver.com/redir/ Frame 7439 		43 B
438 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=107&partneruserid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
199.187.193.182 , Canada, ASN47043 (SMARTADSERVER, CA),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
cache-control
no-cache,no-store
transfer-encoding
chunked
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=29&p=282&cp=taboolaortb&cu=1&url=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fcriteortb-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D%40%40CRITEO_USERID%40%40
  • https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=0e60229e-926f-4cde-b7af-ad91bdf1b7a9
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=0e60229e-926f-4cde-b7af-ad91bdf1b7a9
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
24389

Redirect headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=0e60229e-926f-4cde-b7af-ad91bdf1b7a9
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1901034
content-length
0
expires
Sun, 30 Apr 2023 00:00:00 GMT
/
sync.taboola.com/sg/id5-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://id5-sync.com/s/464/9.gif?puid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fsync.taboola.com%2Fsg%2Fid5-network%2F1%2Frtb-h%2F%3Ftaboola_hm%3D...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://id5-sync.com/k/264.gif?puid=da3ec3c1-341d-4e53-8cd4-3079e127dd0f&ttl=%%TTL%%
  • https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-74afF8fPa0yiuY1UfHK12YSZDVY9jmwlbI_gI1kD8w&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F3%2F5%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
  • https://id5-sync.com/c/464/3/5/3.gif?puid=9e4d644d-bade-4000-a5ba-c59d1cfc5859&gdpr=0&gdpr_consent=
  • https://uipglob.semasio.net/id5/1/get?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F4%2F4.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D
  • https://uipglob.semasio.net/id5/1/get2?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F112%2F4%2F4.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D
  • https://id5-sync.com/c/464/112/4/4.gif?puid=A6C4AA1734A55FFE&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F434%2F3%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&consent=
  • https://id5-sync.com/c/464/434/3/5.gif?puid=88c28147-94c7-4e7d-9a26-15053fd109c9&gdpr=0&gdpr_consent=
  • https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F441%2F2%2F6.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent=
  • https://id5-sync.com/c/464/441/2/6.gif?puid=u_2f73db70-2d95-4e61-846d-b976d5f472ce&gdpr=0&gdpr_consent=
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F429%2F1%2F7.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0
  • https://id5-sync.com/c/464/429/1/7.gif?puid=B644CC9D-6C6A-4346-8468-AAF707B6BA7C&gdpr=0&gdpr_consent=
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F464%2F108%2F0%2F8.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_con...
  • https://id5-sync.com/c/464/108/0/8.gif?puid=85ac3fdf-dde4-43ea-8d6b-449833eed87d&gdpr=0&gdpr_consent=
  • https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-74afF8fPa0yiuY1UfHK12YSZDVY9jmwlbI_gI1kD8w
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-74afF8fPa0yiuY1UfHK12YSZDVY9jmwlbI_gI1kD8w
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:32 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
26868

Redirect headers

location
https://sync.taboola.com/sg/id5-network/1/rtb-h/?taboola_hm=ID5-74afF8fPa0yiuY1UfHK12YSZDVY9jmwlbI_gI1kD8w
date
Sun, 30 Apr 2023 00:48:31 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding
chunked
p3p
CP="CAO PSA OUR"
rtb-h
sync-t1.taboola.com/sg/bidswitch-network/1/ Frame 7439
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=taboola&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dtaboola%26bsw_param%3Da1dcee34-06ed-41fc-ab2a-7213bef84e5...
  • https://x.bidswitch.net/sync?dsp_id=80&user_id=9e4d644d-bade-4000-a5ba-c59d1cfc5859&expires=30&ssp=taboola&bsw_param=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent=
  • https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=a1dcee34-06ed-41fc-ab2a-7213bef84e56
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
29212

Redirect headers

Location
//sync-t1.taboola.com/sg/bidswitch-network/1/rtb-h?taboola_hm=a1dcee34-06ed-41fc-ab2a-7213bef84e56
Date
Sun, 30 Apr 2023 00:48:30 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
rtb-h
match.taboola.com/sg/mediaforcebidder-network/1/ Frame 7439
Redirect Chain
  • https://rtb.mfadsrvr.com/sync?ssp=taboola
  • https://sync.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=21de76f5-f82f-4771-9300-4712dea36918
  • https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=21de76f5-f82f-4771-9300-4712dea36918&tbid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&query=taboola_hm%3D21de76f5-f82f-...
0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=21de76f5-f82f-4771-9300-4712dea36918&tbid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&query=taboola_hm%3D21de76f5-f82f-4771-9300-4712dea36918&isDirect=0
Protocol
H2
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-cache-hits
0
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 varnish
server
nginx
x-timer
S1682815711.644742,VS0,VE16
x-cache
MISS
accept-ranges
bytes
content-length
0
x-served-by
cache-yyz4581-YYZ

Redirect headers

location
https://match.taboola.com/sg/mediaforcebidder-network/1/rtb-h?taboola_hm=21de76f5-f82f-4771-9300-4712dea36918&tbid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&query=taboola_hm%3D21de76f5-f82f-4771-9300-4712dea36918&isDirect=0
date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22580
sd
u.openx.net/w/1.0/ Frame 7439 		43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u.openx.net/w/1.0/sd?id=543998486&val=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&gdpr=0&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT
xuid
eb2.3lift.com/ Frame 7439 		37 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?mid=7772&xuid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&dongle=tbla
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
image/gif
date
Sun, 30 Apr 2023 00:48:30 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
rtb-h
sync.taboola.com/sg/stackadaptrtb-network/1/ Frame 7439
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=140
  • https://sync.taboola.com/sg/stackadaptrtb-network/1/rtb-h?taboola_hm=bi9sRiiwWD1K7xIXMFDTrZU4mbk
0
221 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/stackadaptrtb-network/1/rtb-h?taboola_hm=bi9sRiiwWD1K7xIXMFDTrZU4mbk
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22658

Redirect headers

Location
https://sync.taboola.com/sg/stackadaptrtb-network/1/rtb-h?taboola_hm=bi9sRiiwWD1K7xIXMFDTrZU4mbk
Date
Sun, 30 Apr 2023 00:48:30 GMT
Connection
keep-alive
Content-Length
119
Content-Type
text/html; charset=utf-8
Pug
simage2.pubmatic.com/AdServer/ Frame 7439
Redirect Chain
  • https://x.bidswitch.net/sync?dsp_id=453&user_id=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&gdpr=0&gdpr_consent=&us_privacy=1---
  • https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent=&gdpr_pd=
1 B
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent=&gdpr_pd=
Protocol
H2
Server
162.248.18.37 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-type
text/html; charset=utf-8
date
Sun, 30 Apr 2023 00:48:30 GMT
cache-control
no-store, no-cache, private
server
nginx
content-length
1
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location
//simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=a1dcee34-06ed-41fc-ab2a-7213bef84e56&gdpr=0&gdpr_consent=&gdpr_pd=
Date
Sun, 30 Apr 2023 00:48:30 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
sync
t.adx.opera.com/ Frame 7439 		35 B
467 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.adx.opera.com/sync?vendor=60151&uid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
82.145.213.8 , Norway, ASN39832 (NO-OPERA, NO),
Reverse DNS
n-sysadmin-jumpbox-03.feednews.opera.technology
Software
Tengine /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
server
Tengine
access-control-allow-methods
POST, GET
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/ Frame 7439
Redirect Chain
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&ph=295bf259-a378-4089-aae8-a2a995ba8627&id=37f45540-fa88-4005-bf73-8a7ac39467e3&r=https%3A%2F%2Fsync-t1.taboola.com%2Fsg%2Fopenxrtb-network%2F1%2Fr...
  • https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=90b7712a-9f62-0b9f-0a79-3070646c9a33
0
230 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=90b7712a-9f62-0b9f-0a79-3070646c9a33
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
22240

Redirect headers

date
Sun, 30 Apr 2023 00:48:30 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
location
https://sync-t1.taboola.com/sg/openxrtb-network/1/rtb-h/?gdpr=0&us_privacy=1---&orig=video&taboola_hm=90b7712a-9f62-0b9f-0a79-3070646c9a33
p3p
CP="CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
cds-pips.js
cdn.taboola.com/scripts/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/cds-pips.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
z5FoayaLm_Bvew3pbkytkoHczFCvkPwT
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:30 GMT
x-amz-request-id
345CDBWW70P2J4KQ
age
3517
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
1340
x-amz-id-2
RXZ9eF1pCd0CDN+zmZsBdUvWy9zP/THQYOkdE0w5cIOOD+5zdquMw/vB8dFwYkBREq+fn3ZvR+o=
x-served-by
cache-yyz4581-YYZ
last-modified
Wed, 12 Oct 2022 13:57:57 GMT
server
AmazonS3
x-timer
S1682815711.509560,VS0,VE0
etag
"383fa66d2a0a09f4a6e64a9593ad43bb"
vary
Accept-Encoding
content-type
application/javascript
abp
43
access-control-allow-origin
*
cache-control
private, max-age=3600
accept-ranges
bytes
x-cache-hits
4509
fraud-detect.js
cdn.taboola.com/scripts/ 		121 B
419 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/fraud-detect.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
392c32f20b9f867852a946a6ed1c5e21476df9619083548b6585d80a3b5f9bd4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
vOXBAr_FxKHpU348.XTQhP6DWnVyKple
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:30 GMT
x-amz-request-id
S9J5BFAA7WPTMDGJ
age
18799
x-cache
HIT
x-amz-replication-status
COMPLETED
content-length
125
x-amz-id-2
wWtPRy+nUtfHDp77gPzlWCF3v6EWhngazARKv0aGBw+bq/wfsPbkn4AZ0roXloZfIZagWP16wbs=
x-served-by
cache-yyz4581-YYZ
last-modified
Thu, 15 Dec 2022 16:50:08 GMT
server
AmazonS3
x-timer
S1682815711.509843,VS0,VE0
etag
"f7a185d92ac2162dc0bc36c5d7ef7dfe"
vary
Accept-Encoding
content-type
application/javascript
abp
43
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
19717
eidf.es5.js
cdn.taboola.com/scripts/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.taboola.com/scripts/eidf.es5.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.193.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
3979WkHCSLO5cQCJAWoE4w7tW4Dv40AW
content-encoding
gzip
via
1.1 varnish
date
Sun, 30 Apr 2023 00:48:30 GMT
x-amz-request-id
MDF1ZN70T49XVY6T
age
10634
x-amz-server-side-encryption
AES256
x-cache
HIT
x-amz-replication-status
PENDING
content-length
6467
x-amz-id-2
31MCdrWlJaO7VPTkeijfDCddcoc5wZ3qnEGbq/lzCgvbwa2jcTEBhuQ1KkKYGDl9+MpeTIwTpvw=
x-served-by
cache-yyz4581-YYZ
last-modified
Sun, 02 Apr 2023 13:49:08 GMT
server
AmazonS3
x-timer
S1682815711.509835,VS0,VE0
etag
"2fdf3e79d5e851201a0d52a886453d8b"
vary
Accept-Encoding
content-type
application/javascript
abp
43
access-control-allow-origin
*
cache-control
private,max-age=14400
accept-ranges
bytes
x-cache-hits
10926
abt
capi.connatix.com/tr/ Frame 8D82 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/abt?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc78ec9bda1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
sync
pippio.com/api/
Redirect Chain
  • https://pix.cdnwidget.com/redirect?CID=2P7ks0LyxTVAOulQT8uAgY3RlaU&DID=2P7ks0ERZC4tMARB0iytZqK8Eps&v=&iv=&deviceid=4762296757293307742&visitid=1682815710361968&wsid=2051&apikey=2^HIykD
  • https://pippio.com/api/sync?pid=5749
42 B
59 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pippio.com/api/sync?pid=5749
Protocol
H3
Server
107.178.254.65 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
65.254.178.107.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
image/gif
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://pippio.com/api/sync?pid=5749
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
graph
idr.cdnwidget.com/ 		0
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idr.cdnwidget.com/graph?cookieID=2P7ks0LyxTVAOulQT8uAgY3RlaU&deviceID=2P7ks0ERZC4tMARB0iytZqK8Eps&bxdid=4762296757293307742&bxvid=1682815710361968&bxwid=2051&gm=true&apikey=2^HIykD&loadID=xnWBc7gIDjJ1Eqx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.130.207 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
207.130.149.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
id_sync
events.bouncex.net/track.gif/ 		42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/id_sync?id_sync:id_type=sid&id_sync:id_source=graph&soft_id=2P7ks0ERZC4tMARB0iytZqK8Eps&source=web&agent=cjs&deviceid=4762296757293307742&visitid=1682815710361968&websiteid=2051&pageviewid=1&sequenceid=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
/
pips.taboola.com/ 		64 B
246 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pips.taboola.com/
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
793009fe3bcc74dd22827bed33ca8f051b15354d383cf62b2c1cc9471abb9408

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-served-by
cache-yyz4568-YYZ
date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 varnish
server
Varnish
access-control-allow-methods
GET
x-cache
HIT
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-store
accept-ranges
bytes
content-length
64
retry-after
0
x-cache-hits
0
/
cds.taboola.com/ 		0
82 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cds.taboola.com/?uid=951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b&uad=338564a5d7f9d7ddd394b6959d9a4765b3c7d182171578d33671704479e1fa0a&mbl=ZmFsc2U=
Requested by
Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sun, 30 Apr 2023 00:48:30 GMT
cache-control
no-store
server
nginx
2051
dfp.bouncex.net/pub/ 		6 B
87 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dfp.bouncex.net/pub/2051?li=6231794809|6018529605|6229929582|992535056|5845324479
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
f31c62113a61f327b0f93fdd9170c98c452d6b5e75718657c7fba611ec84806d

Request headers

Accept
*/*
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
via
1.1 google
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.chicagotribune.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6
abt
capi.connatix.com/tr/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/abt?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:30 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7910e63a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
fbevents.js
connect.facebook.net/en_US/ 		107 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
091ba5711e7f397eca67fb1da60968a88be608d2f4fb80955ef74f645b6e898b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 30 Apr 2023 00:48:31 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27967
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
hnFNylSB/lwsxjIBbWVt6iQqCAciw7U6xOV7h5HXgzesX4krQ5kz7lrEd6d9an8s21t6x7VSTfdFJHxZRQEqKA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1460883810
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
1757361571160924
connect.facebook.net/signals/config/ 		377 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1757361571160924?v=2.9.102&r=stable
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fb02ab5b5dc12786cde36c24ca21eaaa5c6309c9931d26f9665e3878ac94c1c0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 30 Apr 2023 00:48:31 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
110316
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
s+iS75Pfv+wlJzTbPhV0pTaLsIXfcG3SCHf/SvHepEefPniPAmZ/oGOIVk+LhSH7jzMUMksm8HdOIUagR9HAWg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1460883810
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
497472043734658
connect.facebook.net/signals/config/ 		377 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/497472043734658?v=2.9.102&r=stable
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
154dcb1b08e1ac5231d54e13b6fbd82fb8c503d6ce4411d88f08f1155aacd489
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 30 Apr 2023 00:48:31 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
110291
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
TfcQeknQfB98y+t6A+y1eouN17RODFh+XZuOguLRlRkvwtcWR6e2SLSSWaS26VyLxDZag7pMtHbbY4Xn7Pto0g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1757361571160924&ev=PageView&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&rl=&if=false&ts=1682815711317&sw=1600&sh=1200&v=2.9.102&r=stable&ec=0&o=30&cs_est=true&fbp=fb.1.1682815711314.1227982514&it=1682815711186&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f111:83:face:b00c:0:25de Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 30 Apr 2023 00:48:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=497472043734658&ev=KWCEPV&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&rl=&if=false&ts=1682815711447&cd[noad30]=1&cd[noadcm]=1&cd[nokart]=0&cd[pvps]=1&cd[slensec]=0&cd[ar30d]=1&cd[arcm]=1&cd[kar30d]=0&cd[karcm]=0&cd[ts30d]=0&cd[tscm]=0&cd[kru]=0&sw=1600&sh=1200&v=2.9.102&r=stable&ec=0&o=30&fbp=fb.1.1682815711314.1227982514&it=1682815711186&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=2&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f111:83:face:b00c:0:25de Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 30 Apr 2023 00:48:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ 		0
31 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=497472043734658&ev=PageView&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&rl=&if=false&ts=1682815711449&sw=1600&sh=1200&v=2.9.102&r=stable&ec=1&o=30&cs_est=true&fbp=fb.1.1682815711314.1227982514&it=1682815711186&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f111:83:face:b00c:0:25de Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 30 Apr 2023 00:48:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/tr/ Frame 74DC 		0
18 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f111:83:face:b00c:0:25de Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.chicagotribune.com
Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.chicagotribune.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Sun, 30 Apr 2023 00:48:31 GMT
priority
u=0,i
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
reloadCampaigns.js
api.bounceexchange.com/bounce/ 		81 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.bounceexchange.com/bounce/reloadCampaigns.js?wklzs=3462&wklz=C4ewVgigvAZgrgOwMbAJYgQMhQZygRgDYAOAJmPwFYB2ffYgFgGZNgAvEKABkwHcBTAEY5UwfgH1UAEyikulfJgBO-HCAA2cNBgKEuXAB745PFTH5KVSqNgCG69agQBzcXCXqoAC2DAADjgApEwAgoGkAGLhEbyxAHRIXqhIts4gwEqogoj8CSAAttHZIgiqQZEoALSCqGyVauq2SrxOUpUgmRiVSACeghY4-Ejuoj2VXrZIANZOzt2ClXJyxlSVAI5IzgxTbM4GhABuzoJJ-F68Pc5ecDheDJT59aBKPXE++eqYB6giwOJIIBAM34UEC1AAQuFSOo-FDgmFSKQfP5ypRQuFKJEMZFYrwEkkUmkMlkcnlCqRMRFik4ytiIlUanUGk0Wgg2h10Ahun0BkMRsAxhNprN5osuMtSKsNlsdntDsdTudLtdbvdHjhnq93uo4aQAMJQpRw9GI3UGxE-cRpcSDHAiDDGkIweyDcLm0iW5x+G1lTmO53qV36qGDZyOwKUSGUAAiYOj2EBwNBEKhUmk4cRDGohERAE5CNQaKRc0wmFxqNQGKQzVDvlJHUQyBQaPguExCPh88Q3bXwynEQg4Pl+kpxCAYOImmgkOpVOIVLZ66bQvge4j1CBnM5+FJJAhxDAVPx-S7j8H15vt7unOI-LZ08unae1x7BAZxGINSfA2f3fwDhY4gbluO57re95LtWoQBkGf4AaOwFXnu36wVCQy2N6gz8Pu3y-BmpAwWe1bnqQ6GYXAgj5KIYi7v+FjOEeCAob+aEpORlHUaBdFKAx-DYeBPS8PYOqPoRL5kTaFFUb4XEIGISjAPeCD5NhwDMeJbGSRxMm7qUvDlFBT4-hpGFadJNHiF4-D2MAXjqSREk4FJnG7rY7gdLY9l-ppTnaRZ+QdAgsw4H4Theaxpm+eZoG2dZ8nhYijnOTpB6ZFItg9PwBiiAlpE+clFkcEoTGic+Dn5X5oEIBhFjfA4RHwmJ5WRQVoF+CAGrEtkpS5UllW7o0UxDCAiACr1FXRa5OBTLY+Q9ONLX9eIcVSJkCBTFIIALexk3iN8cmpPwXU5NtZkuct6jOGFpXGc1O3nWoWg+CAvAlYZTXeYtu2CImBmNWVn33SlaZBS4p1Red1KlHa4OtbuIChUFDo3ahiUTedsWbcFsNLSFHTAH90EA1CjQauB0hAZuN7pWIuXATed4U2W4jpT0hMIgRZXEe6NNHagKniPcLMZezjbkFQtBcC+U7JLOe2oPw+mC5Qwtsw2L53j0KlyQCCAwKgSgqZB-23e6pN-PzfgqHafooyx662GT3yK6BiRDFMI1qXbL4iM4pTXvuNwDOIKnyeIrKbbwuXO7wAlCQ4B4Gzu+FNdW1CxiRUjOBEBsagAMiAi6OhkcD20iTRSAAkhnhlQqQAAK1BTDgXB5z0BgACoAGohAA8nA6gQB3xBwCEzgAJpMAASo0ACqNaImoMDANX+EN03LcAKJTwAWnqDDAAAsiEU-glwqA9MAO9rAA0sQm8BAvpBZ32kIWjg9cqN8I04HqNygCpI03sSI-AAMoURwEgTII51LpxfDAA4XtDJi2bJLaWW1HxSxIjCfCyJH4UhNJSOkuJ8TJFSOkaBpIATkkpFDWkFIKjAGqLUeoGgWStHaJ0LkvQRyDGGJkAU4xJgzBcKKJYXAViUHWJsbYux9hHBOArJUVwbh3AeE8DoWpgAfCfo7R0WD3QHD8AcdWmd8LGxIkA2upobHuiQIghsJBxYtgMSGB8yCXzOCgY6Yg1AXzkkMq49cDjHwoIlq2OMXwmg4AANr033AFdK6gAC6sBTxRKULEus-AQC3mtqpVJhEMmxJnArOSk5dy3BeggQp6SDjRJiZreO6g8mqAKWkn8xSYl4wQGoTJSRvRu2mLUzp9TMkxJljOCQd5typJLvwLpg5hyAXHJOBSss5wLikKkxQYzYkBTkl4dQPQ1nTlnDgec1ltncC6ZMuW1UVKpK6YhUCN5Dx8RGYMZ5l5Xn7kZtcopezGkZW1n8XW+tDY7k+QsoFvlIGZD8NofcAo-D8GhV0rI75PzAHRbC2wsdHBXGAD9d8uFRC4oadxSmIEA7kwBXUyl8FqVIScBS8ZpTVIVJZhTKpvA2WxJAPBRoJynJ+Ctr6DAcylCly6SkfcvKxxCoyvyiZA1UBErHDUjpXygWOT4jhH45LtUwspejFK3FeLYRVX1XaFrGJx2Etas1FlVIWEUk4UFTqvrnT0jgL1QMLJWRsl4f1Z0UpuSUB5UNEMUoBWKsFRG0a4YfiDfJJNS1DzSAyllI1gLTXepSkVLVebxk2p9TVJQdVZzpt2u1TqlDSg1vOoNYao0ehNvDdNWa7bjVdLLea2wwBVpOA2iADtFl9qKW3MdRtvbdXOq4pdVlc780BtAo9WyoBXrjtAj9IEfqV2loXbuEGswd27joXac9Y5EacmvZjEAwVr14wUgektsSJhKCkM01pgw5IqqkDAb0kbFyCA3MMqAwkXpdIyBgJAy02IqruRINAwBq1QAAOp6IYVwOa2IuC8A6FMPwjQkBnkxFwJIXsKOCHmjh0BbClAYdaKiOQQopgYiYFEHDIQ2T4ZgCNIBFG43kbkDw3k-DRj4bWKXDUnJWNcFsL0gQKgpBxD7WmZ4qB7DhySCFQC4q-04sPbE0Ajsw6Gfae+mJSyRw2naq+05GyLlbNSTwIFTThKkF-e09zDTBDCP1gnKQ-ASMgC1u0jFyBNxBVAOIMDIBpg+f-SZmJer+K2UtAIfgUwVXwWnDp5wwkLAnJmWi1L5s6XUupoO8r1n4lVeZqzN9DLxnIf+CNFLfnxlLz+J5hOlmUvWd5mgAWQtms7Kcag1stz1lTPlorC542RY7K6THV2Vlpie3AmTbLuXUvIYuet3codAIRxem5vtmkzMagM-kobrXYkSRu2HDUSn0pfpEGwaZ93jPWc1qC8FBsjYqvhRoFpd4lCpCh34Lw4hiCg6geD8CUOGIYTh-gBgKqBOQtHHCqBWQLAqsq5ba29pi2PbieZhbAhdxDI9loFVSAkBqo1CqlQV0f38EJVkOWQclCg-Vf7MC-OLmndHOdvlqWysorq5TmODqE4Qqhb2gEQIFYfkBEBJo25e2CD8Dco6BuYnJMwIivACZ8gke08gCQMBGjOBsIBvwJuoA5iYPgaguYGDEC4LmTAzvXd6HoJifM8gA9AaD3mXMxZKBkAjy71JuYY9okoPIQgCfXdx-uEwUgDAsz+4OBMG5xjpAEGUOoWXkG5tyzKwAGlsysich3LmLjr+1h5-A6-O-nIXKQCXpjt5ryh0Qs46-9fUN5wbwA68BemEFlpIWwsRbkkPs5EgASjTX85mnoFxfh1aC9BvQ47MvoJk5qZLmrkV871AMZ2mwMLM-deGQ69m6t3bt3PuA8h4jzHpPGeWwWeTAXrSQV-Rud-bePeA+Y+U+c+S+a+O+B+HAIAA
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
7cdc7f026ca25da7d40e77cd1d5d52dd89ff03dcc0a1dff4b0e4f2e4a5598086

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:31 GMT
content-encoding
gzip
via
1.1 google
last-modified
Sun, 30 Apr 2023 00:48:31 GMT
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
95
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
0
reloadcampaigns
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/reloadcampaigns?wklz=E4UwNg9ghgJgxlAtgBygSwOYDsDOAuOAVxwBcJEA3KYNKAIzBBwF4BSAdgCFWAmHyDGiwB9RBBhQwvHqwDMAQWkAzSThDTeAYWkU0MEBGHJQarCQ0Llq9Xy3S4YNCDPDYwnAAsIAdywXFfCpgaho82nyoAJ7ekmBGJs7mtpaB1qHhPDjIELgQwJ5oyMJwHiBwANb+VsE2MmHS1CRoDiBGUBi1cgE8JMCEnfV8WISIdCDAwhBKrsBNLTjCoLBVfACM6dJiZh5gkTNzjAtLMCs8AAwbfI3NjMJYSJ0pdXUZAh0wwkLCSqCP3UEhWyDfgQDDvT4iVB6U4AgYZKKIRLFHJKNDAREnZL-NJAjI4Qh0HBwGjIJo5YQkSLIP7VQEvaRoOgADwpTCSMiesMumSg3mEjgwHhIdAgLN0ODQ7K6tLh0hAFHG-NB4K+UMxHOxNW58sVbxAHyEMJx9L4DicLjcMD07i83iNWtx0ggCuAYCge3xyGMTAlOVOvX63IQIk8PkmLrdkXtdLsVw+AqFkz8WJl2oQRTUzmE4sl0dlfDKUAzBMQkpI+uEOuAGF+yY1qcdBfT7hLZYrVZrICzURiYCkKdSDpNPELxbopZI5Y+iXGJHQWERZjzaaLLfHbY+WBA3hwy8bI+b+PXk4rpUkJA8e+Ho7XE6nrkIwDyUCvsYPq6Pd4rYmAWCEGCyQ0Bx4Ll9xvT8NwpM9y2AV9gXA1sTw+H49HdEAmVzYDQOvQ9EPvAAvPI62lQcY3g3Dj3ve5qWAXQ+xpUj83fMcvw+bJSF6RlCC3OCMgQyiKzdcoyggbjKV4uUKNY1wcHKJAoyw403346SQCgEgYBoLByhgCAJKbD88IrXQzHaEBOLobiGJApTyMMgTpzAQRiM5Wy+KkyCcFEi8yF8fTmNvSCRQgcpd0UodlI8pDhCtP8sAwfyVKC4ghB9RKovvCBkCENA-XCsj3Ps6SL31CB-zC+tGJXFjPOyWYKpImyIuBDxqBgXs4m9UwpVc5qMhgJQiifWAGAgCpTliHxuV6HI4ErdN-OuFoKUlRhTgAdSgMKAFZzkQBTdrObw8nKZA3TgGxDo8TDDroA7zgAZQgN1gHWoQYB285WvGnhttkAAxXhDvkLBMUOpRRNg369ryS7zjgSIxnyMpH0le6zgAR36UhctwIHzigXBvHGfUADptStMgaEkYRvGurJFS6xJ-LILaYPiJhmfypjhlGRUsjyEgFiWw5FjU9VGoufce1iHgOe604peHOgoAqVE+xikAzogSJFx67puSEOBQT-MhhFGip5a5yqmoKySPy7EQLzQBZiZASpue5F05hpjBYnGPZUA6fy3VINprQEL4JHLEPQVVdAPlkM4YvdBrertq5ZhuVpjbExXuS8pQSDaaJYitpdPf3aPzLQRFhAAFm2lPIjT7pVgANgADh4TvVm29hViVt8RdaXRtwWRvm9b6R1n3MfiY+EoynKby2jDt2PZt7Dh6z+ZsycBfRHMxVvHeqbgKHuyilZ0hGYSCut7c+3r+gW+JlIQmJGAD60Hw1omYfo1bewIESJGNlgVE6J9T+SJE+DWqBgDtEQcgDwwhO4wOJM9Tq1AkFFlQaseu-kIZQPfgSWBjJxghzZp8FAJhfQuU1Bnfg1D54ViXhUby-k4BwHjC7fWDZhygEEB1SsApGS3GIJQyuw4JTYArF8SR+Qj7s1PqDc+j8+rSCDuZKk1lgEZHniXERkDoHSI4AAEQAGSgEgLABAKB0DYHwPcREzAqDUwYCAax4BoDwCQFCJxeBKTUmYCPNowcwi8yRpMaYI8jjiy0GElxNhNADSGr4i2HtNBhKaCQNaYQZZ9jlgApImgVZqzQBrfQ2tdZc2ybvW4ucK71IOEwfe25vzHwmKo3SdpIkjGiQLeq+xs7xNgJYsQ+hmBnEscTQkkoQB6GYOcbaqxLE5iaDAZgHdu6937oPWQ7dVgAE4u6WP0LoC6Sz67sHbnwU57B+48GObIJO7B2D1x4JY7R88llrLUFjZwVytlfLNIkJoiIP4oG2V3HufcB6rE7rtSxYLTLZRdPQ5gc4MCyHOfKZoIBmAwEsV5R8F1mBzMsWZMwzBFEkqmMXJZPAAAK7BQpnAAKIACUABamh64kAALLyC5ZwM4aBIgkB5RjAA0p3DlyAcCWNat-T4ILWXsoADKRCZAAFQAGryAAPKEDAAARV1Z3Qg8gMAAE1ZBcrdAAVSAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:31 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
/
www.facebook.com/tr/ Frame 2967 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f111:83:face:b00c:0:25de Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://www.chicagotribune.com
Referer
https://www.chicagotribune.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-origin
https://www.chicagotribune.com
alt-svc
h3=":443"; ma=86400
content-length
0
content-type
text/plain
cross-origin-resource-policy
cross-origin
date
Sun, 30 Apr 2023 00:48:32 GMT
priority
u=0,i
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
creatives-base-styles.a53944a2.min.css
assets.bounceexchange.com/tag/css/ 		37 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.bounceexchange.com/tag/css/creatives-base-styles.a53944a2.min.css
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.72.95 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
95.72.98.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:22:10 GMT
content-encoding
gzip
age
1582
x-guploader-uploadid
ADPycdsPlj5R6RkTrpR3RWDxnPruxCv6JllAA6VUeQF9bxP8ghF1h3QE6Ip1SGvTSwBpUoKrXxcFErz_YIlEs9J1x3drmx6kDatF
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6053
last-modified
Tue, 13 Dec 2022 17:12:22 GMT
server
UploadServer
etag
"54f61bdcbfb6f81427c8a6803f48b02f"
vary
Accept-Encoding
x-goog-generation
1670951542233151
x-goog-hash
crc32c=lLRhfg==, md5=VPYb3L+2+BQnyKaAP0iwLw==
access-control-allow-origin
*
access-control-expose-headers
etag, Content-Type
cache-control
public,max-age=3600
x-goog-stored-content-length
6053
accept-ranges
bytes
content-type
text/css
/
www.facebook.com/tr/ 		0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1757361571160924&ev=ViewContent&ts=1682815712029&it=1682815712029&v=2.7.21&if=false&cd[article_content_tier]=free&cd[is_subscriber]=true&dl=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&rl=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f111:83:face:b00c:0:25de Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 30 Apr 2023 00:48:32 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
st
capi.connatix.com/tr/ Frame 8D82 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:32 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc79adb82a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
i
www.i.matheranalytics.com/ 		43 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.i.matheranalytics.com/i?e=pe&tv=js-3.0.153&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_es6=1&f_gears=2&tvltm=9&tvcfg=fusion&f_privb=0&tid=ad95ae39-41dc-41ea-879d-ac24b368a41c&pid=577140fe-b628-4c1d-b8de-5182b59c641c&dtm=1682815712572&qnm=_matherq&visible=1&tabid=9b3ffb53-6415-4c12-b1f2-a9e9d3b93e2e&url=https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html&vp=1600x1200&ds=1600x10179&tofa=1682815703&vid=1&lvidt=1682815703&duid=173b94f8b2185443&fp=792662924&cid=ma89701&mrk=197837611&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY4MjgxNTcwMDU5OSIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIyMS43bWIiLCJoZWFwVCI6IjI2bWIiLCJmc3RQYWludCI6IjkwNyIsImZldGNoUyI6IjAiLCJkb21haW5TIjoiMSIsImRvbWFpbkUiOiI2NiIsImNvbm5TIjoiNjYiLCJjb25uRSI6IjEyMCIsInNzbFMiOiI4MyIsInJlcXVTIjoiMTIwIiwicmVzcFMiOiI2OTMiLCJyZXNwRSI6IjY5OCIsImRvbUxvYWQiOiI2OTciLCJkb21JbnRlciI6Ijk1MyIsImRvbUxvYWRTIjoiMTAwMyIsImRvbUxvYWRFIjoiMTA1MiIsImRvbUNtcGx0IjoiNzMyMiIsImxvYWRTIjoiNzMyNSIsImxvYWRFIjoiNzM4NyJ9fQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.205.216.79 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-205-216-79.compute-1.amazonaws.com
Software
/
Resource Hash
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date
Sun, 30 Apr 2023 00:48:32 GMT
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
st
capi.connatix.com/tr/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/st?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:32 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc79cef63a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
aq
capi.connatix.com/tr/ Frame 8D82 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/aq?v=263050&tier=1
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:34 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7a9eae4a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
eligible
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=IYEw+grgdglgLgZwLwCYDMBSFBhArABi2wDY0AyBAewgCcBjAUyVATIgEckBGChgcwC2DKHDAwQyMnWACADsBh9YIJAE4UADjRcewPsLhIAVqwGUQTfGQDuDAEYJ4Dcany4eANxiO4LrsQ1NLlwAdi58NGIuVQCyCy9GFwAWEOIUFBiQ0Iy0NHwQkKSUMnl9LwZrP152CGFElXI6ABsYA18hBDgZWW4AoNDgiNwpFoNgWRgPBhpHSigkLr5yeJhGJBAKSgAzURcUAAUQgGsEfABRACUALWwkuABZAEELgCF8GABPOCv2AGkNM6yVgAC2ANHAe0OJ3wABkPgAPAAqADVHgB5CBNACKiI0EEefAAmmgLk1gABVIA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=IYEw+grgdglgLgZwLwHYCkAmAwhgbJrAVgA4AyBAewgCcBjAUyVAVIgEckBGc+gcwFt6UOGBghkpWsH4AHYDF6wQSAJwZiAZk4bSwXkLhIAVi34UQjAAykA7vQBGCePTFIMlwtwBuMJ3FecuMTqnIQonJYauJwqQaQWPgyuACwouBgYsShhmRoaligoyRikcvo+9DYBPGwQQknKyZIANjAG-oIIcNIyXEEhYaGWxS1twsAyMF701E4UUEjdvDoJMAxIIOQUAGYirhgACigA1giWAKIASgBaWMlwALIAgpcAQpYwAJ5w12wA0sRzjIWAALYDUcD7I6nSwAGU+AA8ACoANSeAHkIM0AIpI4gQJ68ACaGkuzWAAFUgA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
eligible
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/eligible?wklz=IYEw+grgdglgLgZwLwBYBMBSNBhArARi2wDYUAyBAewgCcBjAUyVATIgEcl8KGBzAWwZQ4YGCGRk6wfgAdgMXrBBd8AdlUAOAMwaywXkLhIAVq36UQTAAxkA7gwBGCeAzFI0VgmQBuMZ3Dd8Yg00DXxcVXwrLWJ8AE5gsktfRjcUVWI0NATVCOytLSt1dDI5A18GW0CedgghVOVcSQAbGEMAwQQ4aRkuYNDwyNwrFF06VsNgGRhvBhpnSigkbt4tJIYUphAKSgAzETc0AAVVAGsEKwBRACUALWwUOABZAEFrgCErGABPOFv2ADSGkuMlYAAtgDRwIcTucrAAZb4ADwAKgA1F4AeQgzQAiiiNBAXrwAJpaa7NYAAVSAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
publishertag.js
static.criteo.net/js/ld/ 		121 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.criteo.net/js/ld/publishertag.js
Requested by
Host: cmp.osano.com
URL: https://cmp.osano.com/16A1AnRt2Fn8i1unj/f15ebf08-7008-40fe-9af3-db96dc3e8266/osano.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
ee5dd0a4359b47cc49bbeaa01ee01d9ab77226267bc4999dce2331f35dd4b930
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sun, 30 Apr 2023 00:48:35 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Fri, 24 Feb 2023 07:57:32 GMT
server
nginx
etag
W/"63f86dec-1e357"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Mon, 01 May 2023 00:48:35 GMT
cygnus
as-sec.casalemedia.com/ 		53 B
336 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?v=7&cb=1682815715148&s=179705&r=%7B%22id%22%3A%221682815715%22%2C%22imp%22%3A%5B%7B%22id%22%3A%221%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%223%22%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A600%7D%7D%5D%2C%22site%22%3A%7B%22mobile%22%3A0%2C%22page%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%3Fdeployment%3Doverlay%26device%3Ddesktop%26segments%3D%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%2C%22domain%22%3A%22www.chicagotribune.com%22%2C%22privacypolicy%22%3A1%2C%22publisher%22%3A%7B%22domain%22%3A%22www.chicagotribune.com%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%7D%2C%22ext%22%3A%7B%22data%22%3A%7B%22segment%22%3A%5B%5D%7D%7D%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36%22%2C%22ip%22%3A%22149.56.153.185%22%2C%22js%22%3A1%2C%22language%22%3A%22EN%22%7D%2C%22source%22%3A%7B%22pchain%22%3A%22869cff86d1c453c1%3A2051%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22wunderkind.co%22%2C%22sid%22%3A%222051%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
097e00bfb3689960d4ed6b76b07bc4a00e13a518c82e67482fcc1b3c7501a12d

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNmU9pWuazlleSd1jw8AFP1fqYBFQHuTLUj8YTJtng7JYEs1XSV9DF8u9shKK9ZrrY27w90bR9kebSz9sZdBYSCIphiHOejT9hH0h4g58U39HhvOTfH11f8m2nMq6wAO43G9TaqfNrw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc7ac08654004-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
0
cygnus
as-sec.casalemedia.com/ 		40 B
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?v=8.8&cb=1682815715150&s=179705&r=%7B%22id%22%3A%221682815715%22%2C%22imp%22%3A%5B%7B%22id%22%3A%222%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A3%2C%22maxduration%22%3A150%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22startdelay%22%3A0%2C%22placement%22%3A5%2C%22playbackmethod%22%3A%5B2%5D%2C%22w%22%3A880%2C%22h%22%3A495%7D%7D%5D%2C%22site%22%3A%7B%22mobile%22%3A0%2C%22page%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%3Fdeployment%3Doverlay%26device%3Ddesktop%26segments%3D%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%2C%22domain%22%3A%22www.chicagotribune.com%22%2C%22privacypolicy%22%3A1%2C%22publisher%22%3A%7B%22domain%22%3A%22www.chicagotribune.com%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%7D%2C%22ext%22%3A%7B%22data%22%3A%7B%22segment%22%3A%5B%5D%7D%7D%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36%22%2C%22ip%22%3A%22149.56.153.185%22%2C%22js%22%3A1%2C%22language%22%3A%22EN%22%7D%2C%22source%22%3A%7B%22pchain%22%3A%22869cff86d1c453c1%3A2051%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22wunderkind.co%22%2C%22sid%22%3A%222051%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D&fn=jsonp
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4896e0f15cc7fd2668c9419a6351400a0210d26bfa6b870ec8d75db28bd44ad0

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gbsg1eoO9KA3nbv28ILvmUdDE6sqOm%2By%2BtCSqJzsELjL%2BbhBmvvHoL0%2FxqrEVbFJlBfuT2sz67ZGx23jFsL1yUPePEtigVtZsD1kWq8%2BPcxa16LewVZxQPzckxswORBv7S%2B3Ge%2B9%2F%2FA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc7ac08694004-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
40
expires
0
cygnus
as-sec.casalemedia.com/ 		53 B
339 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?v=7&cb=1682815715151&s=179705&r=%7B%22id%22%3A%221682815715%22%2C%22imp%22%3A%5B%7B%22id%22%3A%224%22%2C%22banner%22%3A%7B%22w%22%3A1920%2C%22h%22%3A480%7D%7D%2C%7B%22id%22%3A%225%22%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A250%7D%7D%5D%2C%22site%22%3A%7B%22mobile%22%3A0%2C%22page%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%3Fdeployment%3Dagilityzone%26device%3Ddesktop%26segments%3D%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%2C%22domain%22%3A%22www.chicagotribune.com%22%2C%22privacypolicy%22%3A1%2C%22publisher%22%3A%7B%22domain%22%3A%22www.chicagotribune.com%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%7D%2C%22ext%22%3A%7B%22data%22%3A%7B%22segment%22%3A%5B%5D%7D%7D%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36%22%2C%22ip%22%3A%22149.56.153.185%22%2C%22js%22%3A1%2C%22language%22%3A%22EN%22%7D%2C%22source%22%3A%7B%22pchain%22%3A%22869cff86d1c453c1%3A2051%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22wunderkind.co%22%2C%22sid%22%3A%222051%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
097e00bfb3689960d4ed6b76b07bc4a00e13a518c82e67482fcc1b3c7501a12d

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5fuJ0xuDD5pD%2F%2BFIMhdBkCobNVkCppOChtl2NAH8oidKnH51DnnUQmrkxzvU%2BiAczpRDcbLNd50I2G8koTjlRByEkx%2FANan3PhDM5TxJ%2BbAi7eP4lemjy9AtTM2FQy69jjSaruyyf0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc7ac086a4004-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
0
cygnus
as-sec.casalemedia.com/ 		40 B
316 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?v=8.8&cb=1682815715152&s=179705&r=%7B%22id%22%3A%221682815715%22%2C%22imp%22%3A%5B%7B%22id%22%3A%226%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A3%2C%22maxduration%22%3A150%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22startdelay%22%3A0%2C%22placement%22%3A4%2C%22playbackmethod%22%3A%5B2%5D%2C%22w%22%3A880%2C%22h%22%3A495%7D%7D%5D%2C%22site%22%3A%7B%22mobile%22%3A0%2C%22page%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%3Fdeployment%3Dagilityzone%26device%3Ddesktop%26segments%3D%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%2C%22domain%22%3A%22www.chicagotribune.com%22%2C%22privacypolicy%22%3A1%2C%22publisher%22%3A%7B%22domain%22%3A%22www.chicagotribune.com%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%7D%2C%22ext%22%3A%7B%22data%22%3A%7B%22segment%22%3A%5B%5D%7D%7D%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36%22%2C%22ip%22%3A%22149.56.153.185%22%2C%22js%22%3A1%2C%22language%22%3A%22EN%22%7D%2C%22source%22%3A%7B%22pchain%22%3A%22869cff86d1c453c1%3A2051%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22wunderkind.co%22%2C%22sid%22%3A%222051%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D&fn=jsonp
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4896e0f15cc7fd2668c9419a6351400a0210d26bfa6b870ec8d75db28bd44ad0

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KlYqSEHJ7miJKWQ7QhkmR3srW5XP%2BH3hqP4o1D7F6Ab05qwY%2FVC4ixMwuX2ZlnQFU3Z7e4pNLHZ0QP9P5SRZzcS680IQIcbmOeFDIAmoP7%2FMcAp6vup0nhVgplhGUnTp6Mb5Ms2Ras8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc7ac086d4004-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
40
expires
0
cygnus
as-sec.casalemedia.com/ 		53 B
353 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?v=7&cb=1682815715153&s=179705&r=%7B%22id%22%3A%221682815715%22%2C%22imp%22%3A%5B%7B%22id%22%3A%227%22%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A550%7D%7D%2C%7B%22id%22%3A%229%22%2C%22banner%22%3A%7B%22w%22%3A900%2C%22h%22%3A600%7D%7D%5D%2C%22site%22%3A%7B%22mobile%22%3A0%2C%22page%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%3Fdeployment%3Dagilityzone%26device%3Ddesktop%26segments%3D%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%2C%22domain%22%3A%22www.chicagotribune.com%22%2C%22privacypolicy%22%3A1%2C%22publisher%22%3A%7B%22domain%22%3A%22www.chicagotribune.com%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%7D%2C%22ext%22%3A%7B%22data%22%3A%7B%22segment%22%3A%5B%5D%7D%7D%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36%22%2C%22ip%22%3A%22149.56.153.185%22%2C%22js%22%3A1%2C%22language%22%3A%22EN%22%7D%2C%22source%22%3A%7B%22pchain%22%3A%22869cff86d1c453c1%3A2051%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22wunderkind.co%22%2C%22sid%22%3A%222051%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
097e00bfb3689960d4ed6b76b07bc4a00e13a518c82e67482fcc1b3c7501a12d

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IV4TQ1ppwr3yRyZpr6yaOj3%2FZzDseA2UE%2BkVKjj6Um4ciY6egfeUia%2FwrBuiVv0ccz2Oa2%2B5iprd8WAhnPnUNEmol2z7RxeuFWgDFRWa%2Fl2gZU1MpZ6CxDQ073HmHNM%2Boh%2B8D%2BnXrXY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc7ac18754004-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
0
cygnus
as-sec.casalemedia.com/ 		40 B
585 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://as-sec.casalemedia.com/cygnus?v=8.8&cb=1682815715154&s=179705&r=%7B%22id%22%3A%221682815715%22%2C%22imp%22%3A%5B%7B%22id%22%3A%228%22%2C%22video%22%3A%7B%22mimes%22%3A%5B%22video%2Fmp4%22%2C%22application%2Fjavascript%22%5D%2C%22minduration%22%3A3%2C%22maxduration%22%3A150%2C%22protocols%22%3A%5B2%2C3%2C5%2C6%5D%2C%22linearity%22%3A1%2C%22api%22%3A%5B1%2C2%5D%2C%22startdelay%22%3A0%2C%22placement%22%3A4%2C%22playbackmethod%22%3A%5B2%5D%2C%22w%22%3A880%2C%22h%22%3A495%7D%7D%5D%2C%22site%22%3A%7B%22mobile%22%3A0%2C%22page%22%3A%22https%3A%2F%2Fwww.chicagotribune.com%2Fbusiness%2Fct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%3Fdeployment%3Dagilityzone%26device%3Ddesktop%26segments%3D%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%2C%22domain%22%3A%22www.chicagotribune.com%22%2C%22privacypolicy%22%3A1%2C%22publisher%22%3A%7B%22domain%22%3A%22www.chicagotribune.com%22%2C%22name%22%3A%22Tribune%20%7C%20Chicago%20Tribune%22%7D%2C%22ext%22%3A%7B%22data%22%3A%7B%22segment%22%3A%5B%5D%7D%7D%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F112.0.5615.121%20Safari%2F537.36%22%2C%22ip%22%3A%22149.56.153.185%22%2C%22js%22%3A1%2C%22language%22%3A%22EN%22%7D%2C%22source%22%3A%7B%22pchain%22%3A%22869cff86d1c453c1%3A2051%22%2C%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22wunderkind.co%22%2C%22sid%22%3A%222051%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22us_privacy%22%3A%221---%22%7D%7D%7D&fn=jsonp
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.24.185 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4896e0f15cc7fd2668c9419a6351400a0210d26bfa6b870ec8d75db28bd44ad0

Request headers

Accept
text/plain, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FRvS9AlOGt8zrMvqNrnhphPlWW8dgEmq8NP7g%2FNEPb%2B%2B1GgAkVDGVrWMsCMThaM2myzWu%2BTTrcAO7HJKZ%2FKevpx8Etgs8sRiNhN2%2F%2B75m7JH90YgbxjsDaE4MjgW2wejCCVhjo9Izew%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
7bfbc7ac18784004-YYZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
40
expires
0
translator
hbopenbid.pubmatic.com/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:35 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:34 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:35 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:35 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:35 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/ 		0
65 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.36.115.111 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

access-control-allow-origin
https://www.chicagotribune.com
date
Sun, 30 Apr 2023 00:48:34 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
ad_page
ssp.behave.com/ 		20 B
335 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ssp.behave.com/ad_page
Requested by
Host: assets.bounceexchange.com
URL: https://assets.bounceexchange.com/assets/bounce/jquery-3.5.1.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.207.10.239 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
239.10.207.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e7916e26498bf49c4bfc2a1b8351b43cbe67a2965d3fb0046eb438cd7d139a21

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.chicagotribune.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

Date
Sun, 30 Apr 2023 00:48:35 GMT
Server
nginx
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://www.chicagotribune.com
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
20
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8wBGBbAZKSswH0DOAlhDDgQCbwBMArAIwBsA7AAxpgwCOArjHhDhAIpeEECmDwGADkpTa1RvIas8Aey5gAxjHggyeNHhgBzYVH7k88NJrGgCxqOXgBOWQGZa7tCGMxz8ABWBiiqZDqsAO4wSITEzpTMdGgAbgRxztKy8orM7vS0LvRSaOFp2s4ALIz0lJRFjAr17u7MjIyVlBi+MGkwkZmGnDxQFRT0NgA2BP4QgsJ8dpLF2QryNC5TM+YgwAQpcISqUPCixt5lBNrwZIaqAGYWFJQACowA1njMAKIASgBaAGFKhAALIAQV+ACFmAQAJ4Qf4cADSUm+wAMAAtwGRSM83p9mAAZOEADwAKgA1cEAeS4kwAiuSpFxwcYAJruX6TEAAVSAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
3
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8wBGBbAZKSswH0DOAlhDDgQCbwBMArAIwBsA7AAxpgwCOArjHhDhAIpeEECmDwGADkpTa1RvPmM0eAPZcwAYxjwQZPKpgBzYVH7k88NFrGgCxqOXgBOWQGZatNCGMxz8ABWhihqZLqsAO4wSITEzpTMdGgAbgRxztKyyrTM7vS0LvRSaOFpOs4ALIz0lJRFjAr17u7MjIyVlBi+MGkwkZlG3P4VFCpaADYE-hCCwnx2ksXZCvKUtTZTMyDABClwhGpQ8KLG7qW9BDrwZKpqAGYWFJQACowA1njMAKIASgBaAGFKhAALIAQV+ACFmAQAJ4Qf4cADSUm+wEMAAtwGRSM83p9mAAZOEADwAKgA1cEAeS4EwAiuSpFxwcYAJruX4TEAAVSAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8BLKATGAPAZKSswH0BnRCGfRFeARgHYBOGgBgFZMwYBHAVxkInwiIAtrwgghwagDYAHACYZVZjSVKALJkIB7LmADGMeCBSFNMAOYio-CoXiY940InNQK1WjRkBmGZhDmMNbwAFamQlpo8IyYAO4wAEbEpO5yLFSYAG6Iye5UsgpKKozeUlR0spho2QbuajRScnIVNMrN3t6MNDRqctgBMNkwsXlm3EG1lH56ADaIQRCCInxO0vKKykpyNN4OcwsgwIiZcMRaUPBi5rvViAbwKJpaAGY2lHIACjQA1oSMAKIAJQAWgBhNQQACyAEFAQAhRiIACeEGBHAA0jJ-sBTAALcAocjvL6-RgAGSR6AAKgA1aEAeS4MwAilSZFxoeYAJreQEzEAAVSAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8wBGBbAZKSswH0DOAlhDDgQCbwBMArAIwBsA7AAxpgwCOArjHhDhAIpeEECmDwGADkpTa1RvPn00eAPZcwAYxjwQZPKpgBzYVH7k88NFrGgCxqOXgBOWQGZatNCGMxz8ABWhihqZLqsAO4wSITEzpTMdGgAbgRxztKy8orM7vS0LvRSaOFpOs4ALIz0lJRFjAr17u7MjIyVlBi+MGkwkZlG3P4VFC42ADYE-hCCwnx2ksXZCvKUjZPT5iDABClwhGpQ8KLG7qW9BDrwZKpqAGYWFJQACowA1njMAKIASgBaAGFKhAALIAQV+ACFmAQAJ4Qf4cADSUm+wEMAAtwGRSM83p9mAAZOEADwAKgA1cEAeS4EwAiuSpFxwcYAJruX4TEAAVSAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8wBGBbAZKSswH0DOAlhDDgQCbwBMArAIwBsA7AAxpgwCOArjHhDhAIpeEECmDwGADkpTa1RvIa00eAPZcwAYxjwQZPKpgBzYVH7k88NFrGgCxqOUm1GjKQGYpaEMZjn4ACtDFDUyXVYAdxgkQmJnSmY6NAA3AjjnaVl5RWYPeloATnpvcLSdZwAWRnpKSmLGBXqPD2Y3SsoMXxg0mEjMo25-CopaVi0AGwJ-CEFhPjtJEuyFeUoamymZkGACFLhCNSh4UWMPNDKCHXgyVTUAMwsKSgAFRgBrPGYAUQAlAC0AMKVCAAWQAgr8AELMAgATwg-w4AGkpN9gIYABbgMikZ5vT7MAAycIAHgAVABq4IA8lwJgBFclSLjg4wATQ8vwmIAAqkA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
55
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8BLKATGAPAZKSswH0BnRCGfRFeARgHYBOGgBgFZMwYBHAVxkInwiIAtrwgghwagDYAHACYZVZjSVLGmQgHsuYAMYx4IFIQ0wA5iKj8KheJl3jQiM1Arw6CgMxUqmEGZgreAArEyFNNHh1AHcYACNiUjc5Fl8AN0REtypZBSUVRk8pKjpZTDQM-TcAFhopOTlSmmVGz09GGhpquWx-GAyYaOzTbkCqyh97ABtEQIhBET5HaXlFZSU5Ghlp2asQYEQ0uGJNKHgxM09y-sR9eBQNTQAza0o5AAUaAGtCRgBRABKAC0AMLVCAAWQAggCAEKMRAATwgQI4AGkZH9gCYABbgFDkN6fH6MAAyiPQABUAGpQgDyXCmAEVKTIuFCzABNTwAqYgACqQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8BLKATGAPAZKSswH0BnRCGfRFeARgHYBOGgBgFZMwYBHAVxkInwiIAtrwgghwagDYAHACYZVZjSVUALHUyEA9lzABjGPBApCWmAHMRUfhULxM+8aEQWoFeHQUBmKlUwgFjA28ABWZkLaaPCMmADuMABGxKQeciz+AG6IKR5UsgpKKozeUlR0spho2YYeajRScnIVNMrN3t6MNDRqctiBMNkwcXnm3MG1lFR9+gA2iMEQgiJ8ztLyispKCrFzCzYgwIiZcMTaUPBiFt5Vg4iG8Cha2gBmtpRyAAo0ANaEjABRABKAC0AMJqCAAWQAgkCAEKMRAATwgII4AGkZADgGYABbgFDkD7fP6MAAyyPQABUAGowgDyXFmAEVqTIuDCLABNbxA2YgACqQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8wBGBbAZKSswH0DOAlhDDgQCbwBMArAIwBsA7AAxpgwCOArjHhDhAIpeEECmDwGADkpTa1RvPkBONHgD2XMAGMY8EGTxqYAc2FR+5PPDTaxoAiajl4y2QGZa7tCBMwL8ABWRijqZHqsAO4wSITELpTMdGgAbgRxLtKy8orM7vS0yvRSaOFpui4ALIz0lJRFjAr17u7MjIyVlBi+MGkwkZnG3P4VFF62ADYE-hCCwnz2ksXZCvKyXdpTMyDABClwhOpQ8KIm3mUEuvBkauoAZpYUlAAKjADWeMwAogBKAFoAYUqEAAsgBBH4AIWYBAAnhA-hwANJSL7AIwAC3AZFIT1eH2YABlYQAPAAqADUwQB5LgTACKZKkXDBJgAmu4fhMQABVIA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8BLKATGAPAZKSswH0BnRCGfRFeARgHYBOGgBgFZMwYBHAVxkInwiIAtrwgghwagDYAHACYZVZjSVK5mQgHsuYAMYx4IFIQ0wA5iKj8KheJl3jQiM1Arw6CgMxVPmEGZgreAArEyFNNHhGTAB3GAAjYlI3ORYqTAA3RCS3KlkFJRVGTykqOllMNCz9NwAWGik5OXKaZWbPT0YaGlr1UACsmBjc025AmsoqWvsAG0RAiEERPkdpeUVlNRlp3TmFkGBEDLhiTSh4MTNfKsR9eBQNTQAza0o5AAUaAGtCRgBRABKAC0AMK1CAAWQAggCAEKMRAATwgQI4AGkZH9gCYABbgFDkN6fH6MAAyiPQABUAGpQgDyXBmAEVKTIuFCzABNTwAmYgACqQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8BLKATGAPAZKSswH0BnRCGfRFeARgHYBOGgBgFZMwYBHAVxkInwiIAtrwgghwagDYAHACYZVZjSVKAzJkIB7LmADGMeCBSFNMAOYio-CoXiY940InNQK1WjRlqZmEOZhreAArUyEtNHhGTAB3GAAjYlJ3ORYqTAA3RCT3KlkFJRVGNSkqOllMNCyDdwAWGik5OXKaZWa1NUYaGlq5bH8YLJgY3LNuQJrKJQcAG0RAiEERPidpeUVlJQUpWfnrEGBEDLhiLSh4MXMNKsQDeBRNLQAzG0o5AAUaAGtCRgBRABKAC0AMK1CAAWQAggCAEKMRAATwgQI4AGkZH9gKYABbgFDkN6fH6MAAyiPQABUAGpQgDyXBmAEVKTIuFDzABNNQAmYgACqQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
1
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8BLKATGAPAZKSswH0BnRCGfRFeARgHYBOGgBgFZMwYBHAVxkInwiIAtrwgghwagDYAHACYZVZjSWrMhAPZcwAYxjwQKQupgBzEVH4VC8TDvGhEpqBXh0FAZiofMIUzEt4ACtjIQ00eEZMAHcYACNiUlc5FipMADdERNcqWQUlFUYPKSo6WUw0TL1XABYaKTk5MpplJo8PRhoaGrlsPxhMmGick24A6spcuwAbRACIQRE+B2l5RWUlBToZucsQYER0uGINKHgxUx9KxD14FHUNADMrSjkABRoAa0JGAFEAJQAWgBhGoQACyAEF-gAhRiIACeEEBHAA0jJfsBjAALcAocivD7fRgAGQR6AAKgA1SEAeS40wAihSZFxIaYAJoef7TEAAVSAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
0
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8wBGBbAZKSswH0DOAlhDDgQCbwBMArAIwBsA7AAxpgwCOArjHhDhAIpeEECmDwGADkpTa1RvIaU0eAPZcwAYxjwQZPKpgBzYVH7k88NFrGgCxqOUm1GjKQGYpaEMZjn4ACtDFDUyXVYAdxgkQmJnSmY6NAA3AjjnaVl5RWYPeloATnpvcLSdZwAWRnpKSmLGBXqPD2Y3SpVQPzSYSMyjbn8KilcbABsCfwhBYT47SRLshXkPRhUtCamQYAIUuEI1KHhRYw80MoIdeDJVNQAzCwpKAAVGAGs8ZgBRACUALQAwpUIABZACCPwAQswCABPCB-DgAaSkX2AhgAFuAyKQnq8PswADKwgAeABUAGpggDyXDGAEUyVIuGDjABNDw-MYgACqQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
4
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT
aq
capi.connatix.com/tr/ Frame BE67 		0
312 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://capi.connatix.com/tr/aq?v=263050&tier=2
Requested by
Host: cd.connatix.com
URL: https://cd.connatix.com/connatix.playspace.js?cid=38d5daa3-18ac-4ee1-a905-373c67622f25
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.33.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
multipart/form-data

Response headers

date
Sun, 30 Apr 2023 00:48:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
content-type
application/x-protobuf
access-control-allow-origin
https://www.chicagotribune.com
cache-control
no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
7bfbc7ad39c2a1f3-YYZ
access-control-allow-headers
x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
bid_empty
events.bouncex.net/track.gif/ 		42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://events.bouncex.net/track.gif/bid_empty?wklz=A4QwTgLgdgpmC8AjAzgdwGSkrMB9ZAlhDLgQCbwCMADAJwDs6YMAjgK4zIS4QEC2nCCD7AqANgAcAJgmUArPXmUxAFnTIA9mzABjGPBBlk6mAHMBUbuWTx0O4aAKmo5eLRkBmSpXQhTMS3gAK2M+DTJ9anRUGBQiGFcpajkfADcCQl4KZWlZBRoPMUpaSXQI9L1XFXoxKSkS+gV6jw9qenoVKUw-GHSYVFcfZFYOKErsiTsAGwIAiF4BLgdxXPlFORUJOWnZyxBgAlS4Qg0oeCFTDzLegj14MnUNADMrCikABXoAa2RqAFEAEoALQAwioIABZACCAIAQtQCABPCBAlgAaQkf2AxgAFuAyKQ3p8ftQADKIgAeABUAGpQgDybCmAEUqRI2FDTABNDwAqYgACqQA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.8.32 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
32.8.111.34.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.chicagotribune.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 30 Apr 2023 00:48:35 GMT
via
1.1 google
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
expires
Tue, 01 Jan 2001 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
img.connatix.com
URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg?crop=952:608,smart&width=952&height=608&format=jpeg&quality=60&fit=crop
Domain
img.connatix.com
URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/6908f692-d6b5-4546-b896-cd4bf8ccfbd0.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Domain
img.connatix.com
URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/9f29031c-147f-476a-861d-6a07c3925625.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Domain
img.connatix.com
URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/cf15158d-1df8-4a15-b0e3-04e2c6467cdb.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Domain
img.connatix.com
URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/574d88d8-30c6-4817-bcb0-4d7d7ddd9d76.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop
Domain
img.connatix.com
URL
https://img.connatix.com/pid-2628d265-2e02-4ab5-9092-d579a5ae32b7/395d9b0b-466f-4632-a0a8-2042879a8441/31ca8f47-17f5-4abf-ab79-958dca24e472.jpg?crop=952:536,smart&width=952&height=536&format=jpeg&quality=60&fit=crop

Verdicts & Comments Add Verdict or Comment

489 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| 31 object| 32 object| 33 object| 34 object| 35 object| 36 object| 37 object| 38 boolean| credentialless number| zphrSegmentsTime boolean| segmentsCalled function| adOfTypeLoaded object| dataLayer boolean| isIE object| confiant object| _sf_async_config function| trackNotificationEvents function| trackPermissionEvents function| promptAndSubscribeUser function| tagToUser function| registerVisit function| deleteUserTags object| BOOMR_mq string| BOOMR_API_key object| BOOMR object| buttons object| blueConicPreListeners function| BCClass object| blueConicClient object| _cb_shared function| OneSignal object| Fusion object| react object| React object| ReactDOM object| PropTypes object| StyledComponents object| regeneratorRuntime string| zeusAdUnitPath boolean| isSubscriber object| ntv boolean| ntvFired undefined| nQuery number| ntvLoadStart object| prdom object| onFocusEvents function| ntvjQueryInit function| ntvExtends function| ntvAppendStylesheet function| ntvAppendScript function| ntvGetElementViewability function| ntvArticleTracker function| ntvViewableImpressionTracker object| PostRelease object| ntvToutAds boolean| onFocus function| setupS2NApi object| _taboola object| trb function| admiral object| googletag object| htlbid boolean| htlbidLoaded object| pbjsChunk object| pbjs object| _pbjsGlobals function| HTLBIDLoader function| __uspapi object| apstag object| _cbm object| _rmxd object| bc_json916 function| zephrLoad function| determinePaywallInclusion function| createEvent object| zephrBrowser object| google_tag_manager object| google_tag_data number| __oneSignalSdkLoadCount string| GoogleAnalyticsObject function| ga object| sophi function| BOOMR_check_doc_domain object| ErrorStackParser object| UserTimingCompression object| script object| child object| TRC object| _tblConsole string| pm_pgtp undefined| msg object| _comscore function| 4dm1r11545242527 object| ggeac object| google_js_reporting_queue boolean| apstagLOADED object| _aps function| Osano function| __tcfapi object| litHtmlVersions object| registration object| JSUtil object| SWG object| pSUPERFLY_mab object| _cbq object| pSUPERFLY object| launchPad object| launchPadConfiguration object| node function| __launchpad function| _typeof object| PARSELY object| gaplugins object| gaGlobal object| gaData object| webpackChunksnowplow_tracker_javascript_new object| $OPHI_GN function| sophiTag string| sophiGlobalVariable object| Snowplow object| _mather object| _mg2q object| _matherq object| tid object| _ibConfig object| _tlImpressionBusLoader boolean| _tb_dis string| pm_ppy string| _pmep string| _pmep_geo string| _pmpmk boolean| _pmasync boolean| _pmoptimization boolean| _pmoptimizationmanipulation boolean| _pmhp boolean| _pmsb object| pmk object| pmglb object| pmfa object| pmad object| pmdebug_c object| _pmenv object| _pma undefined| _tb_d undefined| _tb_rand object| _pm_ecd string| _tb_vpx boolean| _tb_vautop function| _pmloadfile function| pmws_request_done function| _tb_getUrlParameter function| InteractionTypeImpl object| COMSCORE object| ns_p function| __trcCopyProps function| __trcFromError function| __trcClientTimestamp function| __trcLog function| __trcError function| __trcDebug function| __trcInfo function| __trcWarn function| __trcWarnUsingBeacon function| __trcDOMWalker function| __trcJSONify function| __trcUnJSONify function| __trcTrim function| __trcGetElementsByClass function| __trcToArray function| __trcObjectCreate function| PageManager function| addHashParam number| trc_debug_level string| trc_article_id boolean| plHookRanOnce object| TRCImpl undefined| google_measure_js_timing object| apscustom boolean| htlbidStarted object| Criteo object| SUBSCRIPTIONS boolean| creativeVendorLibraryLoaded function| $ object| _bcp function| RuleService function| BlueConicEngagement object| justDetectAdblock function| FormRuleService object| bcConnectionUtil function| BlueConicDataLayerUtil object| JSONPath function| md5 function| BlueConicMetaDataService object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id function| opt_getSlotById function| opt_insightsAvailable function| opt_setupRefresh undefined| timeout undefined| opt_dateObj undefined| opt_month undefined| opt_day undefined| opt_year undefined| opt_today undefined| opt_activeDates string| p1695910024 string| p1695910079 number| p1695910080 function| oAddDVTag_ function| oGetPageStats_ function| p1695910109 function| oGetSlotRenderedLineItemIdByDivId_ function| p1695910104 function| p1695910101 function| oDeleteHardcodeRefresh_ function| oRefreshHardcode_ function| p1695910098 function| p1695910081 function| p1695910077 function| p1695910134 function| p1695910075 function| p1695910087 function| p1695910084 function| p1695910082 function| p1695910058 function| p1695910063 function| p1695910049 function| p1695910048 function| p1695910046 function| p1695910039 function| oEnableNullChecklistener_ function| p1695910091 function| p1695910030 function| oPageUnload function| p1695909959 function| p1695909964 function| oSetDataParam function| p1695910083 number| p1695909949 string| p1695909950 object| p1695909951 object| p1695909952 boolean| p1695909953 number| p1695909955 number| p1695909956 object| p1695909977 string| p1695910019 number| p1695909960 object| p1695910027 string| p1695909995 string| p1695909996 object| p1695910033 number| p1695910034 boolean| p1695910038 number| p1695910040 boolean| p1695910042 boolean| p1695910092 boolean| p1695910067 boolean| p1695910094 boolean| oObserverChanges_ boolean| p1695910093 boolean| p1695910095 boolean| oAudienceListenerEnabled_ object| p1695910044 string| oDevice string| p1695910132 number| p1695910135 string| oParentHostname_ string| oParentPathname_ boolean| p1695910045 boolean| p1695910047 number| p1695910062 boolean| p1695910064 number| p1695910065 object| p1695910054 object| oAdSlots_ object| otkjs boolean| p1695910085 boolean| p1695910086 object| optimeraInsights string| p1695910096 object| oLoadedAdImpressionDivs_ object| oTrackSlots_ object| p1695910107 object| p1695910108 boolean| oEnableInfiniteScrollUrls_ boolean| p1695910103 object| p1695910106 object| p1695910110 boolean| oHasStnVideo_ object| p1695910133 boolean| oActivateK_ object| oRPMCids_ object| oRPMHosts_ string| oUniqueId_ string| p1695910004 function| p1695909957 string| p1695909958 boolean| p1695910026 boolean| p1695910006 object| p1695910005 number| p1695910008 undefined| p1695910112 undefined| p1695910113 object| opbjs object| oaudLibjs object| ovpjs number| p1695910007 object| Zephr number| BOOMR_configt function| setImmediate function| clearImmediate object| ID5 object| bc_json917 object| bc_json918 object| p1695910032 object| oDv number| p1695909961 object| prodKObj string| oUrl_ string| lock object| zephrOutcomes string| key string| testAndVariation object| zephrAccessDetails undefined| activeProducts undefined| activeProductLength undefined| activeProductCount undefined| leftEarOutcome undefined| rightEarOutcome undefined| accountFlyoutOutcome string| topicFlyoutOutcome string| subButtonOutcome undefined| regWallOutcome string| toasterOutcome function| readCookie function| cookieValue string| featureOutcome string| sophiRec string| toasterCookie string| toasterValue object| zephrTestGroups string| leftEarMetric string| rightEarMetric string| accountFlyoutMetric string| topicFlyoutMetric string| subButtonMetric string| regWallMetric string| toasterMetric object| zephrMeters object| zephrTrialTrackingDetails object| zephrCredits undefined| entitlementName undefined| entitlementId number| countIncremented undefined| entitlementObj undefined| num undefined| meterName undefined| remCred undefined| totCred undefined| creditName string| uType boolean| loggedIn string| ssorId number| oIndex4_ number| p1695909976 function| confiantDfpWrap object| tlJsonp7763 number| _tlTagsPending function| TBVideoElem function| TBVideoEvents function| TBOptimizationAutoPlayInfoFromXPathAndURL object| _pmk function| TBWidgetVideoPlayer function| TBGenericVideoModule function| TBOtherPlayer function| TBVideoMetaData function| TBVideo function| TBVideoDetectionYoutubeAPI function| TBOptimizationTouchAndClickEventTracker function| TBWidgetStorage object| PMFileLoader object| PMPage object| PMTemplate function| PMTracking function| PMUniversalGA function| PMMdotLabs function| PMComScore function| PMPublisher function| TBOptimization function| PMGlobal function| pmws_getlocation_done object| pmdebug object| pmws object| ii object| _pm_mcg boolean| _tb_vd_pg object| cnx_usr_storage object| cnxEnfStorage function| cnxsetTimeout function| cnxsetInterval object| cnxPlugins object| criteo_syncframe_state object| criteo_pubtag object| criteo_pubtag_prebid_132 object| Criteo_prebid_132 number| google_global_correlator object| closure_lm_467111 object| closure_lm_256806 number| taboola_view_id function| __jp0 number| BOOMR_onload object| GooglebQhCsO function| bx string| ssaUrl function| kwa object| sz object| f number| n string| surface string| ua function| fbq function| _fbq object| tbopt object| GoogleGcLKhOms object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.90.0 object| LI object| __li__evt_bus object| liQ object| liQ_instances object| bouncex string| nam object| list object| placementData object| GlobalSnowplowNamespace function| snowplowKW object| _qsie object| webpackChunksmart_tag object| cmTag object| bxgraph object| _cm_wfCounters function| reload_campaigns function| setBounceCookie function| getBounceCookie function| setBounceVisitCookie function| getBounceVisitCookie function| clearBounceCookie function| jQuery object| google_image_requests function| close_bouncex_ad function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray object| Criteo_135 function| cnxAddEventListener

208 Cookies

Domain/Path Name / Value
.taboola.com/tribunedigital-chicagotribune/ Name: taboola_session_id
Value: v2_3c613be4a0974a45390b808a21298a89_951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b_1682815707_1682815707_CNawjgYQrco9GNfUh_38MCABKAEwJjiJ6AdA6vUHSKfL2QNQ____________AVgAYABowPup8duG3vbwAXAB
.chicagotribune.com/news/trending Name: _lbz
Value: 0
r610.chicagotribune.com/DG/DEFAULT Name: BCSessionID
Value: 5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d
tribune.blueconic.net/DG/DEFAULT Name: BCSessionID
Value: 5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d
.chicagotribune.com/business Name: _lbz
Value: 0
www.chicagotribune.com/business Name: GoogleAdServingTest
Value: Good
.3lift.com/sync Name: sync
Value: CgoIoQEQ0daH_fwwCgoIkQIQ0daH_fwwCgoI4gEQ0daH_fwwCgoI5gEQ0daH_fwwCgoIhwIQ0daH_fwwCgkICRDR1of9_DAKCQg6EIzLh_38MAoJCAsQ0daH_fwwCgoIjAIQ0daH_fwwCgkIXxDR1of9_DAKCQgfENHWh_38MA==
.chicagotribune.com/ Name: _lb
Value: 1
.chicagotribune.com/ Name: AKA_A2
Value: A
.onesignal.com/ Name: __cf_bm
Value: dgwOe64heIUzKmDv_XapaU.oweQfLHmDAcEj3hMSHfU-1682815701-0-Ab9XPauYjQcclmhsx3osa9NzIHGWeMR2/uoAAwPWl2RRvPqYPo6Tv6du0ou8FOPCqH3nsrimPS+DZokdLV3IJpU=
cdn.taboola.com/ Name: abLdr
Value: 31
.postrelease.com/ Name: visitor
Value: 47525f9c-54b0-458e-af61-4b38ddaff685
.postrelease.com/ Name: status
Value: 0
www.chicagotribune.com/ Name: ntvSession
Value: {"id":7493426,"placementID":1109722,"lastInteraction":1682815702028,"sessionStart":1682815702028,"sessionEndDate":1682899200000,"experiment":""}
www.chicagotribune.com/ Name: _ntv_uid
Value: 47525f9c-54b0-458e-af61-4b38ddaff685
.postrelease.com/ Name: ver
Value: 1
.scorecardresearch.com/ Name: UID
Value: 17026196c8de75f07fb2feb1682815702
.chicagotribune.com/ Name: _cb
Value: DOtafEC2mPPPDSXTME
.chicagotribune.com/ Name: _chartbeat2
Value: .1682815702390.1682815702390.1.XjGQmtSqGKVDm6kDV8RgJBp5Kxc.1
.chicagotribune.com/ Name: _cb_svref
Value: null
.chicagotribune.com/ Name: _parsely_session
Value: {%22sid%22:1%2C%22surl%22:%22https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html%22%2C%22sref%22:%22%22%2C%22sts%22:1682815702436%2C%22slts%22:0}
.chicagotribune.com/ Name: _parsely_visitor
Value: {%22id%22:%22pid=0c848a4ff8250762a92761ae1b25b3d5%22%2C%22session_count%22:1%2C%22last_session_ts%22:1682815702436}
.chicagotribune.com/ Name: _ga
Value: GA1.2.521293715.1682815702
.chicagotribune.com/ Name: _gid
Value: GA1.2.55024982.1682815702
.chicagotribune.com/ Name: _gat_UA-6459251-3
Value: 1
.chicagotribune.com/ Name: sophiTagses.f6cf
Value: *
.chicagotribune.com/ Name: _sp_duid
Value: 0e2ed83d-76f4-412d-adaa-9a8804a2d95a
.chicagotribune.com/ Name: _ml_ses
Value: *
.chicagotribune.com/ Name: _matheriSegs
Value: MATHER_U9_FIRSTTIMEMET2_20191016
.chicagotribune.com/ Name: _matherSegments
Value: MATHER_U9_FIRSTTIMEMET2_20191016
www.chicagotribune.com/ Name: BCSessionID
Value: 5a0aea96-d4b6-4a1d-82b1-9d76c0035f0d
.chicagotribune.com/ Name: c_mId
Value:
.chicagotribune.com/ Name: c_PUID
Value:
zephr.chicagotribune.com/ Name: blaize_session
Value: 42c5f7c8-d8a2-4006-b85e-f30f6f00ff11
zephr.chicagotribune.com/ Name: blaize_tracking_id
Value: 4b452301-7e73-455c-bae5-ddefc7372426
tribune.blueconic.net/ Name: AWSALBCORS
Value: xV8YEerxLZuUv7psmYASOXHIqkHTqdV88vUVRfnxZ8/rzlNUu7AUW4SgPmps6Kgn1H5xu4q+78hQ7ppqXVxO0ZfRuu7UBMW5btJqEimyvXK0VugqAf6vAOZiXOIu
.rubiconproject.com/ Name: khaos
Value: LH2P0QKU-2-6DRE
.chicagotribune.com/ Name: _awl
Value: 2.1682815703.5-24c70d57f6e92e63119f4a22578a52ad-6763652d75732d6561737431-0
zephr.chicagotribune.com/ Name: AWSALBTG
Value: CrLdkhVHjb9TVqr1G3EZOP9sCBM7f5zaflJb783ZBu9Zp6ujH0ntwsGKnHKsxx+NQpsCPSBEReb2tty7yK9DaZ+YUDHt7nLLImng90u6zFbORbD3JoPQnA3oSr7WuUGUQ2BvwyygKgMMU8q4IDqv5H/hO+JPgjVS1zW7tMR3cM9rJ9U0ajM=
zephr.chicagotribune.com/ Name: AWSALBTGCORS
Value: CrLdkhVHjb9TVqr1G3EZOP9sCBM7f5zaflJb783ZBu9Zp6ujH0ntwsGKnHKsxx+NQpsCPSBEReb2tty7yK9DaZ+YUDHt7nLLImng90u6zFbORbD3JoPQnA3oSr7WuUGUQ2BvwyygKgMMU8q4IDqv5H/hO+JPgjVS1zW7tMR3cM9rJ9U0ajM=
zephr.chicagotribune.com/ Name: AWSALB
Value: EF7lhPUTG499iD7xWWdAm5CRSupxsZqVQVWbN6DrKqouDj5qon0dZjrzrjOzvnqpOSBqMaggpQUgmYUkUKj652oN9togsPFXlR6ddmJ/2XHbLMXZVUtgURm32VcF
zephr.chicagotribune.com/ Name: AWSALBCORS
Value: EF7lhPUTG499iD7xWWdAm5CRSupxsZqVQVWbN6DrKqouDj5qon0dZjrzrjOzvnqpOSBqMaggpQUgmYUkUKj652oN9togsPFXlR6ddmJ/2XHbLMXZVUtgURm32VcF
.amazon-adsystem.com/ Name: ad-id
Value: AyRWrZOaF08sjpGmBP7_h8o
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.chicagotribune.com/ Name: _sp_flow.b979
Value: paywall
.chicagotribune.com/ Name: osano_consentmanager_uuid
Value: 7e91043d-8796-4a5b-b5e8-14bd3494d192
.chicagotribune.com/ Name: osano_consentmanager
Value: kpFX6R3mr5xoZBMivmReytYvCNQM0kxqRA7KKMt379nVxUJPw5I0wXnnpS47SuKxc6ohv7I8Bbj8grtWjORyQfIIYZhqCXYPvV8s4D-oOCvfthF62n3CxsRdgAx7l71IL1GtycIOWdjF3Y1y8LV96qmm_KQH0iD56b5AVBn-OZYMnKlyo4QnL6fren3ALtIIS1-s9zcPsMzumSFMAyTSFuF1Q3Rx_Okik4OndUxiVa0SUNhBoPuIug4sW1IifVZyJfnVE8ZFVk1QqtoDwU0UTHj8BsvUKCn-e9DCrYY-jHDVBvPnxmxdCc73p24u2mtgwurYciNk9bbexToz6b6MKWTKUMM3zsNOMfowv-mu09tm7A2sEzagVv4gMOZCNNUnXHeLRJSZ01ge2qQYJYHn9f_I2H4enlfrzOsBBtTY5my3bcKRHJT2rNArYGd_AWAu18JTZQ==
.doubleclick.net/ Name: IDE
Value: AHWqTUl_T9slk1zOBaDS9eSRH1FXpI8DSxTLfWA58qvPKqOGOlv1vfER9C0GKSLx2ZU
.smaato.net/ Name: SCM
Value: f963f79e
.smaato.net/ Name: SCMaps
Value: f963f79e
.media.net/ Name: visitor-id
Value: 3258173041455315000V10
.openx.net/ Name: i
Value: c421ad50-dce4-053f-2201-f91ea1360d7a|1682815704
r610.chicagotribune.com/ Name: AWSALB
Value: P4IjXSuSy8b3YF/lZRIUA69UFwhwpXCTvtWEZlhfUKXEEwJMYSVZf/3pF19NaHDc8GJncp+6PQqjpwmVDxn4QwNm4CyFanK/4A0UGIiaikIlQYlfcFy0DxrAlPV7
r610.chicagotribune.com/ Name: AWSALBCORS
Value: P4IjXSuSy8b3YF/lZRIUA69UFwhwpXCTvtWEZlhfUKXEEwJMYSVZf/3pF19NaHDc8GJncp+6PQqjpwmVDxn4QwNm4CyFanK/4A0UGIiaikIlQYlfcFy0DxrAlPV7
.openx.net/ Name: pd
Value: v2|1682815704|vMgavPkWgy
.dotomi.com/ Name: DotomiTest
Value: 5e8b0011fb480579
.smartadserver.com/ Name: pid
Value: 1377982266721079385
.3lift.com/ Name: tluid
Value: 2622586526323626602146
.sharethrough.com/ Name: stx_user_id
Value: 4cdf8cfa-855b-4551-bc8a-ef308856dc98
.yahoo.com/ Name: A3
Value: d=AQABBNi6TWQCED-O3lZ1SRYTWh-lupPVPP4FEgEBAQEMT2RXZAAAAAAA_eMAAA&S=AQAAAgbimtmzROOwClLHqzOI2RU
.adnxs.com/ Name: uuid2
Value: 2057375735473623847
.yieldmo.com/ Name: yieldmo_id
Value: g1a81a5dc82040b80225%7C1682815704956%7C0%7C
.ads.yieldmo.com/ Name: rptr
Value: rc%3D1169462%7Cunl%3D1169462%7Cc%3D1169462%7Ct%3D1169462%7Ctapad%3D1169462
.adsrvr.org/ Name: TDID
Value: da3ec3c1-341d-4e53-8cd4-3079e127dd0f
.yellowblue.io/ Name: wrvUserID
Value: MQBx5Setkp_s
.kargo.com/ Name: ktcid
Value: 5426357b-c265-03b6-5c3c-4e549f8421fe
.lijit.com/ Name: ljt_reader
Value: GkIQUPZHabnp4gzTSl6doTLN
.sitescout.com/ Name: ssi
Value: 429a518f-08f4-44f4-bb88-e3752138e3b8#1682815705060
.lijit.com/ Name: ljtrtbexp
Value: eJyrVrIwVrIyNLMwMTAyNTYw1VGyMEXjm6PyjdDUGxoh82sBl6AQOA%3D%3D
www.chicagotribune.com/ Name: cnx_player_reload
Value:
.analytics.yahoo.com/ Name: IDSYNC
Value: "18y3~2bdc:19c8~2bdc"
.connatix.com/ Name: cnx_userId
Value: 6d207b272f1046079e5d5b8b40620389
.casalemedia.com/ Name: CMID
Value: ZE262cpVGI6SOURNEZz7UQAA
.casalemedia.com/ Name: CMPS
Value: 3874
.casalemedia.com/ Name: CMPRO
Value: 3874
.openx.net/ Name: univ_id
Value: 537072971|da3ec3c1-341d-4e53-8cd4-3079e127dd0f|1682815705370668
.tapad.com/ Name: TapAd_TS
Value: 1682815705404
.tapad.com/ Name: TapAd_DID
Value: 85ac3fdf-dde4-43ea-8d6b-449833eed87d
www.chicagotribune.com/ Name: cnx_userId
Value: 6d207b272f1046079e5d5b8b40620389
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.ads.stickyadstv.com/ Name: UID
Value: f2a760e63e1ef2affb269349926758e
.go.sonobi.com/ Name: __uis
Value: 88c28147-94c7-4e7d-9a26-15053fd109c9
.ads.yieldmo.com/ Name: ptrt
Value: da3ec3c1-341d-4e53-8cd4-3079e127dd0f
.ads.yieldmo.com/ Name: ptrc
Value: CAESEA-I9OIVttMPknyavrrZscA
.pubmatic.com/ Name: KADUSERCOOKIE
Value: B644CC9D-6C6A-4346-8468-AAF707B6BA7C
.lijit.com/ Name: _ljtrtb_12
Value: 2057375735473623847
.bidswitch.net/ Name: tuuid
Value: a1dcee34-06ed-41fc-ab2a-7213bef84e56
.bidswitch.net/ Name: c
Value: 1682815705
.bidswitch.net/ Name: tuuid_lu
Value: 1682815705
match.sharethrough.com/ Name: AWSALBCORS
Value: LW5LQAWgOBUQ8kGyeEnMYNa59Zuv9N2AoqIQnYzB9NI1X6oXN0msJM08w6oO23J5/VZO8eLu15LfN4Lf97tyXr+ssnhE2uWZ3inxzgEHX0CwPP4WGUPmtxsPliur
.ads.yieldmo.com/ Name: ptrrc
Value: LH2P0QKU-2-6DRE
.mfadsrvr.com/ Name: tuuid
Value: 21de76f5-f82f-4771-9300-4712dea36918
.mfadsrvr.com/ Name: c
Value: 1682815705
.mfadsrvr.com/ Name: tuuid_lu
Value: 1682815705
.bidr.io/ Name: bito
Value: AAEPr07Im3YAACf-TdAY8g
.bidr.io/ Name: bitoIsSecure
Value: ok
.turn.com/ Name: uid
Value: 9012708831746626512
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!2880
.mookie1.com/ Name: id
Value: 10615336166152231890
.mookie1.com/ Name: mdata
Value: 1|10615336166152231890|1682815705928
.mookie1.com/ Name: ov
Value: d476d54d0b64a707a1e66b76a5df449a
.lijit.com/ Name: _ljtrtb_85
Value: AAEPr07Im3YAACf-TdAY8g
.lijit.com/ Name: _ljtrtb_87
Value: 21de76f5-f82f-4771-9300-4712dea36918
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005%22%2C%22nxtrdr%22%3Afalse%7D
.lijit.com/ Name: _ljtrtb_83
Value: LH2P0QKU-2-6DRE
.google.com/ Name: NID
Value: 511=Z_1pLl0AzENy76MYJdlLyTU5x3EDW8ZXn27w_0JEzLtxDjGvf6EqpPXlu4CoAFbQlNfsa88IbEKZiJaX0MS3Ef5E289MxuUt5JPkx-vSj0UgQSXSj0zPZedKr5KA1Dr3l9pL4MyqYxgPhiw9bTZSNJwX4r-uTzHyth0lSe0WxFY
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005%22%7D
.pubmatic.com/ Name: pi
Value: 162936:3
.ads.yieldmo.com/ Name: ptrunl
Value: RX-100320bb-d1bd-4c5b-abf4-bcc19e80b8e0-005
.linkedin.com/ Name: bcookie
Value: "v=2&421f3541-10cf-4eb4-82b0-4754a37502db"
.linkedin.com/ Name: lidc
Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2559:u=1:x=1:i=1682815706:t=1682902106:v=2:sig=AQF_JGluvLTXbBX65_R7sqO7coa1-UNy"
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-6e2f6c46-28b0-583d-4aef-12173050d3ad.lN%2FmJ6m7E8OxVFpdFXFSPdRE60zlviULh3kgKyNDU60
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3Abi9sRiiwWD1K7xIXMFDTrZU4mbk.JmK7gCoIztUKTPxZ2ycX8GUXe5O1g9cCvOxb7i16ns8
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3Abi9sRiiwWD1K7xIXMFDTrZU4mbk.JmK7gCoIztUKTPxZ2ycX8GUXe5O1g9cCvOxb7i16ns8
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 16514-CAESEBX7bZCPMczGH7PDFrP6jTI&KRTB&22987-CAESEBX7bZCPMczGH7PDFrP6jTI&KRTB&23025-CAESEBX7bZCPMczGH7PDFrP6jTI&KRTB&23386-CAESEBX7bZCPMczGH7PDFrP6jTI
.pubmatic.com/ Name: SyncRTB3
Value: 1684022400%3A220_21_13
.simpli.fi/ Name: suid
Value: 13B0F7F62BE143D5B1F3A679AEFAE476
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:13B0F7F62BE143D5B1F3A679AEFAE476
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 5
.chicagotribune.com/ Name: sophiTagid.f6cf
Value: 0e2ed83d-76f4-412d-adaa-9a8804a2d95a.1682815702.1.1682815708.1682815702.62afcb0f-6b7d-4ed1-9a17-dde4473e0cbe
.media.net/ Name: data-ris
Value: {{APID}}~~25
.www.chicagotribune.com/ Name: RT
Value: "z=1&dm=www.chicagotribune.com&si=b8159918-4c77-42d8-8531-95208f23e85f&ss=lh2p0os7&sl=1&tt=5p7&rl=1&ld=5pa"
.criteo.com/ Name: uid
Value: 0e60229e-926f-4cde-b7af-ad91bdf1b7a9
.sitescout.com/ Name: _ssuma
Value: eyIzNCI6MTY4MjgxNTcwODEwOCwiMiI6MTY4MjgxNTcwODEwOCwiNCI6MTY4MjgxNTcwODEwOCwiMzkiOjE2ODI4MTU3MDgxMDgsIjciOjE2ODI4MTU3MDgxMDgsIjQxIjoxNjgyODE1NzA1MzMwfQ
.adnxs.com/ Name: anj
Value: dTM7k!M4/YDunaTF']wIg2GVJu#PbV!]tbP6j2F-.aDE7BAf@@gkN$PfSN+RjF$pifSsd]gkrqHi+<[=hM_tpkLd?p*g0D(U.DY4
.adnxs.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyJ0cmlwbGVsaWZ0X25hdGl2ZSI6eyJ1aWQiOiIyNjIyNTg2NTI2MzIzNjI2NjAyMTQ2IiwiZXhwaXJlcyI6IjIwMjMtMDctMjlUMDA6NDg6MjhaIn19LCJiaXJ0aGRheSI6IjIwMjMtMDQtMzBUMDA6NDg6MjhaIn0=
.zemanta.com/ Name: zuid
Value: XOqUeEAtuZ0MzgQqZr29
.bing.com/ Name: MUID
Value: 32A09F68DBCE6EC413078C6BDAF56F0B
.c.bing.com/ Name: MR
Value: 0
.chicagotribune.com/ Name: _li_dcdm_c
Value: .chicagotribune.com
.chicagotribune.com/ Name: _lc2_fpi
Value: 91e8d2e1fb6c--01gz7t3v3vvr1shhk591m5hknf
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 55b3a72777f0ca6d3dd5f8d12674158b
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQMDVNMk40NzI3N08zSE40SzFOSTFNs0gxNDIzNzE0tUhiAIIU3113QDQUAABWyQsA"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBI8d11B0hBAQAbnwJI"
.taboola.com/ Name: t_gid
Value: 951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
.exelator.com/ Name: EE
Value: "c358ec880c25dda7d8d7b27d92b509f4"
.chicagotribune.com/ Name: cto_bundle
Value: pCfT1F9PRHY3ZGx0TnVsS1ZramZ4akJpTCUyQnp1RnAzUk1weEoxdFJxcDFZTXRoNm5SNDhZNXBMZ3Zaelk3aWQ0blZ6V0xQSkxnQ2lrJTJCZjdsZExQZ2dqQ0FpdVJSV2dUb2o2cnYlMkY1clJTVmZDd1V4UldlSXlDMGFKN1UlMkJNYXdyVFg4aTNueG1obmNmU1A1Zno3b2tqVFBVdDZtSWk2dFhiTE5YeXdwdGFjN3glMkYlMkJ5cVklM0Q
www.chicagotribune.com/ Name: trc_cookie_storage
Value: taboola%2520global%253Auser-id%3D951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
.creative-serving.com/ Name: tuuid
Value: b675a3f7-4c92-4683-8d39-1d5f7770a480
.creative-serving.com/ Name: c
Value: 1682815708
.creative-serving.com/ Name: tuuid_lu
Value: 1682815708
.teads.tv/ Name: tt_viewer
Value: d6380102-bda0-41f6-9995-0e5c98bbc344
.bluekai.com/ Name: bku
Value: ikG99B0bEVH2Htzi
.bluekai.com/ Name: bkpa
Value: KJyWyWZu3M9R9meEhvUecdBXFqYbMJ9OW0Y9WgJeuBZDx0FexAd4ltnGHgX9FBgXdIfSgDNKHhdrhLA+2K5iU3bcgN7Ftbf4dGpMz6OTCT9CRm4PXcT6XTIdNTIh7MKd5yHLs7ydFOXB97SIE48S5yCRD22r8f38/Z9/LhqC/vRQ8eGGCnE8wb4tUB39T0eueFqgY34h6PoePvEBooxRJ83DdJY3DWKZ1acODo3PokvJJ7AOJ1CMPFcvvHtpxLiGWe3gHJCsJ7HkZE+vr/H9SXoEYZUrvaaDtwNJ1U7SVDAmyYZlHy5jyZ/HbLpBnrtpl0fdOQYWMPqP
.liadm.com/ Name: lidid
Value: 5715a485-9b94-449d-9d33-927f69d3a4c2
.demdex.net/ Name: demdex
Value: 15112291205056600042127035863464330753
.chicagotribune.com/ Name: kw.session_ts
Value: 1682815708694
.chicagotribune.com/ Name: kw.pv_session
Value: 1
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQSHZ2NQiNdnCwiDZyDQlJdE8xSLFPMnIPMXSKMnUwDLNZHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQaEl%252BUWb6ImfHxUUpaQyLSopPBR9%252BfhEAulcrRw%253D%253D"
.chicagotribune.com/ Name: __li_idex_cache_e30
Value: {%22unifiedId%22:%22HvDKNjLknw049uX5EqHd8kb4q9ubcPteS6F8SA%22}
.dpm.demdex.net/ Name: dpm
Value: 15112291205056600042127035863464330753
.chicagotribune.com/ Name: _sp_ses.b979
Value: *
.chicagotribune.com/ Name: _sp_id.b979
Value: 5d25c2b0-6049-45f0-aa86-718ca54aa4af.1682815709.1.1682815709.1682815709.24e58466-f1da-4f91-a802-ab140e7fbadb
www.chicagotribune.com/ Name: flipp-uid
Value: 583ab674-6fe5-494f-a817-3590f54b5a1e
.rlcdn.com/ Name: pxrc
Value: CNn1tqIGEgUI6AcQABIFCOhHEAQ=
.p.flipp.com/ Name: gid
Value: "3BI29QAAcvH9qXnBAKFZcA=="
.pippio.com/ Name: did
Value: j97pNCfZC9tzzJ81
.pippio.com/ Name: didts
Value: 1682815709
.pippio.com/ Name: nnls
Value:
.cdnwidget.com/ Name: __3idcontext
Value: {"cookieID":"2P7ks0LyxTVAOulQT8uAgY3RlaU","deviceID":"2P7ks0ERZC4tMARB0iytZqK8Eps","iv":"","v":""}
.cdnwidget.com/ Name: __adcontext
Value: {"cookieID":"2P7ks0LyxTVAOulQT8uAgY3RlaU","deviceID":"2P7ks0ERZC4tMARB0iytZqK8Eps","iv":"","v":""}
.chicagotribune.com/ Name: __idcontext
Value: eyJjb29raWVJRCI6IjJQN2tzMEx5eFRWQU91bFFUOHVBZ1kzUmxhVSIsImRldmljZUlEIjoiMlA3a3MwRVJaQzR0TUFSQjBpeXRacUs4RXBzIiwiaXYiOiIiLCJ2IjoiIn0%3D
.pippio.com/ Name: pxrc
Value: CN71tqIGEgQIAhAAEgYI7OsBEAA=
.linksynergy.com/ Name: rmuid
Value: 31b85c5a-f9d3-40bf-a2d8-6efacc430c36
.linksynergy.com/ Name: icts
Value: 2023-04-30T00:48:30Z
.rlcdn.com/ Name: rlas3
Value: a5ovUjdvDv8vQMMD9//cNb0rYNnh4tmimTpfNl4D7eg=
.bounceexchange.com/ Name: bounceClientVisit2051c
Value: %7B%22vid%22%3A1682815710361968%2C%22did%22%3A%224762296757293307742%22%7D
.rubiconproject.com/ Name: audit
Value: 1|clb2f5t+FPqxpps9t7PFGe1WuCoMxA8a+JUixCbOKdpLfYM1RPAn/KKXn65+3wrgAvfX41gJqJXg/ajqo5sELLsyV++To7Vc4HEYI5ehIrXOs1hOtGWC16Zr5ZVxLWDe
.mfadsrvr.com/ Name: ssh
Value: !taboola,1682815710!sovrn,1682815705
.chicagotribune.com/ Name: bounceClientVisit2051v
Value: N4IgNgDiBcIBYBcEQM4FIDMBBNAmAYnvgO6kB0AxnAJYUCGA5gPYIBO1ARgK4B2AppSYBbItxTV+KdAQoIAtB2oAvOSiZg6rYhIAmcpuyY85FAJ4c+rFHwpd2CU3Lh0KAawkMTHObgAMfgEZcAIBWOQBHCgYAFlclBgAPADYANwYOGj44YlMGOC4UOGiQoVUEA1MyRCEwEAAaEFYYEHqQahQAfWYO6ylqIxgAMzowawb2rogevj6B6GHRvgbrBhgAbQBdAF8gA
.lijit.com/ Name: ljtrtb
Value: eJwVjLsKAjEQRf9lagfmkWRm7YIuKFqsosWWQjZb2djK%2FvsmxYXDOXD%2FwAJHEIqm1haDaRL1YHAA15buF5nocXujYDo%2Fx65j0zmP04%2Fs%2BtU551PFV8mzr71a%2F%2BOyWKoRq0vFYMY4KFEjlrJ8NA3ssO3qxx0m
.lijit.com/ Name: _ljtrtb_42
Value: 951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
.contextweb.com/ Name: V
Value: zkIIhZdXULsi
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1kb7|5Ql.0.951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 455cd4cead735a6c
ssp.behave.com/ Name: tuuid
Value: e480b84f-d43c-4c0c-b758-a914e821cf31
ssp.behave.com/ Name: c
Value: 1682815710
ssp.behave.com/ Name: tuuid_lu
Value: 1682815710
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-a1dcee34-06ed-41fc-ab2a-7213bef84e56
.pubmatic.com/ Name: PugT
Value: 1682815710
.mathtag.com/ Name: uuid
Value: 9e4d644d-bade-4000-a5ba-c59d1cfc5859
.adscale.de/ Name: uu
Value: d869b54ccab04b5baa58b7f506359e97
pix.cdnwidget.com/ Name: BXDID
Value: 4762296757293307742
pix.cdnwidget.com/ Name: BXWID
Value: 2051
pix.cdnwidget.com/ Name: BXVID
Value: 1682815710361968
pix.cdnwidget.com/ Name: API
Value: 2^HIykD
pix.cdnwidget.com/ Name: __PT1CID
Value: 2P7ks0LyxTVAOulQT8uAgY3RlaU
pix.cdnwidget.com/ Name: __PT1DID
Value: 2P7ks0ERZC4tMARB0iytZqK8Eps
ssp.behave.com/ Name: um2
Value: !2,a1dcee34-06ed-41fc-ab2a-7213bef84e56,452094510
.id5-sync.com/ Name: id5
Value: d020a897-4f54-71df-8a9a-0aab20f0fbcf#1682815704260#2
.adscale.de/ Name: cct
Value: 1682815710875
.adsrvr.org/ Name: TDCPM
Value: CAESGwoMc2hhcmV0aHJvdWdoEgsIurmatdTH5DsQBRIUCgV0YXBhZBILCPDKprrUx-Q7EAUSFgoHcnViaWNvbhILCIC9nb3Ux-Q7EAUSFgoHc3Z4OXQ1MBILCMSti8PUx-Q7EAUYASABKAIyCwiYjMeY68fkOxAFOAFaBzhoOXUxMWhgAg..
.smartadserver.com/ Name: csync
Value: 107:951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b
.adx.opera.com/ Name: UID
Value: OPUaa3c7529ae5146bfa0f2dc2238d7690f
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.socdm.com/ Name: SOC
Value: ZE2638Co8XkAAML5hg4AAAAA
.chicagotribune.com/ Name: _fbp
Value: fb.1.1682815711314.1227982514
.semasio.net/ Name: SEUNCY
Value: A6C4AA1734A55FFE
.go.sonobi.com/ Name: HAPLB8S
Value: s85130|ZE264
.gumgum.com/ Name: vst
Value: u_2f73db70-2d95-4e61-846d-b976d5f472ce
.id5-sync.com/ Name: 3pi
Value: 464#1682815710868#1411482073#951bd151-4e16-4e22-8489-d22950e61f33-tuctb47405b|112#1682815711551#192460113#A6C4AA1734A55FFE|434#1682815711721#2017153398|3#1682815711194#-374920474#9e4d644d-bade-4000-a5ba-c59d1cfc5859|264#1682815710991#313117651#da3ec3c1-341d-4e53-8cd4-3079e127dd0f|441#1682815711928#1598421239#u_2f73db70-2d95-4e61-846d-b976d5f472ce|108#1682815712276#-320038488|429#1682815712125#-107269919#B644CC9D-6C6A-4346-8468-AAF707B6BA7C
.id5-sync.com/ Name: callback
Value:
.chicagotribune.com/ Name: _ml_id
Value: 173b94f8b2185443.1682815703.1.1682815713.1682815703

20 Console Messages

Source Level URL
Text
network error URL: https://dyv1bugovvq1g.cloudfront.net/3/www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html.js
Message:
Failed to load resource: the server responded with a status of 403 ()
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
security error URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.chicagotribune.com') does not match the recipient window's origin ('https://ads.pubmatic.com').
security error URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.chicagotribune.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 466)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 466)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 466)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security error URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Message:
Refused to execute script from 'https://id.rlcdn.com/1000.gif?memo=CIq8KxoNCNn1tqIGEgUI6AcQAEIASiA2ZDIwN2IyNzJmMTA0NjA3OWU1ZDViOGI0MDYyMDM4OQ' because its MIME type ('image/gif') is not executable.
security error URL: https://www.chicagotribune.com/business/ct-biz-solarwind-orion-cybersecurity-hacking-cb-20201215-qcg4kzgx6vgbhiehwyghush45m-story.html
Message:
Refused to execute script from 'https://id.rlcdn.com/1000.gif?memo=CIq8KxoNCNn1tqIGEgUI6AcQAEIASiA2ZDIwN2IyNzJmMTA0NjA3OWU1ZDViOGI0MDYyMDM4OQ' because its MIME type ('image/gif') is not executable.
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security error URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.chicagotribune.com') does not match the recipient window's origin ('https://eus.rubiconproject.com').
security warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 466)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 466)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 466)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security warning URL: about:srcdoc
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security error URL: https://htlbid.com/v3/chicagotribune.com/htlbid.js(Line 1)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.chicagotribune.com') does not match the recipient window's origin ('https://ads.pubmatic.com').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a5f0d2c95d4ba45bc663a1353c4b349b.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
ad.turn.com
ads.creative-serving.com
ads.pubmatic.com
ads.stickyadstv.com
ads.yieldmo.com
adservice.google.ca
adservice.google.com
amazon-tam-match.dotomi.com
ams-pageview-public.s3.amazonaws.com
ap.lijit.com
api.bounceexchange.com
as-sec.casalemedia.com
assets.bounceexchange.com
assets.zephr.com
authenticate.chicagotribune.com
b-code.liadm.com
b1sync.zemanta.com
bh.contextweb.com
bidder.criteo.com
c.amazon-adsystem.com
c.bing.com
c.go-mpulse.net
capi.connatix.com
cd.connatix.com
cdn-gateflipp.flippback.com
cdn.confiant-integrations.net
cdn.id5-sync.com
cdn.jwplayer.com
cdn.keywee.co
cdn.onesignal.com
cdn.parsely.com
cdn.sophi.io
cdn.taboola.com
cds.connatix.com
cds.taboola.com
ce.lijit.com
cks.connatix.com
cm.g.doubleclick.net
cmp.osano.com
collector2.sophi.io
connect.facebook.net
consent.api.osano.com
contextual-analytics.wunderkind.co
contextual.media.net
crb.kargo.com
cs-server-s2s.yellowblue.io
cs.media.net
cs.yellowblue.io
d15kdpgjg3unno.cloudfront.net
data.cdnbasket.net
dfp.bouncex.net
dis.criteo.com
dpm.demdex.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
dynpaywall-api-chicagotribune.ml.sophi.io
dyv1bugovvq1g.cloudfront.net
eb2.3lift.com
embed.sendtonews.com
embedcdn.sendtonews.com
eus.rubiconproject.com
events.bouncex.net
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
geo.privacymanager.io
googleads.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
htlbid.com
ib.3lift.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
idr.cdnwidget.com
ids.cdnwidget.com
idsync.rlcdn.com
idx.liadm.com
ih.adscale.de
image2.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
img.connatix.com
imprnjmp.taboola.com
ins.connatix.com
jadserve.postrelease.com
js.matheranalytics.com
launchpad-wrapper.privacymanager.io
launchpad.privacymanager.io
lb.eu-1-id5-sync.com
lit.connatix.com
load77.exelator.com
loadm.exelator.com
mab.chartbeat.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
match.taboola.com
mug.criteo.com
news.google.com
odr.mookie1.com
onesignal.com
onetag-sys.com
p.flipp.com
p1.parsely.com
page.cdnbasket.net
pagead2.googlesyndication.com
pd.cdnwidget.com
ping.chartbeat.net
pippio.com
pips.taboola.com
pix.cdnwidget.com
pixel-eu.rubiconproject.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.keywee.co
pixel.rubiconproject.com
pixel.sitescout.com
pixel.tapad.com
pl.connatix.com
play.google.com
player-files.remixd.com
pm-widget.taboola.com
pr-bh.ybp.yahoo.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
protected-by.clarium.io
pubcast-files.remixd.com
px.ads.linkedin.com
r610.chicagotribune.com
rp.liadm.com
rp4.liadm.com
rtb-csync.smartadserver.com
rtb.gumgum.com
rtb.mfadsrvr.com
s.ad.smaato.net
s.amazon-adsystem.com
s.go-mpulse.net
s.ntv.io
s0.2mdn.net
sb.scorecardresearch.com
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
siteintercept.qualtrics.com
sli.chicagotribune.com
smoggysnakes.com
sqs.us-east-1.amazonaws.com
ssbsync-us.smartadserver.com
ssbsync.smartadserver.com
ssor.tribdss.com
ssp.behave.com
ssum.casalemedia.com
stags.bluekai.com
static.adsafeprotected.com
static.chartbeat.com
static.criteo.net
stats.g.doubleclick.net
sync-amz.ads.yieldmo.com
sync-t1.taboola.com
sync.1rx.io
sync.crwdcntrl.net
sync.go.sonobi.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.taboola.com
sync.targeting.unrulymedia.com
sync.teads.tv
t.adx.opera.com
tag.wknd.ai
tags.rd.linksynergy.com
tags.remixd.com
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
trace.mediago.io
trc.taboola.com
tribune.blueconic.net
u.openx.net
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-match.taboola.com
us-trc-events.taboola.com
us-u.openx.net
us-vid-events.taboola.com
vid.connatix.com
vidstat.taboola.com
view.cdnbasket.net
widget.perfectmarket.com
www.chicagotribune.com
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.i.matheranalytics.com
www.tribdss.com
x.bidswitch.net
zephr.chicagotribune.com
zn3mj4uj3nxslnmih-tribune.siteintercept.qualtrics.com
img.connatix.com
104.126.112.26
104.126.113.148
104.126.113.6
104.127.172.242
104.17.209.240
104.18.24.185
104.18.33.52
104.36.115.111
104.76.100.229
107.178.250.234
107.178.254.65
107.21.92.115
108.138.106.113
108.138.128.112
108.139.29.80
124.146.215.45
13.225.214.99
13.225.63.114
13.225.63.3
13.226.34.36
13.33.60.16
13.33.60.66
13.35.93.13
13.35.93.33
141.226.224.32
141.226.224.48
142.250.80.2
143.204.151.99
151.101.193.44
151.101.65.44
162.19.138.82
162.248.18.37
172.64.154.204
18.164.101.60
18.164.116.116
18.164.116.44
18.164.94.225
18.165.160.94
184.51.148.176
192.40.39.223
198.148.27.140
199.127.204.171
199.187.193.181
199.187.193.182
207.198.113.204
207.198.113.230
213.19.162.80
216.200.232.249
23.192.31.127
23.7.73.96
23.77.241.160
2600:1400:9000::687e:7491
2600:141b:13:699::11a6
2600:141b:13:78d::11a6
2600:1901:0:d733::1
2600:1f18:4e9:5a02:5b4:577f:5bf1:de22
2600:1f18:730:b150:c922:c4f2:8c5e:8b2
2600:9000:21dd:5000:8:48e:53c0:93a1
2600:9000:2209:2a00:1b:5138:8a40:93a1
2600:9000:2209:6e00:11:b309:9100:21
2600:9000:2209:8400:5:82fd:2500:21
2600:9000:2209:d200:1:a3fa:7cc0:93a1
2600:9000:2209:d600:e:ec66:e40:93a1
2600:9000:23cb:1600:8:8845:1500:93a1
2600:9000:24f1:3600:18:1fcd:351:7bc1
2600:9000:2510:c000:3:b7e:8940:93a1
2602:803:c002:200::116
2606:4700:10::6816:3556
2606:4700:4400::ac40:99f6
2606:4700::6812:d63b
2606:ae80:1471:16::760
2607:f8b0:4004:c17::9d
2607:f8b0:4006:806::200e
2607:f8b0:4006:807::2002
2607:f8b0:4006:809::2006
2607:f8b0:4006:80c::200a
2607:f8b0:4006:80d::2003
2607:f8b0:4006:80d::2008
2607:f8b0:4006:80e::2002
2607:f8b0:4006:80f::2002
2607:f8b0:4006:80f::200e
2607:f8b0:4006:817::2004
2607:f8b0:4006:817::200a
2607:f8b0:4006:81e::2002
2607:f8b0:4006:81f::200e
2607:f8b0:4006:821::2001
2607:f8b0:4006:821::2002
2607:f8b0:4006:824::2003
2620:100:a001::18
2620:100:a001::4
2620:100:a001::c
2620:112:f002:bbbb::21
2620:1ec:21::14
2620:1ec:c11::200
2a02:6ea0:c400::12
2a03:2880:f011:8:face:b00c:0:1
2a03:2880:f111:83:face:b00c:0:25de
2a04:4e42:600::300
2a04:4e42::714
3.123.89.161
3.216.207.32
3.221.86.84
3.225.218.10
3.236.169.117
34.107.191.194
34.111.113.62
34.111.8.32
34.117.121.15
34.120.253.250
34.149.130.207
34.149.239.87
34.149.254.212
34.149.31.64
34.170.123.2
34.192.238.67
34.194.161.83
34.205.216.79
34.226.179.32
34.227.232.40
34.238.216.149
34.98.64.218
34.98.67.3
34.98.72.95
35.190.38.143
35.190.60.146
35.190.90.30
35.207.10.239
35.207.24.140
35.208.249.213
35.211.178.172
35.71.130.31
35.71.131.137
35.71.139.29
44.237.8.143
50.57.31.206
51.222.39.187
52.0.156.250
52.1.40.206
52.203.227.89
52.204.7.99
52.216.101.187
52.46.128.147
52.54.178.10
52.85.61.12
52.95.115.196
54.148.169.223
54.161.237.233
54.172.179.242
54.205.97.187
54.221.210.94
54.221.231.181
54.227.251.232
54.82.155.25
54.85.249.75
63.251.28.234
63.251.86.50
64.202.112.223
68.67.160.75
68.67.179.164
69.166.1.10
69.173.151.100
69.175.41.44
74.119.119.139
74.119.119.150
8.28.7.81
8.28.7.82
8.28.7.83
82.145.213.8
96.16.24.29
99.84.37.75
00eb5bf1d3e20107c280977e3cd0e4cb31ac7fdb1e5ef3f614d5b10db327a9ad
00ed54ced313efe9634c9a3e37f2173fa69808649d973c8027678188a2c97f8a
0143aac740a26a78b5969ca94c5cbd47bec9f2c115a794a8b13847efd65c1218
02be04a70799d79a31b671ea6b5ce156c93710abb438e700d7ba9246850c3ef7
0325b6c9e68ae3f6ec25f6817b4daef364bd99c2ff5f04588fd6f956bf983b97
036ca913a79340aa56ea17d23a5284f24c0fc91b4d32e88e6ade0fb865961012
03ce1ec16e7118353eeeac07435471e0396642e2caf2af748433992b02652825
04df67bdba09ff8847c898604e9e959fb5ea6bae2e89601d53832f527e7d3d84
04fcd245e1cb01d37d01f1bb412f713864fa443ea565b8ad206d80ca893ad943
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08664859baab5ed98f0bf818ed77e38464ff1826dc6406d5ecbd651409afbd92
0869744a5242249d78d150c4fa9496c32192f67745486c9681180d6a18fd0550
091ba5711e7f397eca67fb1da60968a88be608d2f4fb80955ef74f645b6e898b
096a0419a3787b284e7105edeebc7cf4915cb9549f3b433258f65483acc24510
097e00bfb3689960d4ed6b76b07bc4a00e13a518c82e67482fcc1b3c7501a12d
09a3a6ea7be75bdec0c140e22ce76afe76f8112d535c5a1d1db04981ec086074
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
0ad3fc25cc02c1cd9b5173546fddaca06d0eeae5c5e1421907858b6f1f02b2aa
0afd5c2b1228ae8faed1576b994996c1de16cebc735fb1c70b0a8ae1dc6a94d2
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0f386a44ec6c87a97f68e4c1ed3ab421a23fffb164ac2c22bb5963b7fa7e7495
12b5eaccd8a9d81a6a12512566d2b72aa7c100b4a261a08ee6aae4679a9e36b4
12cb8ee11fcac29aff22456f64220009fbc7ef37e229c1b89ac0f20833bad218
13ee1534cd1c1ee75c6cc66bf9a090aaea63c0018e66190675071723b7a8b6b7
154dcb1b08e1ac5231d54e13b6fbd82fb8c503d6ce4411d88f08f1155aacd489
1567d751940df7235a85602c216a8553bb5f43e651ee45fb24392133d9178e16
1602af5db234e3be133ddbe4e0320b400320d32a7ff353720dfb33ecf3c81b0f
17ea6e990e6cd536c8c66c591033719d1f403b092dee1d66cd481c5ce51fd798
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
187b5acd618b7995f08dce701392ed8f4b15bafd54b1368279c733f4042da994
189b8ed64093b12937354b2ef71ccf1df59690d90432241a10fe1cb25000acba
194addf8fd862999286b33cf83116babe8c700ba3a28111777f49ca72c429970
1a37abe1346bd1a4c333d51a6386af22e4068e657dd5aa23c56fb8444d0c8354
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1c2f49e321e44089cfb8b8a47027b988e80c149f62da6991805ae77be5f066f4
1d118629f303ffc076b5d1d89ddcc05c9fdc4e149d4aa07d38cf376fd440239d
1d4a78769df11981630c482bfe090ec752e4a7401e15e79abd8d351f6e034903
1e5b6d68ab32f145ca17f333ff43a2644b69887fbec215cb00a09cfc5ecc806b
1ee26762e2224737d899a3a3ff533c0277943862e1183ee8ec5123875f5cb9ba
21e9a2a6745e72a9504ec7392d5bda2b2f6be8d47224a84f75ca139b8575c08a
21fa4039ce11430bd6ebb4a321f737ac59d7453e28da5d8755382582942c6632
22a1f8b91b34d286771a2370f5de60c3ff5ed51d52328fa551358497a2b7cdd1
23f6b483148d0c90a84e651dd6d1c1199a4358ca2244413193ac6c5c8f20be66
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
272c072abe3cb69b8ad8aa41aafb5875001a2867e4f2adbe227d01649b483ddc
276cd29ffad20507010c9ffad7835cbd2714c049405013e2bf809c46434c4fcb
2795829e0c301bbfd2136711f76461257b9c9f84a9496e348d012cd79c020311
286a9eb90b3236f3c77e9cd147b524d542d53ba83973de175c45be3eb1147805
295ce65cc3ea684a1f1174267026cedb922e6920b516759487b6342a00629ee3
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e3d6fd9a0af1ad680b036add4063d2d1d8718321ee26bef90289c86ca0b99a6
2eadc69dbec0f51faf61178a2dab3bdce3182613b51be5cb5b2308962a9e0b54
2f1f2e629eb7a6840efc28904cabc83860e6483775a3d86c8ede2c3e7480cafe
2f46926d81be4472495e6dc6a8789d7fc9ffb6acb270b4f6462720e0332fe718
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f73192e200788bb6ff537b2ec776ae86e6a4dcaa644a871ab700cc81168f327
3013e00ec5a907295c00604f34d58dd00a4cb05bfa6296d809b02ffbbdb9253e
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32e8506d2f282e7132820c2c989104e013938da8c2214f6442eaec6945918211
35e2649dfd70401f7b66db7205e20679efd131d4c30bd166302277d276cfa4d2
369f20e17ce9308e9e488e6fdbdf3aa0e3c8c4705b903c23cd610e7c41eedd16
3768b6be6f604aadc5aaa6cace7d2068cedf2e9a2d0bc8d4f3b6385e35bbd078
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
37aa3970b6801c9d286464f7d86e50bf41c88e54c7b4d08f3ff61935b3f59c3c
37f8ab8769785287d8b890ba001c44d93c98ec851e4abe769e8a5e243bbe1f0b
385b775f1349e9d369a6c6f63a0aafc11c22515ca8c97f2303038a2c6cdaf858
386d466b8bdd0cda283c79718d2aec07f38b9f9ed81eebe6d5266bb20cd42c10
38affcb9e2732c13cefa1fdec4cc50517333bc8343b91d7f0b948701a73abc47
392c32f20b9f867852a946a6ed1c5e21476df9619083548b6585d80a3b5f9bd4
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
39cf896ce3187adab7bf1c4c53eca961aa153bbc073c427393a19b8a3d5158be
3a478f1c24febd62d91f8aed4e8cfe81850fac9d2ec4e6369004c0f4797f140f
3bf53e2ad753c299ee4fde27a3c776054a973cdc083acfdc4383de4c3c6420c3
3ccf03ca5b6fdbc712ccbb0278cdbc4d6aba50772229fa54f6be27371d13fa6c
3e7885c38b406a643be4d765345890bb5ba930c96a7a3cf2d145f0bde8f8d0d4
3e7d49f24d56db02c7baca8ae3a17555c2e527571450e8c24c77b453407e267a
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3eee71600fb640a353accc08a20ad88c095914981375d4bc77b6ef7fc7078c2a
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
469b0ff156c18c16dd7215b37071dfa0d25a5d6c47c7fbfbd934278c8541711b
476d60955514d59fff612bff247149d6c3d8040247ec574886143d08163e1717
4896e0f15cc7fd2668c9419a6351400a0210d26bfa6b870ec8d75db28bd44ad0
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48f3e5f7a9375010964bbbe094a198635e95eb57607fb22f24d1bfe05b2ae2e7
4a394b541109b8415596cca17673db29c5d0ae678aae2e1a173a55a5d4eaa2ee
4a733578143393153bdfbf24f94acdef1b6c3438de751b11a4a1b5975a1e437e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bad57a78e6afeebde29e2f6cf112739e68da74693635894d00a8131b601b759
4ca2039a328b8430658284ee603ab8b1a8554e7e35afae2a094ea9838af9f60e
4d1e86f85f72f4d54eb146cc6cd18798f75025a05d063b7d90c3e349d990fd53
4de3df3f8c41b969312c7f8fb0ec105ca4ceebfeff99e9c4c6552f017c8aeb2e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
503b21999a416f6bab70f0119d86d140b092689fbadc4ac68d7248dc00d44f11
5056ee9f89eca042aeff7a869216c6cc3f8f3af83da9e995cdeccc61f170b7a0
51ae82135498270faf7037bc1034285965dcde3c43476a24ac83ab3d14322522
5222306ad5a6598ce35391787b91ddf3c475608a4877aedd8ddd3bc3bc9601f7
532756bc7de280e34a41c4a8a269b351414ea97a468038aaac6a101e58b75f0d
5336e341bf88d1798de998944eb812582d4f522583b3be6fe4b366f6bb9426a6
536f0eb5f25ee45093d28607b62fcdca94e5a1addfc8bbc3e3fa5cd300558664
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54d671a6a93e6f2e3a65a815cc53ced2cfc6bc4f7c818d4cd39f1674d13142b0
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
560858382d7e96a40a8bfa4e9c3fc05d84fdec133649734d7acca44a675ecfd2
58775462e8f9f791a044bc6a48c6be5dcd2d16a98d488c3a1f9d07f72448ce93
5930c52386428cfc5a608b256ce54b1688495c985d54500dce5b7cc18af7d01c
5d46c9190c0d74b7a4d88dcf48d0c714f23052032f890949888d6b34b836f607
5d68b4dff6fc1975b440cffa800290aeb46c4bef5e2408cfa4629c706895a506
5da042d5812f163384470df8b5fbca46e8364922c47407a8dbdcf114066fc6ab
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
631f97233497c8d58e4dc584540bbba9ad7b09bc17db0d9cc6a5d3f045ff1075
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
65b72c57b7d3e026f367272cac181935f22cf55a317943e7a7458cb122c840a2
6613009940c32f6e3032a2ef430d34037d17904c9beac02478443798784faa98
66879f406e54c9654a77244ae54f26e1c79ba40ff2f7b6c27124946ad46c7fe6
692abe42f4d23f3251297b22d864ff6656a9512b5f5a6590de02670db19b267b
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
69e71593c74623ac2425dd32c83e886e7e7f41ccaf85ec8c9e548a44a2cbd059
69ec733c4a71a96f08667815fa76edab074e72ca45fe1501fd3e01bf5dd91190
6af4e262d3179d6146a7d9a4ca0e37bb7534bf5cde1ebc28279f93400dcedd02
6b9214ca684d83a4198b1a41d1746ed05a1ca7f51ffd72daa6564242bed1d688
6ca6dad88420116cf65df7abf721ec0f6823803ec56639679492032ed0914314
6cb33c7d8f2d52a0c152287878247466f565855824d367681fd8773b68ec2e95
6d28830ef0fdeba41bc402b8b12341e929c6c66db8fe512deb2b1baa9611745b
6d54b63f7236589f8fde2c6b493bd11f1140fec29dd0cdef842a57ea807c641d
6de012a512667aa3f2fe482139afc03e1d24bbcc7fb25f314e809e80bb547c0c
70ca695827ee799ccb27df51756e9391870e9abd2ce148c269070152e300e248
70cbe087ce258f999216b06b28a303755d42601bb9ee1f11f2865bf7a971fac9
70fd869f92915eb3c9f85d2d2b5a473ba45239ae463b35267642335337c46f06
7207ad268def5e82824e25165cfc184ac71ef884d9499900a7a7e07f09e0a835
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
732121193c91f0b5e1b6782579d1c6153dadccd8dbe64ca611a8f381d4e584ca
73824d760b1446718655f257ec0b5f6ee95b9e32487e7cd0e0620b3b966b1449
74a62ef5ad85d88a52b79dfac8653b7e12fdb58528718dc0060588f9acd62abb
74c51235b49b812be8d12109acc6710514e0ad71cec43587ca0e3a8464acb9ad
75878e20516aab7c1d8b3db8af6b7c27fdde3b62e41c44f30295a54a5f8cc124
771196c556ce9fe2914aa0d336cf0f11fbd579c7cdd52e8436b19e0fffdd783b
773d4b3e6a07a46bc4cb06e9938b03dd1867b3acced6981e6f42601befc35024
77ba501bcbec49ecf49ad37f427574ed4e50e273e4c582701413b76874c597aa
7853f84e0bb301889ea5670ad8d060aeb5480cdaf01a9f2c7bb664ff414638b2
793009fe3bcc74dd22827bed33ca8f051b15354d383cf62b2c1cc9471abb9408
793fdca2b6e80d9ee6173423de6a9b665ee173601e83a64a098778e64eed15f2
7a7c108921aec53b21ed74d3979f9c1aea55ae72d724ff49d4e66bef21431c1c
7b307f2ce73aec07bfa1ab1d6462f491de0497c8819b1d6fed66eda9638a3530
7c0597b1b0c771139c958982210f05b275993037f0f3ba20d7a9300a0741dc80
7c9c80a6c32c0619d61c28f28723e68c5f8f75163e77ee5cf64c39e640e0d71e
7cdc7f026ca25da7d40e77cd1d5d52dd89ff03dcc0a1dff4b0e4f2e4a5598086
7dc34bc082196f1951e9f73b3ad1c681cb38ea1d261031b8f65812db383b057a
7e99c017fefb48e97fb69d882a8669085f379444a331bc6997f25013d013b507
7ea2b9b7a90c2cb46557a81b397fccebdff115c917c3c02c46930cdf0b5586ca
7f5d73c848836745a93ff7aa540a8f83f9899e3668628f42e9ba0cc6ef5e0b32
808515d245d7d80e18a680941807e7e7827d30b947b283cbd85c52f8eec41d04
818af1419f1412038ad6117223eab6cbba875388c2988f196f667bfb71d6547a
82beb162bbcc681c2b78cfc09eafa6a8bc7a078422df6a3c3fa4ca13053be480
8320451ff8a4c5156ab0b0864389895266c3b47e3c7f306a4dc8bd19be09f5b2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85f6aeeb69393d338e4706202f7bdb924ee1c8f080a2c7b08e32e6740f8103ac
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a6c3f5999aa2e246b5abea5fbb01a90d51de8ed4457c65b512dacc067f27c9e
8ae5b95f24ba3bf0fa5b9b21ffca4ef8a683558ae0a4985abf835f7b71ad0579
8c297e181fcaa1a47c3d8b9575c48855dbd3d56b9dcf4d2d89768832226f4557
8eb924d5f70acf0b53300df9cdf721bcb2f797bf56f61c8f913de2639b126621
8ee8a8fd83fb25bcb03ba621e107959825dae1d96b2ce1984f64b7d06f08d218
8f47dcc4291b9c84cf460c129650c43305c436bf9885e5a814bf9fe3412fcb1e
8faf4f6960ac501d02e1651ead1a8ff932fed771827b89c641d98c0815c0f77e
8fc4c656fb606d73535160204c5fcb9786950480c185715d4cb677e04687a334
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
91bcc65a1a6bb4755e48576889ae27c2f620e49d126b8127dd16c1a99945b9d5
94dba5e97bd9780046fc76db034ae0132c04cdf51858c680ef043f841ee3a468
9512d2de91fd27231a5efa08114917ca1bd054801f828b81d55f7a4b5f06b108
9729f3eab64671484b7dc72a11b62aa1f6f7841711fa84c318e01007dd03e6c2
9862d720a7bf84f9af0796630be7018e1dc90f9d4177dafe02b42a951d8fc89c
990d4ffa0c52bb186522e90e20e29e9108afba2661fc19e4dd07971421cd7897
99b0f2025ae2b11d710ca5877d9ac1fd73e1ded91b8503b714d6890e6d84eec3
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a85572ddc51d0a1f1400cadea1cf584d1f34673032c5d93966ebd3ed2777436
9b76acaf40bb58b64fcc644504641c93f5091e0aeddcc55db81ff58b4a802e6a
9b8625c4402d86800b7897daba8aab22235ca8ca1f711b577558ccf73b8817c7
9ca9f09fd888168eaa6fbaeb6305f77192e22689d6648f75249b27b89469fafa
9d12ff8dcf092cb6c6dfbb6a2c6ad7aa4a74d84c13e84803ea3e27404f7e85ab
9d897bf2ce8b34a8a5c8757df2409c8a7decee530ef0ceedb6b245e45983e8c3
9e1631b5c6188ad7a2ad428d4975d22a284a8eb41d44da812e342ea229eadec1
9edd70d6d5176cd3ec8d0bff76d7bae89b35f0d4f487bfa2acfa8b4c2ac9e18f
9fba1124022f81856d21aedd0970e92f7ded860791d366c4537677bd044ded33
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0f5ad14180a1dd1361139dec6faad3744e8e8b586860ec91013ae1d66100134
a15d00e8396510d01f02cc39b183e6dd54d5b4170d763145be3b8ed5b47d4d66
a3977a7ae58b6f10201a306505091c8d0629f6e65eef6d804f4f8dc22ed8e078
a3fb3097161f7fafdb9c550381e3ddc6fba01a5cff3d5097a9ef7719548d1330
a48b96eb4dbabdf7d10b4a7667062cd55b7c1f9aab381f05c916798ec4308f68
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a83c0c6b4bd96be0ff11f072463322a5a36df77d5be5492b9abfd50e885ce264
a9cd64ca9fca199d4366d499a84f6678bf0a2da7f87fa16217a042b6813d4ca5
ab0a71b885eed47163261f9d4356e2c99d24913b2702b476946db4d107346aff
ad6aa18e132c373e6a0be7543103d4e5dfde8680587cea250550686591419910
ae9f88a5ad02f349e7ed3e15515f3c09f08a1232976ca0322efab5918dd60861
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
b3e4006b2fc077ffe79a6667f337b4d07960c420b6053228db6bbacaed708930
b4ea49f24d187d178a5dd1cdac0045515d4937c6846784f5c75e86cb7e63ad1c
b58c362d86bdaa4d9f652e9066bd8ec1cee9e5165bfa4ed43129af27370beaf4
b651b84ce79307c301a1c828d60c08084924177f48eec4aad6df47ec714d9af1
b72f40ec18d3c4c527add738d8f24a47e5a1dbb3f54afcaee252f84351df5bf5
b90b910df64d1f5d817d034ae64e23406df18ea25112523fdbb9843743088401
b930afd42062f8539791cf42766fd386ca93dbc6378fcb7ade3298092340cfac
b9dd3ac5da6732c952d1fcf8130a7e403e4b48c08460e3b2f62f2aed37fe6957
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc37ef799c486ea69aac24a5704a16b0138914f14614d34df8b7ff1661a1d77f
bc587490ff4131aea44419237ae5f16fd19d581536e5c9277354854002f839db
bde2aa789cdba2262fa845b3435b1b6381c65395d9013a50c009b3b662fec295
be158c3175158d48b87ed0d5dd5921c17ca0c38ab609a1ec20d97c94c51ffcaf
c0a7b78b741975a40bcc99c4b89e39855248aa76b3c8d639c8dc39245ebe1441
c0b4843749dd8b5b432e1f4834997b91f187a2b64e8bae449e88fb846a703b2e
c167d2284be6e66ef59dcbee2a46fbe67d9a4526b8c673d355a5f1dc59774a05
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c28ee863ec98028922af754b8f10e8fbd8d9563c4f159debcb860be5774f6643
c3c34417df3ed3b0cff89bcc28a4d01f4bb506c4fe30836b1664598946d6c4f2
c3e7ac3cc794ed5900daf83aac9c7489cb779a88c1c3f3fe2a1742d44312b257
c7aec999b9688449d1d7d80d307a9728a4ab8349204176ee065c4f1d753a55f9
c7d75d7a1b69a6183878cd8418017d01d2e60f6a1c100758439b2f758b8bf5ee
c868ebeb22a6d2945834c14da4641969a62e35a6cfa434a974339df068324b6e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca4632c98402232ce11da4c8e646385be9993ff53bc0fe70fc5bce163f41f674
ca5ef1f9b6b68ac7a0d0cd668ed57f0e8d028391686b8cd6f375f61c84b2aa8e
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb08fce785f81f7655cd8e5dda8ae9fa0ae562a3da245141cbff924f4e88c09e
cc0e716595a20cd577f4cba25c11b4b54d92311f5f4bf22b992af281cabbc0c7
ce7421f5862e407365973442ea5e7e98575b6f179ed23ad2c8d6c1ab7c9a8d41
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf510d6a231298b22311b5b55d5e36d25dd4ea1a020e73ee9e9ed1084fe36be0
cfa45ab86314ea28cfeec0071061b7e8c9e74a461d2e7cfe3856edcddca22b4e
cff7ef6ece2e35050683ecf19c85aaf7147e029b94f9f7e757dd708faedaa392
d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d1d622430c808607b84ce67cb680dedf0d9fda9e79ff1041b169c5fd402276d5
d2964eaca64abdde2289ae57bc1f0a0950a04eede167f609a291ec8d1ad588c5
d29d84e698eb10452f97d8a6f249b73496beb844cef58e920e3832bd321d64a2
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d704ebecc71b232b6e6b8e6f713a21ae68ff6f9c29c58bc12def72698a1be77e
d8254c34b46b988a144dcfa0897a7f8cb6a5588e9d115ad18981c0b94ba6cfb7
d836130940d04033fdfa8cb24a4e556e5ac2a5c607f0c3337fa42f0bb29c8d5c
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dddbb47a3872596072d2051bd06bea0b6971b23472fc4b47ed72a01d66c05603
de28ac7907308ef497da86c8e54eac75a9fc8342f18493978d1cc17ebe7252ab
def6a9d822627b0ea4a61278103db2436736304a64d6c3efb2557984528f8f25
e0d1617f80366c07a2c68f06e955c64c6f81722619c9a1dea40107885292acd3
e308dc4dccc131c5a56d4f2534e6ac8bd3dd98ebe19b7cb7e017e05c86e7e50e
e39a9a1365ebd1217c68d42149e7ad944fa6053d2d167c47ccfc58bc014173ce
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b9d318b3157ccbfc3bb00e82a446613294f9a592c01537662386bd848882b7
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e7916e26498bf49c4bfc2a1b8351b43cbe67a2965d3fb0046eb438cd7d139a21
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e7ec8eccb31d50a54fa7b3cb65ebaceb2110609b4c82ebea3806a3d4ebe3ecee
ea00ccaf95699dd2e10dfcfec7fd0bbf6c7fa7e9a06efa6277e74d2fee673745
ec81013fada9e239bb9d91316ba5cdfffaf0f7a1ea4220ae81c271db75b71a5a
ed6b237b687782c7d85630dec9239d26965f826b0b1a64d2817b4dec65db486a
ee5dd0a4359b47cc49bbeaa01ee01d9ab77226267bc4999dce2331f35dd4b930
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f31c62113a61f327b0f93fdd9170c98c452d6b5e75718657c7fba611ec84806d
f445677b83f970889e8ebdfe93274e2efc4faeb82432af069a086879af7073b8
f467ed9b6165deed9a2611603c41428b7cb9b97007e3f41b3ae29eecb94b5a49
f486dcad1402002af6f9fee8cbe1f301710b828ea0740abfe8672137ef6e02f8
f4fc114373da7e63fade04d84f7f1cfb5b31632246f33b10f3b7b275b85e6dd6
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f75a1898d3ba7d8a5a47bf54a149b506b81291348702c2440bd09c8e67b5472f
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f971bbafd6669c1bf9d5b7039475425bb7751cef461b1af56faa2b795f76d1bc
f9b6ac6a111ef0d375ab15de684f75154b385e3d720872151acf7d63746679b9
fa42b353a1443b510839625deac9428844a80039d8bd6f1ad45b9caea9f64d35
fb02ab5b5dc12786cde36c24ca21eaaa5c6309c9931d26f9665e3878ac94c1c0
fb4f73b4621161c27979a48ab81a1d0c1bd3a51e4f4d52b3b2daff9cb85e9495
fbf3687b4e3fbfa5e6d534f5fd9739dbb29c0ab3111e902f7ce95199501d434c
fcac0e1a4f11bbf64e60b1305ef1b935ff5c41e49d150c42ca8d8d6464dc240f
fcb226af8bd0735793750ab824a43ec7ab374dccc155acfc4ccc33bf234fdc9a
fe4c072ab2800413eb2b2a82f8b95f9cb90db8887f439c40fc2a9e8579679f73