billingsgazette.com Open in urlscan Pro
192.104.182.209 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://click1.email.lee.net/qhdynsffpfjtdmgntvwsstdpbdtrbydpdnhqmhfgswmfgvd_okwzttktrqdtlktmjfkff.html?a=billingsgazette.com
Effective URL:
https://billingsgazette.com/
Submission: On January 10 via api (January 10th 2022, 4:47:37 pm UTC) from US — Scanned from DE

Summary HTTP 221 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 61 IPs in 6 countries across 43 domains to perform 221 HTTP transactions. The main IP is 192.104.182.209, located in United States and belongs to LEE-ASN, US. The main domain is billingsgazette.com. The Cisco Umbrella rank of the primary domain is 222905.
TLS certificate: Issued by ZeroSSL ECC Domain Secure Site CA on January 6th 2022. Valid for: 3 months.

This is the only time billingsgazette.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	74.214.203.11 74.214.203.11	14618 (AMAZON-AES) (AMAZON-AES)
3 13	192.104.182.209 192.104.182.209	10668 (LEE-ASN) (LEE-ASN)
37	104.18.130.43 104.18.130.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	143.204.98.104 143.204.98.104	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
11	143.204.98.66 143.204.98.66	16509 (AMAZON-02) (AMAZON-02)
12	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
26	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
7	143.204.95.188 143.204.95.188	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:829::2011	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	52.30.14.23 52.30.14.23	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:810::2010	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f02... 2a03:2880:f02d:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:215... 2600:9000:2156:3600:2:36a1:2f40:21	16509 (AMAZON-02) (AMAZON-02)
1 2	107.178.250.234 107.178.250.234	15169 (GOOGLE) (GOOGLE)
1 3	143.204.98.86 143.204.98.86	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:215... 2600:9000:2156:7600:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2a04:4e42:200... 2a04:4e42:200::645	54113 (FASTLY) (FASTLY)
3 5	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
1	143.204.97.29 143.204.97.29	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	34.102.205.239 34.102.205.239	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42::645 2a04:4e42::645	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 9	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:215... 2600:9000:2156:ca00:7:5031:dc0:21	16509 (AMAZON-02) (AMAZON-02)
2	104.18.29.199 104.18.29.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.71.198.250 52.71.198.250	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2600:1f18:730... 2600:1f18:730:b130:4896:6298:98c:bff0	14618 (AMAZON-AES) (AMAZON-AES)
1	54.146.217.90 54.146.217.90	14618 (AMAZON-AES) (AMAZON-AES)
3	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
7	67.202.105.33 67.202.105.33	32748 (STEADFAST) (STEADFAST)
2	2600:9000:215... 2600:9000:2156:4400:e:98bf:5f00:21	16509 (AMAZON-02) (AMAZON-02)
1	159.89.191.251 159.89.191.251	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	104.18.14.222 104.18.14.222	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.245.255.87 34.245.255.87	16509 (AMAZON-02) (AMAZON-02)
5	2600:9000:215... 2600:9000:2156:1600:16:f02f:46c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
1	2.18.232.130 2.18.232.130	16625 (AKAMAI-AS) (AKAMAI-AS)
1	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
2 6	3.229.102.111 3.229.102.111	14618 (AMAZON-AES) (AMAZON-AES)
1	2.16.186.193 2.16.186.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	185.29.134.248 185.29.134.248	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2	2600:1f18:444... 2600:1f18:444a:4680:469d:1ee7:c700:42a5	14618 (AMAZON-AES) (AMAZON-AES)
2 2	34.255.247.61 34.255.247.61	16509 (AMAZON-02) (AMAZON-02)
1 2	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
5 5	18.157.225.191 18.157.225.191	16509 (AMAZON-02) (AMAZON-02)
1 1	54.81.207.173 54.81.207.173	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:600... 2a04:4e42:600::300	54113 (FASTLY) (FASTLY)
1 2	52.19.22.209 52.19.22.209	16509 (AMAZON-02) (AMAZON-02)
1	3.211.7.2 3.211.7.2	14618 (AMAZON-AES) (AMAZON-AES)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
1	34.247.104.176 34.247.104.176	16509 (AMAZON-02) (AMAZON-02)
1	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
221	61

1 74.214.203.11 (United States) 1 redirects

ASN14618 (AMAZON-AES, US)

click1.email.lee.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 192.104.182.209 (United States) 3 redirects

ASN10668 (LEE-ASN, US)
PTR: cms.chicago2.vip.townnews.com

billingsgazette.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 104.18.130.43 (None, )

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-104.fra50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 143.204.98.66 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-66.fra50.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

contributor.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2011 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

survey.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

98f02a78e754ebda3aed7126cb8a8a0c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.14.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com

ad.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:3600:2:36a1:2f40:21 (United States)

ASN16509 (AMAZON-02, US)

d81mfvml8p5ml.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.250.234 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 234.250.178.107.bc.googleusercontent.com

js.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 143.204.98.86 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-86.fra50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:7600:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a04:4e42:200::645 (United States)

ASN54113 (FASTLY, US)

jssdkcdns.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jssdks.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.223.40.198 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.97.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-97-29.fra50.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.102.205.239 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 239.205.102.34.bc.googleusercontent.com

a.leetemplates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::645 (United States)

ASN54113 (FASTLY, US)

identity.mparticle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:ca00:7:5031:dc0:21 (United States)

ASN16509 (AMAZON-02, US)

dn1i8v75r669j.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.29.199 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sc.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.71.198.250 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-198-250.compute-1.amazonaws.com

www.i.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b130:4896:6298:98c:bff0 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.146.217.90 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-146-217-90.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2156:4400:e:98bf:5f00:21 (United States)

ASN16509 (AMAZON-02, US)

dkpklk99llpj0.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.89.191.251 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: roimedia-nyc-07.advertserve.org

serving.roimediaconsultants.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.14.222 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn-sic.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.245.255.87 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-245-255-87.eu-west-1.compute.amazonaws.com

am.freshrelevance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:2156:1600:16:f02f:46c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c8.dycdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.202.105.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.232.130 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-130.deploy.static.akamaitechnologies.com

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

sic.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.229.102.111 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-229-102-111.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-193.deploy.static.akamaitechnologies.com

sli.billingsgazette.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.248 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:444a:4680:469d:1ee7:c700:42a5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.255.247.61 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-255-247-61.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.215.191 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.157.225.191 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-225-191.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.81.207.173 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-207-173.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.19.22.209 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-22-209.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.211.7.2 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-7-2.compute-1.amazonaws.com

thrtle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.254.143.3 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.247.104.176 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-104-176.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	townnews.com bloximages.chicago2.vip.townnews.com — Cisco Umbrella Rank: 14429	573 KB
25	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 175 survey.g.doubleclick.net — Cisco Umbrella Rank: 11025 stats.g.doubleclick.net — Cisco Umbrella Rank: 78 cm.g.doubleclick.net — Cisco Umbrella Rank: 169	758 KB
18	googlesyndication.com 2 redirects 98f02a78e754ebda3aed7126cb8a8a0c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 127 pagead2.googlesyndication.com — Cisco Umbrella Rank: 94	817 KB
16	google.com contributor.google.com — Cisco Umbrella Rank: 9142 fundingchoicesmessages.google.com — Cisco Umbrella Rank: 2288 ampcid.google.com — Cisco Umbrella Rank: 1586 adservice.google.com — Cisco Umbrella Rank: 69 analytics.google.com — Cisco Umbrella Rank: 971 www.google.com — Cisco Umbrella Rank: 8	72 KB
14	billingsgazette.com 3 redirects billingsgazette.com — Cisco Umbrella Rank: 222905 sli.billingsgazette.com — Cisco Umbrella Rank: 662269	127 KB
12	liadm.com 3 redirects b-code.liadm.com — Cisco Umbrella Rank: 3137 rp.liadm.com — Cisco Umbrella Rank: 2415 rp4.liadm.com — Cisco Umbrella Rank: 11230 i.liadm.com — Cisco Umbrella Rank: 458 i6.liadm.com — Cisco Umbrella Rank: 1305	20 KB
11	tynt.com cdn.tynt.com — Cisco Umbrella Rank: 6692 sc.tynt.com — Cisco Umbrella Rank: 7456 ic.tynt.com — Cisco Umbrella Rank: 3828 de.tynt.com — Cisco Umbrella Rank: 1127	9 KB
11	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1197	261 KB
7	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 272	80 KB
7	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 444	116 KB
6	mparticle.com jssdkcdns.mparticle.com — Cisco Umbrella Rank: 5075 identity.mparticle.com — Cisco Umbrella Rank: 2459 jssdks.mparticle.com — Cisco Umbrella Rank: 4777	49 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 33	57 KB
5	bidswitch.net 5 redirects x.bidswitch.net — Cisco Umbrella Rank: 254	3 KB
5	dycdn.net c8.dycdn.net — Cisco Umbrella Rank: 48932	2 KB
5	adsrvr.org 3 redirects insight.adsrvr.org — Cisco Umbrella Rank: 602 match.adsrvr.org — Cisco Umbrella Rank: 295	2 KB
5	cloudfront.net d81mfvml8p5ml.cloudfront.net d1eoo1tco6rr5e.cloudfront.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net	22 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8579 ampcid.google.de — Cisco Umbrella Rank: 45749 www.google.de — Cisco Umbrella Rank: 6151	2 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	321 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 151	148 KB
4	crwdcntrl.net 1 redirects tags.crwdcntrl.net — Cisco Umbrella Rank: 1395 ad.crwdcntrl.net — Cisco Umbrella Rank: 6331 bcp.crwdcntrl.net — Cisco Umbrella Rank: 538	15 KB
3	33across.com cdn-sic.33across.com — Cisco Umbrella Rank: 7499 sic.33across.com — Cisco Umbrella Rank: 7308	116 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 88	441 B
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 124	2 KB
3	matheranalytics.com 1 redirects js.matheranalytics.com — Cisco Umbrella Rank: 9842 www.i.matheranalytics.com — Cisco Umbrella Rank: 9982	43 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 126	134 KB
2	exelator.com 1 redirects loadm.exelator.com — Cisco Umbrella Rank: 798	2 KB
2	addthis.com 1 redirects x.dlx.addthis.com — Cisco Umbrella Rank: 927	1 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 184	2 KB
2	leetemplates.com a.leetemplates.com — Cisco Umbrella Rank: 28506	341 B
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 698	622 B
2	gstatic.com www.gstatic.com	13 KB
1	ml314.com ml314.com — Cisco Umbrella Rank: 1202	422 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 279	419 B
1	thrtle.com thrtle.com — Cisco Umbrella Rank: 964
1	taboola.com trc.taboola.com — Cisco Umbrella Rank: 523	231 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 763	615 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 372	676 B
1	adnxs.com acdn.adnxs.com — Cisco Umbrella Rank: 534	32 KB
1	freshrelevance.com am.freshrelevance.com — Cisco Umbrella Rank: 13821	67 B
1	roimediaconsultants.com serving.roimediaconsultants.com — Cisco Umbrella Rank: 19224
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 202	4 KB
1	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 396	27 KB
1	lee.net 1 redirects click1.email.lee.net	306 B
221	43

	Domain	Requested by
37	bloximages.chicago2.vip.townnews.com	billingsgazette.com bloximages.chicago2.vip.townnews.com
18	securepubads.g.doubleclick.net	billingsgazette.com securepubads.g.doubleclick.net www.googletagservices.com cdn-sic.33across.com
13	billingsgazette.com	3 redirects billingsgazette.com
11	tagan.adlightning.com	billingsgazette.com tagan.adlightning.com
9	tpc.googlesyndication.com	2 redirects billingsgazette.com tagan.adlightning.com
9	fundingchoicesmessages.google.com	billingsgazette.com tagan.adlightning.com
8	pagead2.googlesyndication.com	tagan.adlightning.com www.googletagservices.com securepubads.g.doubleclick.net tpc.googlesyndication.com
7	ic.tynt.com	billingsgazette.com
7	c.amazon-adsystem.com	billingsgazette.com c.amazon-adsystem.com cdn-sic.33across.com
7	cdn.cookielaw.org	billingsgazette.com cdn.cookielaw.org
6	i.liadm.com	2 redirects tagan.adlightning.com i.liadm.com
6	www.google-analytics.com	www.googletagmanager.com billingsgazette.com www.google-analytics.com
5	x.bidswitch.net	5 redirects
5	c8.dycdn.net	dkpklk99llpj0.cloudfront.net
5	www.googletagmanager.com	billingsgazette.com www.googletagmanager.com
4	www.googletagservices.com	tagan.adlightning.com
3	match.adsrvr.org	2 redirects bcp.crwdcntrl.net
3	www.facebook.com	billingsgazette.com
3	jssdks.mparticle.com	jssdkcdns.mparticle.com
3	www.google.com	tagan.adlightning.com billingsgazette.com
3	sb.scorecardresearch.com	1 redirects billingsgazette.com
3	connect.facebook.net	billingsgazette.com connect.facebook.net
3	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
3	survey.g.doubleclick.net	billingsgazette.com survey.g.doubleclick.net
2	loadm.exelator.com	1 redirects bcp.crwdcntrl.net
2	bcp.crwdcntrl.net	1 redirects tagan.adlightning.com
2	x.dlx.addthis.com	1 redirects i.liadm.com
2	dpm.demdex.net	2 redirects
2	i6.liadm.com	i.liadm.com
2	de.tynt.com	cdn.tynt.com
2	cdn-sic.33across.com	tagan.adlightning.com
2	dkpklk99llpj0.cloudfront.net	d81mfvml8p5ml.cloudfront.net
2	identity.mparticle.com	jssdkcdns.mparticle.com
2	www.google.de	billingsgazette.com
2	a.leetemplates.com	storage.googleapis.com
2	insight.adsrvr.org	1 redirects d1eoo1tco6rr5e.cloudfront.net
2	b-code.liadm.com	www.googletagmanager.com tagan.adlightning.com
2	js.matheranalytics.com	1 redirects billingsgazette.com
2	adservice.google.de	survey.g.doubleclick.net tagan.adlightning.com
2	geolocation.onetrust.com	cdn.cookielaw.org
2	www.gstatic.com	billingsgazette.com
1	cm.g.doubleclick.net	bcp.crwdcntrl.net
1	ml314.com	bcp.crwdcntrl.net
1	idsync.rlcdn.com	bcp.crwdcntrl.net
1	thrtle.com	bcp.crwdcntrl.net
1	trc.taboola.com	i.liadm.com
1	sync.srv.stackadapt.com	1 redirects
1	sync.mathtag.com	1 redirects
1	sli.billingsgazette.com	billingsgazette.com
1	sic.33across.com	tagan.adlightning.com
1	acdn.adnxs.com	cdn-sic.33across.com
1	am.freshrelevance.com	tagan.adlightning.com
1	serving.roimediaconsultants.com	tagan.adlightning.com
1	sc.tynt.com	tagan.adlightning.com
1	rp4.liadm.com	billingsgazette.com
1	rp.liadm.com	1 redirects
1	www.i.matheranalytics.com	billingsgazette.com
1	cdn.tynt.com	tagan.adlightning.com
1	dn1i8v75r669j.cloudfront.net	d81mfvml8p5ml.cloudfront.net
1	cdnjs.cloudflare.com	bloximages.chicago2.vip.townnews.com
1	analytics.google.com	www.googletagmanager.com
1	d1eoo1tco6rr5e.cloudfront.net	www.googletagmanager.com
1	jssdkcdns.mparticle.com	billingsgazette.com
1	d81mfvml8p5ml.cloudfront.net	www.googletagmanager.com
1	storage.googleapis.com	www.googletagmanager.com
1	ad.crwdcntrl.net	tagan.adlightning.com
1	98f02a78e754ebda3aed7126cb8a8a0c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	adservice.google.com	tagan.adlightning.com
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	contributor.google.com	billingsgazette.com
1	tags.crwdcntrl.net	billingsgazette.com
1	click1.email.lee.net	1 redirects
221	73

This site contains links to these domains. Also see Links.

Domain
adclick.g.doubleclick.net
reviews.billingsgazette.com
www.stringr.com
autos.montanawheelsforyou.com
billingsgazettestore.com
go.billingsgazette.com
www.google.com
boldmagnolia.com
www.kalispellkreamery.com
sellitmt.com
billingsthriftynickel.com
homes.montanalandmagazine.com
lee.net
bloxcms.com
townnews.com
cookiepedia.co.uk
onetrust.com

Subject Issuer	Validity	Valid
billingsgazette.com ZeroSSL ECC Domain Secure Site CA	`2022-01-06` - `2022-04-06`	3 months	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-09` - `2022-04-09`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2021-06-01` - `2022-05-31`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.adlightning.com Amazon	`2021-06-24` - `2022-07-23`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2021-02-12` - `2022-02-11`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-10-20` - `2022-01-18`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.liadm.com Amazon	`2021-03-02` - `2022-03-31`	a year	crt.sh
jssdkcdns.mparticle.com R3	`2021-12-27` - `2022-03-27`	3 months	crt.sh
a.leetemplates.com GTS CA 1D4	`2021-12-15` - `2022-03-15`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
identity.mparticle.com Go Daddy Secure Certificate Authority - G2	`2021-07-07` - `2022-08-08`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
www.i.matheranalytics.com Sectigo RSA Domain Validation Secure Server CA	`2020-01-28` - `2022-01-27`	2 years	crt.sh
www.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
jssdks.mparticle.com R3	`2021-12-27` - `2022-03-27`	3 months	crt.sh
serving.roimediaconsultants.com Go Daddy Secure Certificate Authority - G2	`2021-07-27` - `2022-08-28`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.freshrelevance.com Amazon	`2021-06-16` - `2022-07-15`	a year	crt.sh
*.dycdn.net Amazon	`2021-04-11` - `2022-05-10`	a year	crt.sh
cdn.adnxs.com GeoTrust RSA CA 2018	`2021-03-11` - `2022-02-07`	a year	crt.sh
sli.buffalo.com R3	`2021-12-01` - `2022-03-01`	3 months	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.thrtle.com Go Daddy Secure Certificate Authority - G2	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.ml314.com Amazon	`2021-12-17` - `2023-01-14`	a year	crt.sh

This page contains 17 frames:

Primary Page: https://billingsgazette.com/
Frame ID: 57DCDD5DA20D901C965A801F034B563E
Requests: 160 HTTP requests in this frame

Frame: https://98f02a78e754ebda3aed7126cb8a8a0c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: DF2D030727A421008F9BC95428EED0E0
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Frame ID: D385D752608C6BCE85E8CE48418F38BF
Requests: 2 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Frame ID: 99950173D7300B880A219A6DC5020F95
Requests: 5 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Frame ID: 94DA68A41EDFFFE3660FC04B53B65FC6
Requests: 10 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Frame ID: F35FC3D746E73D225018391D1989741E
Requests: 8 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Frame ID: 53B8C1E0AA661FA3CE924201C9041D20
Requests: 10 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 628333F587063CDC4997FF9C2D831762
Requests: 1 HTTP requests in this frame

Frame: https://am.freshrelevance.com/tpc/
Frame ID: 80CE6074AFD489099062200D4EA8A7B9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ast/ast.js
Frame ID: 2659FBFBB84B664D8D6F818B9BD5C7A1
Requests: 1 HTTP requests in this frame

Frame: https://c.amazon-adsystem.com/aax2/apstag.js
Frame ID: 878B0D3EB81AB143074103373DCB6D91
Requests: 2 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-012k?s=&cim=&ps=true&ls=true&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: E6E4C773E1AF53B08F6A177F194D1F16
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A7F57620AD448142C2BDB60052577C49
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: AB17AC4C499CA485BAE3B3E9E1D8C3C1
Requests: 2 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
Frame ID: 2E3381EA79ECB0E9BBDCC63EDB74B5DF
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 1956821CA7988A55CBE0A86F33E13CB5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0929DAEBE3131ABB1683058DFFE47BA1
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Billings Gazette | Montana Wyoming Breaking Ne | Read Billings, Montana and Montana breaking news. Get latest news, events and information on Montana sports, weather, entertainment and lifestyles.Image galleryCollectionImage galleryImage galleryCollectionPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adPDF display adBack ButtonSearch IconFilter IconArrow

Page URL History Show full URLs

http://click1.email.lee.net/qhdynsffpfjtdmgntvwsstdpbdtrbydpdnhqmhfgswmfgvd_okwzttktrqdtlktmjfkff.html?a... HTTP 302
https://billingsgazette.com/ Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

221
Requests

93 %
HTTPS

45 %
IPv6

43
Domains

73
Subdomains

61
IPs

6
Countries

3813 kB
Transfer

9108 kB
Size

53
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjstUTERTqupfhHysefjcJCf9Y0RNZhuMVAQoDQDPhjlzSyOmoSf-TI_R3JnQY_cSl-M9LZSnvlJ2ev4Sw2FS0Um7Jh3OGvVG_KDXtCmF5ez_e3xXr_yhDoz5I7xHTogAICz4voiisQwxObarmPK0dz4RjZ2E4lAD0OUPDXbv6zoIznHGJcT1HsUQtvZTXdeuNSLOhofcSQDiUgTOHMCv1q4p_NWS98Mg684fZKRNvwOGZHUSlvDjeE0rnrVceQXiieRWBhVxw-2e5AuSXhiM_qERbBTGYXMXNzzDeOx6dW8lw_Q2ahdtWCspch6E1-PL7_kgl8vqzw%2526sai%253DAMfl-YTIYBOplY1D_88gJjnXHkv6mWqIgAibsukdDKqwWGov8UTijCseY2lG8JBY8RmfkTh2EUU5oxXXmAhwEyQD0WjxNuU-4bfAybbgSQ_ahFRtRE6o1GV7JLfLC8w_6d75%2526sig%253DCg0ArKJSzDxDbJy2x-EoEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253Dhttps://www.chicohotsprings.com/

Search URL Search Domain Scan URL

URL: https://reviews.billingsgazette.com/
Title: Buyer's Guides

Search URL Search Domain Scan URL

URL: https://www.stringr.com/xlcB65T_CWp
Title: Share video

Search URL Search Domain Scan URL

URL: https://autos.montanawheelsforyou.com/
Title: Cars

Search URL Search Domain Scan URL

URL: https://billingsgazettestore.com/
Title: Billings Gazette Store

Search URL Search Domain Scan URL

URL: https://go.billingsgazette.com/firstresponders2021

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/dir//Serving%20the%20Billings%20Area%2BBillings%2BMT%2B59102
Title: Serving the Billings Area, Billings, MT 59102

Search URL Search Domain Scan URL

URL: http://boldmagnolia.com/
Title: Website

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/dir//480%20Lost%20Creek%20Drive%2BKalispell%2BMT%2B59901
Title: 480 Lost Creek Drive, Kalispell, MT 59901

Search URL Search Domain Scan URL

URL: http://www.kalispellkreamery.com/
Title: Website

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/dir//P.O.%20Box%20285%2BButte%2BMt%2B59701
Title: P.O. Box 285, Butte, Mt 59701

Search URL Search Domain Scan URL

URL: https://sellitmt.com/
Title: Sell It MT

Search URL Search Domain Scan URL

URL: https://billingsthriftynickel.com/
Title: Thrifty Nickel

Search URL Search Domain Scan URL

URL: https://homes.montanalandmagazine.com/
Title: Montana Land Magazine

Search URL Search Domain Scan URL

URL: https://lee.net/careers/opportunities/?utm_source=newspaper&utm_medium=blox&utm_campaign=workhere
Title: Work here

Search URL Search Domain Scan URL

URL: https://bloxcms.com/
Title: BLOX Content Management System

Search URL Search Domain Scan URL

URL: https://townnews.com/
Title: TownNews.com

Search URL Search Domain Scan URL

URL: https://cookiepedia.co.uk/giving-consent-to-cookies
Title: More information

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://click1.email.lee.net/qhdynsffpfjtdmgntvwsstdpbdtrbydpdnhqmhfgswmfgvd_okwzttktrqdtlktmjfkff.html?a=billingsgazette.com HTTP 302
https://billingsgazette.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://billingsgazette.com/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_vtum=1&tnms_vt=1&tnms_vid=164183324948216001200930290164229&tnms_dt=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&tnms_upage=1&tnms_do=billingsgazette.com&tnms_uri=/&tnms_ref=&rt=1641833249487 HTTP 302
https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM05vWVhKbFpDMWpiMjUwWlc1MEwyRnlkQzl6ZEdGMGN5OWpiMjF0YjI0dmRISmhZMnRsY2k1bmFXWV9kRzV0YzE5eWN6MHhOakF3ZURFeU1EQjRNalFtZEc1dGMxOTJkSFZ0UFRFbWRHNXRjMTkyZEQweEpuUnViWE5mZG1sa1BURTJOREU0TXpNeU5EazBPREl4TmpBd01USXdNRGt6TURJNU1ERTJOREl5T1NaMGJtMXpYMlIwUFZSb1pTVXlNRUpwYkd4cGJtZHpKVEl3UjJGNlpYUjBaU1V5TUNVM1F5VXlNRTF2Ym5SaGJtRWxNakJYZVc5dGFXNW5KVEl3UW5KbFlXdHBibWNsTWpCT1pTVXlNQ1UzUXlVeU1GSmxZV1FsTWpCQ2FXeHNhVzVuY3lVeVF5VXlNRTF2Ym5SaGJtRWxNakJoYm1RbE1qQk5iMjUwWVc1aEpUSXdZbkpsWVd0cGJtY2xNakJ1WlhkekxpVXlNRWRsZENVeU1HeGhkR1Z6ZENVeU1HNWxkM01sTWtNbE1qQmxkbVZ1ZEhNbE1qQmhibVFsTWpCcGJtWnZjbTFoZEdsdmJpVXlNRzl1SlRJd1RXOXVkR0Z1WVNVeU1ITndiM0owY3lVeVF5VXlNSGRsWVhSb1pYSWxNa01sTWpCbGJuUmxjblJoYVc1dFpXNTBKVEl3WVc1a0pUSXdiR2xtWlhOMGVXeGxjeTRtZEc1dGMxOTFjR0ZuWlQweEpuUnViWE5mWkc4OVltbHNiR2x1WjNObllYcGxkSFJsTG1OdmJTWjBibTF6WDNWeWFUMHZKblJ1YlhOZmNtVm1QU1p5ZEQweE5qUXhPRE16TWpRNU5EZzM6MTY0MTgzMzI1MDoweDNkNTFlMDM5MDE3Y2YzOGJlOWY0NTk0MjM4ZmYyYTFjMDhhN2RhN2M

Request Chain 92

https://js.matheranalytics.com/s/ma1527/725149304/lee/ml.js?cb=1584 HTTP 301
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js

Request Chain 96

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

Request Chain 113

https://sb.scorecardresearch.com/b?c1=2&c2=10345586&ns__t=1641833250399&ns_c=UTF-8&cv=3.5&c8=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&c7=https%3A%2F%2Fbillingsgazette.com%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1641833250399&ns_c=UTF-8&cv=3.5&c8=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&c7=https%3A%2F%2Fbillingsgazette.com%2F&c9=

Request Chain 126

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDfvN_69gEQARgBMgjAoebjPzLc4Q HTTP 301
https://tpc.googlesyndication.com/simgad/8459441215549788494

Request Chain 127

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDfvN-YJBABGAEyCGFvDQ_P-baD HTTP 301
https://tpc.googlesyndication.com/simgad/4800270700873086447

Request Chain 134

https://rp.liadm.com/j?dtstmp=1641833250738&aid=a-012k&se=e30&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&tna=v2.3.0&pu=https%3A%2F%2Fbillingsgazette.com%2F&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlJlYWQgQmlsbGluZ3MsIE1vbnRhbmEgYW5kIE1vbnRhbmEgYnJlYWtpbmcgbmV3cy4gR2V0IGxhdGVzdCBuZXdzLCBldmVudHMgYW5kIGluZm9ybWF0aW9uIG9uIE1vbnRhbmEgc3BvcnRzLCB3ZWF0aGVyLCBlbnRlcnRhaW5tZW50IGFuZCBsaWZlc3R5bGVzLiI-PHRpdGxlPlRoZSBCaWxsaW5ncyBHYXpldHRlIHwgTW9udGFuYSBXeW9taW5nIEJyZWFraW5nIE5lIHwgUmVhZCBCaWxsaW5ncywgTW9udGFuYSBhbmQgTW9udGFuYSBicmVha2luZyBuZXdzLiBHZXQgbGF0ZXN0IG5ld3MsIGV2ZW50cyBhbmQgaW5mb3JtYXRpb24gb24gTW9udGFuYSBzcG9ydHMsIHdlYXRoZXIsIGVudGVydGFpbm1lbnQgYW5kIGxpZmVzdHlsZXMuPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtMSI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTIiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0zIj5JbWFnZSBnYWxsZXJ5PC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtNCI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTUiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNiI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNyI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS02Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTciPlBERiBkaXNwbGF5IGFkPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtOCI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS05Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEwIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTExIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEyIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEzIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE0Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE1Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI4Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI5Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlPkJhY2sgQnV0dG9uPC90aXRsZT48dGl0bGU-U2VhcmNoIEljb248L3RpdGxlPjx0aXRsZT5GaWx0ZXIgSWNvbjwvdGl0bGU-PHRpdGxlPkFycm93PC90aXRsZT4 HTTP 302
https://rp4.liadm.com/j?dtstmp=1641833250738&aid=a-012k&se=e30&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&tna=v2.3.0&pu=https%3A%2F%2Fbillingsgazette.com%2F&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlJlYWQgQmlsbGluZ3MsIE1vbnRhbmEgYW5kIE1vbnRhbmEgYnJlYWtpbmcgbmV3cy4gR2V0IGxhdGVzdCBuZXdzLCBldmVudHMgYW5kIGluZm9ybWF0aW9uIG9uIE1vbnRhbmEgc3BvcnRzLCB3ZWF0aGVyLCBlbnRlcnRhaW5tZW50IGFuZCBsaWZlc3R5bGVzLiI-PHRpdGxlPlRoZSBCaWxsaW5ncyBHYXpldHRlIHwgTW9udGFuYSBXeW9taW5nIEJyZWFraW5nIE5lIHwgUmVhZCBCaWxsaW5ncywgTW9udGFuYSBhbmQgTW9udGFuYSBicmVha2luZyBuZXdzLiBHZXQgbGF0ZXN0IG5ld3MsIGV2ZW50cyBhbmQgaW5mb3JtYXRpb24gb24gTW9udGFuYSBzcG9ydHMsIHdlYXRoZXIsIGVudGVydGFpbm1lbnQgYW5kIGxpZmVzdHlsZXMuPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtMSI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTIiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0zIj5JbWFnZSBnYWxsZXJ5PC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtNCI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTUiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNiI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNyI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS02Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTciPlBERiBkaXNwbGF5IGFkPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtOCI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS05Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEwIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTExIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEyIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEzIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE0Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE1Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI4Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI5Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlPkJhY2sgQnV0dG9uPC90aXRsZT48dGl0bGU-U2VhcmNoIEljb248L3RpdGxlPjx0aXRsZT5GaWx0ZXIgSWNvbjwvdGl0bGU-PHRpdGxlPkFycm93PC90aXRsZT4&i6=MjAwMTphYzg6MjA6M2IwMDoxMDExOjlhNmI6ZTZhNTo0NDBj&n3pc=true

Request Chain 163

https://billingsgazette.com/tncms/tracking/classifieds/featured/?i=0ada0bb8-b89d-5a3b-8435-7a5cf033defc, HTTP 302
https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwyTnNZWE56YVdacFpXUnpMMlpsWVhSMWNtVmtMejlwUFRCaFpHRXdZbUk0TFdJNE9XUXROV0V6WWkwNE5ETTFMVGRoTldObU1ETXpaR1ZtWXl3OjE2NDE4MzMyNTE6MHg2NGEwYTU0ZDE2YzFkODVhYWEyZTkyNzBmMDFiNDBmMDEwNDgwYmY0

Request Chain 164

https://billingsgazette.com/tncms/tracking/business/block/?i=1e1ca81b-e88e-53e0-82e5-041b756b3e0f,ee0021c8-b247-5a77-9ba5-816ebb2448ea,757dc4ca-ebbd-59f5-9afe-1546bf452851, HTTP 302
https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwySjFjMmx1WlhOekwySnNiMk5yTHo5cFBURmxNV05oT0RGaUxXVTRPR1V0TlRObE1DMDRNbVUxTFRBME1XSTNOVFppTTJVd1ppeGxaVEF3TWpGak9DMWlNalEzTFRWaE56Y3RPV0poTlMwNE1UWmxZbUl5TkRRNFpXRXNOelUzWkdNMFkyRXRaV0ppWkMwMU9XWTFMVGxoWm1VdE1UVTBObUptTkRVeU9EVXhMQToxNjQxODMzMjUxOjB4YTAyMDA5NGQzZGVlNmRkZDk2NzVhMWJiNmE5Y2NjYmNlNjlmMWRmMw

Request Chain 199

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-012k%2F0%2Fe2ce32418a5e43c89ec419ab06b5c751%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&d153adc3-f42d-4d65-b977-40b60bb563d1 HTTP 302
https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=7156&muid=fb0f61dc-6323-4f00-89ac-0d5e8a118117

Request Chain 200

https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveintent&ttd_tpi=1 HTTP 302
https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=b02ca7f6-f198-4367-a14a-a4eef8dba124 HTTP 303
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=b02ca7f6-f198-4367-a14a-a4eef8dba124

Request Chain 201

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-012k%2F0%2Fe2ce32418a5e43c89ec419ab06b5c751%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-012k%2F0%2Fe2ce32418a5e43c89ec419ab06b5c751%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=82775&muid=66770858859221020563657393955851330132

Request Chain 202

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=d153adc3-f42d-4d65-b977-40b60bb563d1 HTTP 302
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=d153adc3-f42d-4d65-b977-40b60bb563d1&rd=Y

Request Chain 203

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7 HTTP 303
https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7

Request Chain 204

https://x.bidswitch.net/sync?ssp=liveintent&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=liveintent&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1 HTTP 302
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=liveintent HTTP 302
https://x.bidswitch.net/sync?dsp_id=188&user_id=uUSb5RFUTFpWib4-lr5ey9lAlwM&user_group=1&ssp=liveintent HTTP 302
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7

Request Chain 210

https://bcp.crwdcntrl.net/5/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr HTTP 302
https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr

Request Chain 215

https://loadm.exelator.com/load/?p=204&g=260&buid=dea71a9141598ee40878d1bd557244ef&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=260&buid=dea71a9141598ee40878d1bd557244ef&j=0&xl8blockcheck=1

221 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
billingsgazette.com/
Redirect Chain

http://click1.email.lee.net/qhdynsffpfjtdmgntvwsstdpbdtrbydpdnhqmhfgswmfgvd_okwzttktrqdtlktmjfkff.html?a=billingsgazette.com
https://billingsgazette.com/

538 KB
70 KB

701ms
217ms

Document
text/html

192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://billingsgazette.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

192.104.182.209 , United States, ASN10668 (LEE-ASN, US),

Reverse DNS

cms.chicago2.vip.townnews.com

Software

Resource Hash

d87c4aa69c2b59db656928e424f66e08b7fd45654d4fd1674d9422cc72eae482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 10 Jan 2022 14:03:33 GMT
content-type: text/html; charset=UTF-8
x-loop: 1
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 10 Jan 2022 14:03:32 GMT
x-robots-tag: noarchive
x-xrds-location: https://billingsgazette.com/tncms/xrds/
x-ua-compatible: IE=edge
link: <https://bloximages.chicago2.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin <https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js>; rel=preload; as=script </shared-content/art/tncms/user/user.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.394adeeb6831ca20cb80bc3489a2f345.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.cb897187c4718280fd69d2e6d6c3909d.js>; rel=preload; as=script <https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js>; rel=preload; as=script <https://cdn.cookielaw.org/scripttemplates/otSDKStub.js>; rel=preload; as=script
x-tncms: 1.60.5; app7; 0.73s; 10.9M
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
etag: W/025e8e85d574588df9aaa0e3bea95914
content-encoding: gzip
vary: X-IPCountry, X-Townnews-Now-API-Version, Accept-Encoding
age: 9835
cache-control: public, max-age=10
x-vcache: HIT
accept-ranges: bytes
content-length: 69498

Redirect headers

Server: Apache-Coyote/1.1
Connection: Keep-Alive
Keep-Alive: timeout=60
Location: https://billingsgazette.com
Content-Type: text/html;charset=utf-8
Content-Length: 0
Date: Mon, 10 Jan 2022 16:47:28 GMT

GET
H2 200 jquery.min.d6d18fcf88750a16d256e72626e676a6.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/ 98 KB
34 KB 74ms
29ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 300838
cf-ray: 6cb76330ba406921-FRA
last-modified: Wed, 07 Jul 2021 20:09:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"60e609f2-1882c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 31 Aug 2022 19:01:11 GMT

GET
H2 200 user.js Show response
billingsgazette.com/shared-content/art/tncms/user/ 11 KB
4 KB 107ms
106ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/shared-content/art/tncms/user/user.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: 9476713709bfb2efbef10bee7267250bd6ef908f0f31927fc3f55d0d801a60d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:45:18 GMT
content-encoding: gzip
last-modified: Thu, 06 Jan 2022 21:43:53 GMT
age: 130
etag: W/"61d76299-2b02"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
x-vcache: HIT
accept-ranges: bytes
content-length: 3994
service-worker-allowed: /

GET
H2 200 bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/ 39 KB
11 KB 71ms
27ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 22677919
cf-ray: 6cb76330ba426921-FRA
last-modified: Fri, 06 Sep 2019 14:16:03 GMT
x-vcache: MISS
server: cloudflare
etag: W/"5d726a23-9bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Sat, 06 Nov 2021 06:59:00 GMT

GET
H2 200 common.08a61544f369cc43bf02e71b2d10d49f.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 32 KB
12 KB 72ms
28ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 10332731
cf-ray: 6cb76330ca506921-FRA
last-modified: Wed, 05 May 2021 20:06:42 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6092fad2-8154"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 25 May 2022 06:27:55 GMT

GET
H2 200 tnt.394adeeb6831ca20cb80bc3489a2f345.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 9 KB
3 KB 81ms
37ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.394adeeb6831ca20cb80bc3489a2f345.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a769d4bf461200d7c95adb57e300810ce0c5e61951f031755e91aad1329c4691

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 420364
cf-ray: 6cb76330ba446921-FRA
last-modified: Tue, 04 Jan 2022 21:06:17 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61d4b6c9-25b9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Thu, 05 Jan 2023 20:01:08 GMT

GET
H2 200 application.cb897187c4718280fd69d2e6d6c3909d.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 71ms
28ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.cb897187c4718280fd69d2e6d6c3909d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

165f2224fdb220f295f4c441bad7dfc35fd9ef57cb56af722285137944f598a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 17856903
cf-ray: 6cb76330ca546921-FRA
last-modified: Wed, 05 May 2021 20:06:24 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6092fac0-104a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 25 May 2022 06:27:55 GMT

GET
H2 200 tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 2 KB
974 B 71ms
27ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6552471
cf-ray: 6cb76330ca566921-FRA
last-modified: Tue, 06 Jul 2021 13:05:12 GMT
x-vcache: HIT
server: cloudflare
etag: W/"60e45508-9ae"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 06 Jul 2022 19:01:09 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 19 KB
7 KB 73ms
31ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: dMq6iJthjOyg56NOUFVpHQ==
age: 13981
vary: Accept-Encoding
content-length: 6508
x-ms-lease-status: unlocked
last-modified: Mon, 10 Jan 2022 12:53:10 GMT
server: cloudflare
etag: 0x8D9D43827C9A0F5
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 9eb787b8-b01e-012d-2321-061d73000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6cb76330bf2259ad-MXP

GET
H2 200 bootstrap.min.c58a1beaa3640fa94c3db09673c4d95c.css
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/ 107 KB
18 KB 63ms
37ms Stylesheet
text/css 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/bootstrap.min.c58a1beaa3640fa94c3db09673c4d95c.css

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

644304fe15c7f17a6ab07588fa14318ebce8730a85eb17b3a0fddca16fe9bae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 420364
cf-ray: 6cb76330ba2d6921-FRA
last-modified: Tue, 04 Jan 2022 21:03:53 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61d4b639-1ab8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Thu, 05 Jan 2023 20:01:08 GMT

GET
H2 200 layout.2ce6292643f5129895871a2478a4614d.css
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/ 150 KB
27 KB 61ms
35ms Stylesheet
text/css 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/layout.2ce6292643f5129895871a2478a4614d.css

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5893bd080d50d15706acc7a4a216160ed89641c7f7ef286418a57ca2d684d744

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 300838
cf-ray: 6cb76330ba326921-FRA
last-modified: Tue, 04 Jan 2022 21:07:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61d4b70a-25797"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Thu, 05 Jan 2023 20:01:08 GMT

GET
H2 200 lee.ds.css
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/ 63 KB
12 KB 48ms
22ms Stylesheet
text/css 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/lee.ds.css?_dc=1641542413

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d6bc5ccc0d04e6ccfbecd2bd5775b3604995e5196b4e08c179d0885e7e94925

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 290298
cf-ray: 6cb76330ba396921-FRA
last-modified: Fri, 07 Jan 2022 08:00:13 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61d7f30d-fc8d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Sat, 07 Jan 2023 08:05:26 GMT

GET
H2 200 flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 6 KB
2 KB 54ms
29ms Stylesheet
text/css 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 22677919
cf-ray: 6cb76330ba376921-FRA
last-modified: Mon, 16 Nov 2020 16:06:26 GMT
x-vcache: MISS
server: cloudflare
etag: W/"5fb2a382-189c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Sat, 20 Nov 2021 08:42:01 GMT

GET
H2 200 owl.carousel.d631cca58a0d014854c4a6c1815f1da3.css
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/styles/ 5 KB
1 KB 74ms
49ms Stylesheet
text/css 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/styles/owl.carousel.d631cca58a0d014854c4a6c1815f1da3.css

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f43f4ee69c1e53622d634119250c9ecc2b189983c3e9dcf6bca4c59523b2b4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 297406
cf-ray: 6cb76330ba3d6921-FRA
last-modified: Wed, 05 May 2021 20:07:33 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6092fb05-12b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 25 May 2022 06:27:55 GMT

GET
H2 200 cc.js Show response
tags.crwdcntrl.net/c/6894/ 38 KB
12 KB 81ms
24ms Script
application/json 143.204.98.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/c/6894/cc.js?ns=_cc6894
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-104.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a2f10e09cd6e81eb686dbca9e6056ed485e87d3869bac347455547c294cb036

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 10 Jan 2022 15:45:12 GMT
content-encoding: gzip
last-modified: Tue, 15 Dec 2020 16:50:47 GMT
server: AmazonS3
age: 3738
etag: W/"8cd042d9f203fe2e01747c7444f95498"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
cache-control: max-age: 86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: qdb89b2JwDcsFR-pV8Fn1Z1xBJ9lgSW1ApLAAur_5Zh_f3uIdGLAKw==

GET
H2 200 access.js Show response
billingsgazette.com/shared-content/art/tncms/api/ 86 KB
34 KB 109ms
109ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/shared-content/art/tncms/api/access.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: b140866a13c2eeca9a0ad91f4bf8e505a0fa237279f9d6616c3c21329139f1de

Request headers

Referer: https://billingsgazette.com/
Origin: https://billingsgazette.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:45:19 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:16:19 GMT
age: 130
etag: W/"61b27223-15686"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
x-vcache: HIT
accept-ranges: bytes
content-length: 34923
service-worker-allowed: /

GET
H2 200 user-controls.578df3df79d812af55ab13bae47f9857.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/ 532 B
442 B 23ms
20ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/user-controls.578df3df79d812af55ab13bae47f9857.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

321fb426ca5f214a70f2faf9f9ded0e9332a1d134c0279983cb821d50c94b7f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6492260
cf-ray: 6cb763314b9f6921-FRA
last-modified: Wed, 05 May 2021 20:06:25 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6092fac1-214"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 25 May 2022 06:27:56 GMT

GET
H2 200 owl.carousel.66c591eb93f177b0f59892f361c3b1b4.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 40 KB
11 KB 22ms
19ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/owl.carousel.66c591eb93f177b0f59892f361c3b1b4.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2bedb8d9b818971c16b394180d1decd7e9993d6d6bcc0656637fa4a2e0ef191

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 12060904
cf-ray: 6cb763314ba26921-FRA
last-modified: Wed, 05 May 2021 20:06:46 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6092fad6-9fe8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 25 May 2022 05:46:03 GMT

GET
H2 200 tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 3 KB
1 KB 21ms
18ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 467442
cf-ray: 6cb763314ba56921-FRA
last-modified: Mon, 20 Dec 2021 18:25:11 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61c0ca87-db8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Thu, 05 Jan 2023 06:56:47 GMT

GET
H2 200 tnt.notify.panel.d7dc4795339f38cc067ead9f2f5ef1fb.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 6 KB
2 KB 23ms
20ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff30298cb08600b21e18d99439aab14c6616c4436c5183aeeb1b47f68994448

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 467442
cf-ray: 6cb763314ba66921-FRA
last-modified: Mon, 20 Dec 2021 18:25:12 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61c0ca88-19d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Thu, 05 Jan 2023 06:56:47 GMT

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/6.6.2/ 11 KB
4 KB 37ms
6ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.6.2/firebase-app.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 07 Jan 2022 04:41:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 302748
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3945
x-xss-protection: 0
last-modified: Thu, 19 Sep 2019 21:11:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="firebase-js"
expires: Sat, 07 Jan 2023 04:41:41 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/6.6.2/ 31 KB
9 KB 37ms
7ms Script
text/javascript 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.6.2/firebase-messaging.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 08 Jan 2022 09:09:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 200252
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8653
x-xss-protection: 0
last-modified: Thu, 19 Sep 2019 21:11:54 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 08 Jan 2023 09:09:57 GMT

GET
H2 200 messaging.js Show response
billingsgazette.com/shared-content/art/tncms/api/ 4 KB
1 KB 108ms
105ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/shared-content/art/tncms/api/messaging.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: fe5d23d415187d71dfa026db8852418f98513ef7f7a1c3e1321bc95d6d6a0f5f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:42:32 GMT
content-encoding: gzip
last-modified: Thu, 06 Jan 2022 21:43:53 GMT
age: 296
etag: W/"61d76299-11aa"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
x-vcache: HIT
accept-ranges: bytes
content-length: 1259
service-worker-allowed: /

GET
H2 200 tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 200 B
277 B 62ms
37ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ac4a1580edb443420c38896152a03c80c8fa8e5f1f09853896b810d87309a80

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6903830
cf-ray: 6cb76330ca586921-FRA
last-modified: Fri, 16 Apr 2021 14:04:15 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6079995f-c8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Sat, 23 Apr 2022 01:50:13 GMT

GET
H2 200 tracking.js Show response
billingsgazette.com/shared-content/art/tncms/ 3 KB
1 KB 105ms
105ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/shared-content/art/tncms/tracking.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: 18eadbed616a1c6d3afcf2750befa4c653869688479efbfdb0020c7c836d718b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:45:18 GMT
content-encoding: gzip
last-modified: Thu, 06 Jan 2022 21:43:53 GMT
age: 130
etag: W/"61d76299-a4b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
x-vcache: HIT
accept-ranges: bytes
content-length: 1149
service-worker-allowed: /

GET
H2 200 otCCPAiab.js Show response
cdn.cookielaw.org/opt-out/ 22 KB
6 KB 27ms
25ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/opt-out/otCCPAiab.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c020f54c248a55614e1dbe7002ac03e4a6ed263a6e9d460621b4894add76efcd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: kdqkvU4KECv4erbHaj7Yfg==
age: 13942
vary: Accept-Encoding
x-ms-lease-status: unlocked
last-modified: Tue, 21 Dec 2021 17:26:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 89213844-501e-0001-6eac-f6d91b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
cf-ray: 6cb76331589f59ad-MXP

GET
H2 200 fontawesome.3aa64d478db9cdd63e9d4b159e0c9334.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 253 KB
91 KB 34ms
31ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/fontawesome.3aa64d478db9cdd63e9d4b159e0c9334.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3a9a6006e4c01d6d84a49eecf07cf36a818779ff4e99bbff22850f02de9c7a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 10332713
cf-ray: 6cb763314baa6921-FRA
last-modified: Wed, 25 Aug 2021 16:36:45 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6126719d-3f553"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 31 Aug 2022 19:01:11 GMT

GET
H2 200 tracker.js Show response
billingsgazette.com/shared-content/art/stats/common/ 9 KB
3 KB 106ms
105ms Script
application/x-javascript 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/shared-content/art/stats/common/tracker.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:44:19 GMT
content-encoding: gzip
last-modified: Thu, 03 Jun 2021 19:09:11 GMT
age: 190
etag: W/"60b928d7-2200"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
x-vcache: HIT
accept-ranges: bytes
content-length: 3224
service-worker-allowed: /

GET
H2 200 billingsgazette.com.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/400/ 6 KB
6 KB 21ms
19ms Image
image/webp 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/400/billingsgazette.com.png?_dc=Jan.Mon.2022

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6507fd39f6e7d0d8757281cfd08b11de1579d2ad4504048afd60d6655a46ece5

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
vary: Accept
cf-cache-status: HIT
age: 35107
cf-polished: origFmt=png, origSize=9221
last-modified: Wed, 25 Sep 2019 23:31:23 GMT
content-disposition: inline; filename="billingsgazette.webp"
content-length: 5640
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5d8bf8cb-2405"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
expires: Tue, 10 Jan 2023 07:00:03 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb763314bac6921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 73d6a18e-4202-11ea-b290-abb227f2ca0e.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/ 1 KB
1 KB 22ms
20ms Image
image/webp 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/73d6a18e-4202-11ea-b290-abb227f2ca0e.png

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b6c42adbbed5052468fe24de92d778f49aecdfcca1d696dd06b8319410b5a3fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
vary: Accept
cf-cache-status: HIT
age: 22677918
cf-polished: origFmt=png, origSize=1525
last-modified: Tue, 28 Jan 2020 19:14:48 GMT
content-disposition: inline; filename="73d6a18e-4202-11ea-b290-abb227f2ca0e.webp"
content-length: 1284
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5e308828-5f5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
expires: Fri, 25 Feb 2022 20:04:30 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb763314bad6921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 1471b9e0-4202-11ea-b290-4f5ac74f43eb.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/ 2 KB
3 KB 44ms
42ms Image
image/webp 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/1471b9e0-4202-11ea-b290-4f5ac74f43eb.png

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fcd21f6a170f68c4d9214fcc867042f2ae8aee9973d23acafbc1f51ad3aac67

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
vary: Accept
cf-cache-status: HIT
age: 1145222
cf-polished: origFmt=png, origSize=2835
last-modified: Tue, 28 Jan 2020 19:12:08 GMT
content-disposition: inline; filename="1471b9e0-4202-11ea-b290-4f5ac74f43eb.webp"
content-length: 2360
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5e308788-b13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 28 Dec 2022 10:40:27 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb763314bb06921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 181 KB
61 KB 45ms
15ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

614f1494504a07c7a69e7eccefe353b4013e7506873257f38f2d768d5e50a745

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61841
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jan 2022 16:47:29 GMT

GET
H2 200 ilad-logo.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/blocks/deal-widget/ 8 KB
8 KB 34ms
33ms Image
image/webp 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/blocks/deal-widget/ilad-logo.png?_dc=22.01.10.07

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

656a62e7cfbd270352bfa0ccf580e3b84cb18ff2256277c699a9144edae5db21

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
vary: Accept
cf-cache-status: HIT
age: 16414
cf-polished: origFmt=png, origSize=13011
last-modified: Tue, 29 Sep 2020 18:45:56 GMT
content-disposition: inline; filename="ilad-logo.webp"
content-length: 8256
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "5f7380e4-32d3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
expires: Tue, 10 Jan 2023 12:01:03 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb763314bb16921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 b229bcec-420b-11ea-b290-3b84c241d532.png
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/ 2 KB
3 KB 33ms
31ms Image
image/webp 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/custom/image/b229bcec-420b-11ea-b290-3b84c241d532.png?resize=400%2C79

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7baffa7d286eb3e6d0dd2ef8027608fb2de46f761cfdce3d0195af8281c02db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
vary: Accept
cf-cache-status: HIT
age: 1783402
cf-polished: origFmt=png, origSize=3858
last-modified: Tue, 28 Jan 2020 20:20:59 GMT
content-disposition: inline; filename="b229bcec-420b-11ea-b290-3b84c241d532.webp"
content-length: 2380
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "33d85a6ac0df934d77083e4386faf19c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
expires: Thu, 15 Dec 2022 23:33:41 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb763314bb36921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 op.js Show response
tagan.adlightning.com/leeenterprises/ 44 KB
18 KB 79ms
25ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/op.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 95947d06941689a90b7c24049358663b52af9fdef2e5532bc74e8a342b1fff23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: 4znkGIiJ9TJkeCXMywi8HzcjAhXVkQpd
content-encoding: gzip
etag: "2c59a8d7fa9f553e721419e344b514ee"
age: 3529
x-cache: Hit from cloudfront
content-length: 18377
x-amz-meta-git_commit: 7b120a5
last-modified: Mon, 10 Jan 2022 04:49:00 GMT
server: AmazonS3
date: Mon, 10 Jan 2022 15:51:00 GMT
content-type: application/javascript
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
x-amz-cf-id: jzd4YsgFZbMPKOTIXGM9eMYnYFBrwjQkjccaczEbT6GKY_8Dv1fDgw==

GET
H2 200 dmp.reactive.0e53d3f9d235eed93a6018d451147284.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/ 510 B
412 B 34ms
31ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/scripts/dmp.reactive.0e53d3f9d235eed93a6018d451147284.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ddd466f2537ff1e7c620b9f5d3c50229baa530655c61abbdc412cf7b6c7fd5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 12060395
cf-ray: 6cb763314b9c6921-FRA
last-modified: Wed, 05 May 2021 20:06:25 GMT
x-vcache: MISS
server: cloudflare
etag: W/"6092fac1-1fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Tue, 24 May 2022 10:42:32 GMT

GET
H2 200 dfp.floor.js Show response
bloximages.chicago2.vip.townnews.com/leetemplates.com/content/tncms/live/global/resources/scripts/ 176 B
262 B 36ms
33ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/leetemplates.com/content/tncms/live/global/resources/scripts/dfp.floor.js?_dc=01107

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1de200150f4a5054f7c603b8889e3ec83c3c7d1cf27932ce2a97e2dbd361c17d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 17188
cf-ray: 6cb763314b9d6921-FRA
last-modified: Sat, 01 Jan 2022 06:00:06 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61cfede6-b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Tue, 10 Jan 2023 07:14:47 GMT

GET
H2 200 dfp.lazy.init.js Show response
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/ 12 KB
3 KB 22ms
19ms Script
application/x-javascript 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/dfp.lazy.init.js?_dc=1640073614

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

68bf61530a1fa0a4b3f8cdc648776cd6dbff579d7131736a57d937e22471b38d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1758994
cf-ray: 6cb763314b9e6921-FRA
last-modified: Tue, 21 Dec 2021 08:00:14 GMT
x-vcache: MISS
server: cloudflare
etag: W/"61c1898e-2f95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
expires: Wed, 21 Dec 2022 08:05:48 GMT

GET
H2 200 loader.js Show response
contributor.google.com/scripts/b765fd5c002b8ec/ 0
1 KB 49ms
20ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://contributor.google.com/scripts/b765fd5c002b8ec/loader.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorContributorHttp/cspreport, script-src 'report-sample' 'nonce-90oULyOMpiKaZcGTeuz0og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorContributorHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorContributorHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private, max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorContributorHttp/cspreport, script-src 'report-sample' 'nonce-90oULyOMpiKaZcGTeuz0og' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorContributorHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorContributorHttp/cspreport
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 10 Jan 2022 16:47:29 GMT

GET
H2 200 AGSKWxWx7yQUhe008vdbx7qOwWhCKmR-osSuFC3DDyvCm_K_nNMTjE2EGmV28JFHdjHcINdbHwRu0oRU4n5mb0jEyQ== Show response
fundingchoicesmessages.google.com/f/ 79 KB
29 KB 59ms
30ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWx7yQUhe008vdbx7qOwWhCKmR-osSuFC3DDyvCm_K_nNMTjE2EGmV28JFHdjHcINdbHwRu0oRU4n5mb0jEyQ==

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5cb84e065b17dc762b882ccfe563a396ae3c433f39d0c0f20c08394928615e50

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-mk70Iwhj6gaxYh4irq3RtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-mk70Iwhj6gaxYh4irq3RtQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-mk70Iwhj6gaxYh4irq3RtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-mk70Iwhj6gaxYh4irq3RtQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 78 KB
27 KB 64ms
34ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

3f9015c499bd1271c846320ce7319c22a88caa022a240e8c9b2cc62d3a4361a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26983
x-xss-protection: 0
server: sffe
etag: "1097 / 900 of 1000 / last-modified: 1641807575"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 10 Jan 2022 16:47:29 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 134 KB
36 KB 47ms
7ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: qkOcdGsoDUMvfWusL4m2BAijBZa3LkSN
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 308
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1N5660MRJCVXZ7J6PY16
date: Mon, 10 Jan 2022 16:42:21 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: PF-ISDB2Dt2g0tsWl-LpWfHNEWzI6qO4gdYRJlBArhdMMF6ukv7IvA==

GET
H2 200 8e938da9-cf0a-4516-a16e-77f7fa9735dc.json Show response
cdn.cookielaw.org/consent/8e938da9-cf0a-4516-a16e-77f7fa9735dc/ 2 KB
2 KB 47ms
19ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/8e938da9-cf0a-4516-a16e-77f7fa9735dc/8e938da9-cf0a-4516-a16e-77f7fa9735dc.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da9f4d68c82d5f141d9322bd69714d94101d649cf9b85ce3c6ae8b75dbe015ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: DWfe5jaSOQGKjM/dddfmBg==
age: 4799
vary: Accept-Encoding
content-length: 1107
x-ms-lease-status: unlocked
last-modified: Tue, 07 Jul 2020 23:04:30 GMT
server: cloudflare
etag: 0x8D822CA1B1394E5
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: a168401c-001e-0012-741b-b6ecfa000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6cb763317d730211-ZRH
expires: Mon, 10 Jan 2022 20:47:29 GMT

GET
H2

200

challenge
billingsgazette.com/_services/v1/client_captcha/
Redirect Chain

https://billingsgazette.com/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_vtum=1&tnms_vt=1&tnms_vid=164183324948216001200930290164229&tnms_dt=The%20Billings%20Gazette%20%7C%...
https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM05vWVhKbFpDMWpiMjUwWlc1MEwyRnlkQzl6ZEdGMGN5OWpiMjF0YjI0dmRISmhZMnRsY2k1bmFXWV9kRzV0YzE5eWN6MHhOakF...

4 KB
4 KB

108ms
108ms

Image
text/html

192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM05vWVhKbFpDMWpiMjUwWlc1MEwyRnlkQzl6ZEdGMGN5OWpiMjF0YjI0dmRISmhZMnRsY2k1bmFXWV9kRzV0YzE5eWN6MHhOakF3ZURFeU1EQjRNalFtZEc1dGMxOTJkSFZ0UFRFbWRHNXRjMTkyZEQweEpuUnViWE5mZG1sa1BURTJOREU0TXpNeU5EazBPREl4TmpBd01USXdNRGt6TURJNU1ERTJOREl5T1NaMGJtMXpYMlIwUFZSb1pTVXlNRUpwYkd4cGJtZHpKVEl3UjJGNlpYUjBaU1V5TUNVM1F5VXlNRTF2Ym5SaGJtRWxNakJYZVc5dGFXNW5KVEl3UW5KbFlXdHBibWNsTWpCT1pTVXlNQ1UzUXlVeU1GSmxZV1FsTWpCQ2FXeHNhVzVuY3lVeVF5VXlNRTF2Ym5SaGJtRWxNakJoYm1RbE1qQk5iMjUwWVc1aEpUSXdZbkpsWVd0cGJtY2xNakJ1WlhkekxpVXlNRWRsZENVeU1HeGhkR1Z6ZENVeU1HNWxkM01sTWtNbE1qQmxkbVZ1ZEhNbE1qQmhibVFsTWpCcGJtWnZjbTFoZEdsdmJpVXlNRzl1SlRJd1RXOXVkR0Z1WVNVeU1ITndiM0owY3lVeVF5VXlNSGRsWVhSb1pYSWxNa01sTWpCbGJuUmxjblJoYVc1dFpXNTBKVEl3WVc1a0pUSXdiR2xtWlhOMGVXeGxjeTRtZEc1dGMxOTFjR0ZuWlQweEpuUnViWE5mWkc4OVltbHNiR2x1WjNObllYcGxkSFJsTG1OdmJTWjBibTF6WDNWeWFUMHZKblJ1YlhOZmNtVm1QU1p5ZEQweE5qUXhPRE16TWpRNU5EZzM6MTY0MTgzMzI1MDoweDNkNTFlMDM5MDE3Y2YzOGJlOWY0NTk0MjM4ZmYyYTFjMDhhN2RhN2M
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
cache-control: no-cache
age: 0
accept-ranges: bytes
content-length: 3883
content-type: text/html; charset=utf-8

Redirect headers

location: /_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM05vWVhKbFpDMWpiMjUwWlc1MEwyRnlkQzl6ZEdGMGN5OWpiMjF0YjI0dmRISmhZMnRsY2k1bmFXWV9kRzV0YzE5eWN6MHhOakF3ZURFeU1EQjRNalFtZEc1dGMxOTJkSFZ0UFRFbWRHNXRjMTkyZEQweEpuUnViWE5mZG1sa1BURTJOREU0TXpNeU5EazBPREl4TmpBd01USXdNRGt6TURJNU1ERTJOREl5T1NaMGJtMXpYMlIwUFZSb1pTVXlNRUpwYkd4cGJtZHpKVEl3UjJGNlpYUjBaU1V5TUNVM1F5VXlNRTF2Ym5SaGJtRWxNakJYZVc5dGFXNW5KVEl3UW5KbFlXdHBibWNsTWpCT1pTVXlNQ1UzUXlVeU1GSmxZV1FsTWpCQ2FXeHNhVzVuY3lVeVF5VXlNRTF2Ym5SaGJtRWxNakJoYm1RbE1qQk5iMjUwWVc1aEpUSXdZbkpsWVd0cGJtY2xNakJ1WlhkekxpVXlNRWRsZENVeU1HeGhkR1Z6ZENVeU1HNWxkM01sTWtNbE1qQmxkbVZ1ZEhNbE1qQmhibVFsTWpCcGJtWnZjbTFoZEdsdmJpVXlNRzl1SlRJd1RXOXVkR0Z1WVNVeU1ITndiM0owY3lVeVF5VXlNSGRsWVhSb1pYSWxNa01sTWpCbGJuUmxjblJoYVc1dFpXNTBKVEl3WVc1a0pUSXdiR2xtWlhOMGVXeGxjeTRtZEc1dGMxOTFjR0ZuWlQweEpuUnViWE5mWkc4OVltbHNiR2x1WjNObllYcGxkSFJsTG1OdmJTWjBibTF6WDNWeWFUMHZKblJ1YlhOZmNtVm1QU1p5ZEQweE5qUXhPRE16TWpRNU5EZzM6MTY0MTgzMzI1MDoweDNkNTFlMDM5MDE3Y2YzOGJlOWY0NTk0MjM4ZmYyYTFjMDhhN2RhN2M
date: Mon, 10 Jan 2022 16:47:29 GMT
cache-control: no-cache, no-store
content-length: 17

GET
H2 200 survey Show response
survey.g.doubleclick.net/ 44 KB
12 KB 54ms
19ms Script
text/javascript 2a00:1450:4001:829::2011
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

91d2a62e14528d89f4144bdb64fc307d91638f0d9ce99f1612fced16928f0b44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, no-cache, must-revalidate, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
vary: *
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dnsfeed Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 191 B
224 B 107ms
58ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/dnsfeed

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/opt-out/otCCPAiab.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fd429b95adc1755ffb3f7d831ac7e33dad31379239750f32c49c98f7019e45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6cb76331ea700f5e-MXP

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 193 B
398 B 79ms
35ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6cb76331ea720f5e-MXP

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 57 B
413 B 16ms
16ms XHR
application/json 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3266&u=https%3A%2F%2Fbillingsgazette.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:42:26 GMT
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
server: Server
age: 302
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA50-C1
content-length: 57
x-amz-cf-id: li7OR9Zpr99S-pkbi23YR9ioSf0dR_3nM1eG3-lG5z6j5DfzC4mXcw==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 36ms
10ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 31328
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Mon, 10 Jan 2022 08:05:22 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 1f49a084ca923f375f74b42fa36ef428.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: h9JMXDHlnnVTSemmfXWg1FMbmHYR1ezL0icff-dgLq0SZVLME-D_1A==

GET
H2 200 prompt_embed_static__de.js Show response
survey.g.doubleclick.net/insights/consumersurveys/static/440635153187323431/ 413 KB
413 KB 11ms
10ms Script
application/javascript 2a00:1450:4001:829::2011
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://survey.g.doubleclick.net/insights/consumersurveys/static/440635153187323431/prompt_embed_static__de.js
Requested by: Host: survey.g.doubleclick.net
URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: cac51215c7891c57555d96a1e25ab8e65bf3c4fbb2de26598b756f31e372fbe4

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 10 Jan 2022 09:14:05 GMT
last-modified: Thu, 06 Jan 2022 18:11:40 GMT
server: Google Frontend
age: 27204
content-type: application/javascript
x-cloud-trace-context: bc3aff385a49bafa0f732e81eb90ce94
cache-control: public, max-age=2592000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 422980

GET
H2 200 integrator.sync.js Show response
adservice.google.de/adsid/ 111 B
796 B 68ms
17ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.sync.js?domain=billingsgazette.com

Requested by

Host: survey.g.doubleclick.net
URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

da46bc766028c67f94e34c39ecf0c36513fd5ffffe1e126ce09908ebcd671eb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4355
date: Mon, 10 Jan 2022 15:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 10 Jan 2022 17:34:54 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 94 KB
34 KB 18ms
16ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3382b5f78c7613fc13d4de00f9ed387f50663cc9d1c76118e55ea4ab3f1c5a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34997
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jan 2022 16:47:29 GMT

GET
H3 200 AGSKWxXaiGuupCMFAJfbvNDnHNeiquIUNMP17qgU3TTi5orjYG4EO0xsXDkCJQ-Ss_ErGEurJ0jOXIHzBmlcd3Usfw== Show response
fundingchoicesmessages.google.com/f/ 72 KB
26 KB 92ms
77ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXaiGuupCMFAJfbvNDnHNeiquIUNMP17qgU3TTi5orjYG4EO0xsXDkCJQ-Ss_ErGEurJ0jOXIHzBmlcd3Usfw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQxODMzMjQ5LDU5MDAwMDAwMF0sIjJGRDVENjdDLTQ1NzktNDBBNy05MkY2LUVBQTE2RjJEMzQwNiIsIkJFOEE5QkEwLTQwM0YtNEY5NC05N0QwLUZFN0Y1MjM3RDJCMiIsbnVsbCxbbnVsbCxbN10sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLHRydWUsdHJ1ZV0sImh0dHBzOi8vYmlsbGluZ3NnYXpldHRlLmNvbS8iLG51bGwsW11d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.P4_i3SKTBvs.es5.O/d=1/rs=AJlcJMxOqacJ6_pWnnZmCd5Nfl53OCQZSg/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

88f85d0f9e975d4313c570d4bf3733be6b97615f6127c5db5d3580a434a02017

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0lK8E6tg58bm2eQqCKNueA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-0lK8E6tg58bm2eQqCKNueA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-0lK8E6tg58bm2eQqCKNueA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-0lK8E6tg58bm2eQqCKNueA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2022010407.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 34ms
19ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

d4d964d6d34df7fde3554039d33b468b74afee14d6526a87b926688f0fc8d93c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120967
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 16:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 10 Jan 2022 16:47:29 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 225 B
154 B 32ms
17ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=billingsgazette.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a620dcbc90bb1b40ec6c877aa722e507930cb49a1a36f477292f6b46e5e21d0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 129
x-xss-protection: 0
expires: Mon, 10 Jan 2022 16:47:29 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
331 B 35ms
21ms XHR
application/json 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 94
x-xss-protection: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.2.0/ 325 KB
73 KB 29ms
29ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe83bf4d90f17ac9ecb4808ffe059d64d79d5cf6752859c37a8113584e959c2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: lTz3ZVqTbRC0XOtXa5KYcg==
age: 7231103
vary: Accept-Encoding
content-length: 74003
x-ms-lease-status: unlocked
last-modified: Fri, 26 Jun 2020 17:33:18 GMT
server: cloudflare
etag: 0x8D819F70401AE6F
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fb77d858-f01e-002e-086c-c45821000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6cb763327bb059ad-MXP

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
463 B 58ms
23ms XHR
application/json 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
server: ESF
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
vary: Origin, X-Origin, Referer
content-length: 23
x-xss-protection: 0

GET
H3 200 prompt Show response
survey.g.doubleclick.net/gk/ 0
41 B 18ms
17ms Script
text/javascript 2a00:1450:4001:829::2011
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://survey.g.doubleclick.net/gk/prompt?site=_rdjlrtrrurmuy&t=1&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249558&ref=&token=

Requested by

Host: survey.g.doubleclick.net
URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2011 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

x-why: UserPrivacyInfo does not meet requirements to be served (LAT and/or OPT_OUT modifier).
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 10 Jan 2022 16:47:29 GMT
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23
x-xss-protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 158 KB
59 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-NFTGWT90ER&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a146b9af7ea8c29e3c2f62b0f438fc01c26483728acbec71d96094c33eea6192

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59972
x-xss-protection: 0
expires: Mon, 10 Jan 2022 16:47:29 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 462 KB
106 KB 68ms
68ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7bb1c6330bed1ba8179bbac6962a39a05db8c1269b1bc5d0f66c7c94e3e3c64f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108383
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 10 Jan 2022 16:47:29 GMT

GET
DATA 200
OK truncated
/ 73 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 75 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e31c42447e764b1195ff393437950867800ce2465dd3724c95640f4f5b34487c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 serif-ds.woff2
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/ 26 KB
26 KB 61ms
21ms Font
application/font-woff2 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/images/serif-ds.woff2

Requested by

Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/lee.ds.css?_dc=1641542413

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/live/libraries/flex/components/lee_ds_v2/resources/styles/lee.ds.css?_dc=1641542413
Origin: https://billingsgazette.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:29 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 300820
last-modified: Wed, 21 Apr 2021 07:00:14 GMT
content-length: 26164
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "607fcd7e-6634"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb763331d972c4a-FRA
expires: Sat, 23 Apr 2022 06:58:44 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
441 B 98ms
25ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-54716522-7&cid=214812033.1641833250&jid=1549823667&gjid=71014138&_gid=541294454.1641833250&_u=YGBAgUABAAQCAE~&z=42268854

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 10 Jan 2022 16:47:29 GMT
content-type: text/plain
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 57ms
19ms Image
image/gif 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&aip=1&a=627010579&t=pageview&_s=1&dl=https%3A%2F%2Fbillingsgazette.com%2F&dp=%2F&ul=en-us&de=UTF-8&dt=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgUABAAQC~&jid=1549823667&gjid=71014138&cid=214812033.1641833250&tid=UA-54716522-7&_gid=541294454.1641833250&gtm=2wg150PDQV3N&cd2=editorial&cd3=flex&cd4=flex-editorial&cd5=no&cd6=Large%3A%20Desktop%20computers.&cd8=200&cd9=No&cd10=No&cd12=No&cd13=https%3A%2F%2Fbillingsgazette.com%2F&cd16=No&cd17=Page%20View&cm1=726&z=1994999902

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 04:27:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44404
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/8e938da9-cf0a-4516-a16e-77f7fa9735dc/75787057-4552-493b-aa72-b303111d8f91/ 14 KB
5 KB 39ms
39ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/8e938da9-cf0a-4516-a16e-77f7fa9735dc/75787057-4552-493b-aa72-b303111d8f91/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7402309ea1e862428f75607361831adb6416d6985d4e6a36f34e1650948bf274

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 10 Jan 2022 16:47:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ZeS4dUwiecQO2avMKRCesw==
age: 4798
vary: Accept-Encoding
content-length: 4667
x-ms-lease-status: unlocked
last-modified: Tue, 07 Jul 2020 23:04:34 GMT
server: cloudflare
etag: 0x8D822CA1D429AA4
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 97887af8-101e-0120-177e-edf27f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6cb76333c9b60211-ZRH
expires: Mon, 10 Jan 2022 20:47:29 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 14ms
13ms Ping
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-NFTGWT90ER&gtm=2oe150&_p=627010579&sr=1600x1200&ul=en-us&cid=214812033.1641833250&_s=1&dl=https%3A%2F%2Fbillingsgazette.com%2F&dt=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&sid=1641833249&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.application=editorial&ep.theme=flex&ep.skin_name=flex-editorial&ep.subscription_required=No&epn.blox_render_time=726&up.logged_in=No
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NFTGWT90ER&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:29 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 b-7b120a5-9b73d8fb.js Show response
tagan.adlightning.com/leeenterprises/ 73 KB
28 KB 23ms
23ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 12:36:33 GMT
content-encoding: gzip
age: 11333457
x-cache: Hit from cloudfront
content-length: 28059
x-amz-meta-git_commit: 7b120a5
last-modified: Tue, 03 Aug 2021 17:19:43 GMT
server: AmazonS3
etag: "afbaa3aad41d7158588b073852555441"
x-amz-version-id: UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: TQU2sU6gMZImQCJEEPina8EfXEqbqxgCiBK_bwvTIF7QcC148037ww==

GET
H2 200 bl-0af0356-00d68a3d.js Show response
tagan.adlightning.com/leeenterprises/ 49 KB
21 KB 24ms
23ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9431906c144ff04557d4ff1107eb545d75fea2b444bc0cd460b06dd221a825fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 05:33:05 GMT
content-encoding: gzip
age: 40465
x-cache: Hit from cloudfront
content-length: 20780
x-amz-meta-git_commit: 0af0356
last-modified: Mon, 10 Jan 2022 04:48:01 GMT
server: AmazonS3
etag: "c185388bdd01082287deadf69e3be2da"
x-amz-version-id: jVbTEWnBqVR_VdrmKyx1Slc0SJFUOILo
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 0gO-R5P_SQrypbfS7C-kkFtPyEXOgPlD2CdV3SC3PYEWINlAEyTdig==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
535 B 47ms
47ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3266&u=https%3A%2F%2Fbillingsgazette.com%2F&pid=3s8GGK4OANfPX&cb=0&ws=1600x1200&v=7.71.1&t=2000&slots=%5B%7B%22sd%22%3A%22fixed-leaderboard-top%22%2C%22s%22%3A%5B%22970x250%22%2C%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F8438%2Fbillingsgazette.com%2Fhomepage%22%7D%5D&pj=%7B%22sections%22%3A%22%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: S9KSGR3EYT1XDBX52849
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: ySSG3ZDu3PDul_I0Z_ducd-Nj6QYfVSKtsxc0_5q0PgNXhn7DOyxKg==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 64 B
535 B 48ms
48ms XHR
text/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=3266&u=https%3A%2F%2Fbillingsgazette.com%2F&pid=3s8GGK4OANfPX&cb=1&ws=1600x1200&v=7.71.1&t=2000&slots=%5B%7B%22sd%22%3A%22fixed-big-ad-top%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F8438%2Fbillingsgazette.com%2Fhomepage%22%7D%5D&pj=%7B%22sections%22%3A%22%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

143.204.95.188 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-143-204-95-188.fra50.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
x-amz-rid: A95DEM4PMM6NHPZYXSP6
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 64
x-amz-cf-id: oJCjfHFml7kuFWKgV3VElNiZPeXCyiUKtY1aTZpttCM7AExDc09xIQ==

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 34ms
17ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=billingsgazette.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
18ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=billingsgazette.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 35 KB
12 KB 50ms
49ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2087137363529733&correlator=4424957524683943&output=ldjh&impl=fif&eid=31063918&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220110&iu_parts=8438%2Cbillingsgazette.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=2x1&prev_scp=pos%3Dfixed-impact-top%2Catf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D4%26lee_hours%3D16%26lee_day%3D1%26fp%3D99&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26k%3Dbillings%252Cmontana%252CBig%2520sky%252Cwyoming%252Cbozeman%252Cyellowstone%252Cbig%2520timber%252Coutdoors%252Csports%252Chardin%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1641823412&dt=1641833250000&dlt=1641833249344&idt=341&frm=20&biw=1600&bih=1200&oid=2&adxs=799&adys=0&adks=930876955&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fbillingsgazette.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1&msz=1600x1&ga_vid=214812033.1641833250&ga_sid=1641833250&ga_hid=627010579&ga_fc=true&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

295b9a4cba84a09093cb392460e4f1ef5f33f00915d56234ba452b1f8b5ec503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12439
x-xss-protection: 0
google-lineitem-id: 5869970119
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138377348166
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 19 KB
9 KB 187ms
186ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2087137363529733&correlator=4225827586748500&output=ldjh&impl=fif&eid=31063918&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220110&iu_parts=8438%2Cbillingsgazette.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&prev_scp=pos%3Dfixed-impact-bottom%2Cbtf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D4%26lee_hours%3D16%26lee_day%3D1%26fp%3D99&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26k%3Dbillings%252Cmontana%252CBig%2520sky%252Cwyoming%252Cbozeman%252Cyellowstone%252Cbig%2520timber%252Coutdoors%252Csports%252Chardin%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1641823412&dt=1641833250014&dlt=1641833249344&idt=341&frm=20&biw=1600&bih=1200&oid=2&adxs=800&adys=1&adks=4005652246&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fbillingsgazette.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1&msz=1600x1&ga_vid=214812033.1641833250&ga_sid=1641833250&ga_hid=627010579&ga_fc=true&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

0a98bc21dd0c0778b31dc535a85bec35a92a9baa51eda9b20591e066453b67f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8702
x-xss-protection: 0
google-lineitem-id: 751596797
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 89240352317
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
264 B 182ms
181ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2087137363529733&correlator=4473443567233787&output=ldjh&impl=fif&eid=31063918&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220110&iu_parts=8438%2Cbillingsgazette.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=5x1&prev_scp=pos%3Dmembers-impact%2Catf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D3%26lee_hours%3D16%26lee_day%3D1%26fp%3D99&eri=1&cust_params=k%3Dbillings%252Cmontana%252CBig%2520sky%252Cwyoming%252Cbozeman%252Cyellowstone%252Cbig%2520timber%252Coutdoors%252Csports%252Chardin%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie_enabled=1&bc=31&abxe=1&lmt=1641823412&dt=1641833250018&dlt=1641833249344&idt=341&frm=20&biw=1600&bih=1200&oid=2&adxs=798&adys=6941&adks=4142575076&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fbillingsgazette.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x1&msz=1600x1&ga_vid=214812033.1641833250&ga_sid=1641833250&ga_hid=627010579&ga_fc=true&fws=4&ohw=1600&btvi=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

099e517fbae7720fe1684cd93c76299d211cd0d6c6877f1b60e4938f6aaabfdb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
98f02a78e754ebda3aed7126cb8a8a0c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DF2D 6 KB
4 KB 77ms
14ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://98f02a78e754ebda3aed7126cb8a8a0c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 10 Jan 2022 16:47:30 GMT
expires: Tue, 10 Jan 2023 16:47:30 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 var=tncms_siteaud Show response
ad.crwdcntrl.net/5/c=6881/pe=y/ 77 B
312 B 104ms
33ms Script
application/javascript 52.30.14.23
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.crwdcntrl.net/5/c=6881/pe=y/var=tncms_siteaud
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.14.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 059bc42513157b8af9033f063157dffd7a9a1c6bbc9e4f2b3bc75d52be38863d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:30 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.23.39
content-type: application/javascript;charset=utf-8
content-length: 77
expires: 0

GET
H2 200 61dbd73f3a6c9.preview-620.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/eedition/4/f9/4f93f137-3db0-588d-ac96-d17a07670bd4/ 180 KB
180 KB 30ms
29ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/eedition/4/f9/4f93f137-3db0-588d-ac96-d17a07670bd4/61dbd73f3a6c9.preview-620.jpg?resize=620%2C1326

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb922fc9d2ef402af3db9b4879dcad632b88249698df4f2807961f5fab27e192

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 31594
cf-polished: origSize=185103, status=webp_bigger
last-modified: Mon, 10 Jan 2022 06:50:40 GMT
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "a6267937b8ef1e50ed98b44ddf6ff89d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
expires: Tue, 10 Jan 2023 07:05:47 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb76334cc5b6921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 61d618b72bd9e.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/4/0a/40a7cc80-eeff-54d1-8109-d5b283cf4499/ 4 KB
4 KB 27ms
25ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/4/0a/40a7cc80-eeff-54d1-8109-d5b283cf4499/61d618b72bd9e.preview.jpg?resize=150%2C84

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e987cd9863ecef803b7aeb4c497c16d40158d0a73f64a1c4a405da9d1778771

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 59091
cf-polished: origSize=4082, status=webp_bigger
last-modified: Wed, 05 Jan 2022 22:16:23 GMT
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "ed8a2f340b30e20777ca253700067c36"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 09 Jan 2023 00:30:56 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb76334cc5e6921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 61c16d8de400b.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/1/91/19198c37-b01f-5e52-ab54-ba12f1533834/ 5 KB
5 KB 33ms
31ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/1/91/19198c37-b01f-5e52-ab54-ba12f1533834/61c16d8de400b.image.jpg?crop=600%2C338%2C0%2C30&resize=150%2C84&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d1887e4f70793333d6111a12ea112f6463a1d35c14011d22586167cb2e15b42

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
cf-cache-status: HIT
age: 49663
cf-polished: origSize=5012, status=webp_bigger
last-modified: Tue, 21 Dec 2021 06:00:46 GMT
strict-transport-security: max-age=604800
content-length: 4876
x-robots-tag: noarchive
x-vcache: HIT
server: cloudflare
etag: "ab531d795cdf7c5beb7ebe11aaea9187"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Tue, 27 Dec 2022 07:56:59 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb76334cc5f6921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 60dccafc4676f.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/e/dd/eddc5902-d9db-11eb-92cb-3fc7d0d1e185/ 5 KB
5 KB 19ms
18ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/e/dd/eddc5902-d9db-11eb-92cb-3fc7d0d1e185/60dccafc4676f.preview.jpg?crop=600%2C338%2C0%2C131&resize=150%2C84&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecd697028fbf41cfe81ec787d9a4d5238c5034e85620d74fcbe0b4a952b02a36

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
cf-cache-status: HIT
age: 102554
cf-polished: degrade=85, origSize=5489, status=webp_bigger
last-modified: Wed, 30 Jun 2021 19:50:20 GMT
strict-transport-security: max-age=604800
content-length: 5077
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "4d9d44a79d1bd5f8578498ce177c26a0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
expires: Sun, 13 Nov 2022 00:54:16 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6cb76334cc606921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 61d479db58280.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/e/62/e6210a80-b984-54f9-8b18-23fcfb6bb818/ 3 KB
3 KB 154ms
153ms Image
image/webp 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/e/62/e6210a80-b984-54f9-8b18-23fcfb6bb818/61d479db58280.image.jpg?resize=150%2C84

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7510df1cacbb425f5a1f8890a01d80c2a33bb0c3e5919009c8ec8c2e304cabce

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept
cf-cache-status: HIT
cf-polished: qual=85, origFmt=jpeg, origSize=3228
last-modified: Tue, 04 Jan 2022 16:46:19 GMT
content-disposition: inline; filename="61d479db58280.webp"
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "641aad004b239bcb81ebca6188c5c230"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
expires: Wed, 04 Jan 2023 19:22:56 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb76334cc616921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 61da8cdd983d7.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/8/56/85650809-7e1c-52fb-91ee-684fbccb9c54/ 66 KB
66 KB 32ms
31ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/8/56/85650809-7e1c-52fb-91ee-684fbccb9c54/61da8cdd983d7.preview.jpg?crop=1762%2C991%2C0%2C92&resize=750%2C422&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d0ba9d47d03d591f279f96405e23a9cc5c6d9dbc8d894e190f95a841698f966

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 110092
cf-polished: origSize=67433, status=webp_bigger
last-modified: Sun, 09 Jan 2022 07:21:01 GMT
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "94f11fae30cbb9dd358cb540e2db1285"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 09 Jan 2023 07:34:04 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb76334cc646921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 60ca6e08474fa.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/3/68/36818988-7c12-5936-8b6c-0db8f505c0c7/ 9 KB
9 KB 18ms
18ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/3/68/36818988-7c12-5936-8b6c-0db8f505c0c7/60ca6e08474fa.image.jpg?crop=1751%2C985%2C0%2C99&resize=225%2C127&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44702be1639664bacb614533634885305265099666aeb0215ae5b72480319b4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 76884
cf-polished: degrade=85, origSize=11801, status=webp_bigger
last-modified: Wed, 16 Jun 2021 21:32:56 GMT
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "960aed6b9cb6af5bb1366d23b081367f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 09 Jan 2023 07:56:49 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb76334cc666921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 61da17ccaa467.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/7/0a/70a007e1-fd3e-5454-9bd1-435a361a6d38/ 5 KB
5 KB 26ms
26ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/7/0a/70a007e1-fd3e-5454-9bd1-435a361a6d38/61da17ccaa467.preview.jpg?crop=1520%2C855%2C29%2C1&resize=150%2C84&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efcbf6ba62c22cb133e6783ec03ac1e1b3900d36abf731732450bede0365bde1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 142957
cf-polished: origSize=4835, status=webp_bigger
last-modified: Sat, 08 Jan 2022 23:01:33 GMT
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "f9aaa1d3cacf83d34389ce6d0e677fa3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
expires: Sun, 08 Jan 2023 23:08:25 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb76334cc676921-FRA
cf-bgj: imgq:85,h2pri

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 166 KB
61 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e88570c7cd2e82b2082bdbf7bb0618159d9161d4b932855fe2039777ae11b4c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62565
x-xss-protection: 0
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
884 B 7ms
6ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:01:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2739
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 10 Jan 2022 17:01:51 GMT

GET
H2 200 sp-gzip-2-17-3.js Show response
storage.googleapis.com/lee-snowplow/static/ 77 KB
27 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:810::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/lee-snowplow/static/sp-gzip-2-17-3.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 7169b20ff9116852953e326ad3776ac06c0f14a5a21a3e07f3fb8b5c46418a61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:32:45 GMT
content-encoding: gzip
age: 885
x-guploader-uploadid: ADPycdswMG-RthVNgRp-odrd-AD0YtnUkw7xvAEdyz-nDPQ1prtJJ9r4S_RVnGm15j4FGe8Zl0KeiR5b_S5kQlr1t16L8ORnOA
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 4
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26950
x-goog-meta-
last-modified: Thu, 18 Feb 2021 15:16:40 GMT
server: UploadServer
etag: "d3142accd3f370a95f561f0fbfb3114b"
vary: Accept-Encoding
x-goog-hash: crc32c=C/nZJQ==, md5=0xQqzNPzcKlfVh8Pv7MRSw==
x-goog-generation: 1613661400000346
cache-control: max-age=31536000
x-goog-stored-content-length: 26950
accept-ranges: bytes
content-type: text/javascript
expires: Tue, 10 Jan 2023 16:32:45 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 24ms
10ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: WSIpouP66IrllfFtgaf3iBaPQlhe1ME8ddJ/PuubuEy7TXW2fMcrbVQeOjYA5GyvVNjbeN+arxGDjRDKtW1DiQ==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Mon, 10 Jan 2022 16:47:30 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 i99g3gee.js Show response
d81mfvml8p5ml.cloudfront.net/ 13 KB
5 KB 75ms
17ms Script
application/javascript 2600:9000:2156:3600:2:36a1:2f40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:3600:2:36a1:2f40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3c9a2d086d47148ae23b40fb16fa13a5bd578e40aa7ee5acabd1ad9d3c958ecf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:38:48 GMT
content-encoding: br
last-modified: Thu, 29 Jul 2021 19:07:57 GMT
server: AmazonS3
age: 929
etag: W/"d5439e10177501ec79fe34fba97cb263"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 1f49a084ca923f375f74b42fa36ef428.cloudfront.net (CloudFront)
cache-control: max-age=600
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 2K9rIPEGhpVllvcED2JNRsT6TR9kDCAs_KGHEmvQFA8x7LCvguBJUA==

GET
H2

200

ml.br.js Show response
js.matheranalytics.com/static/ltm/ma1527/lee/5/
Redirect Chain

https://js.matheranalytics.com/s/ma1527/725149304/lee/ml.js?cb=1584
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js

145 KB
42 KB

21ms
20ms

Script
application/x-javascript

107.178.250.234
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Server: 107.178.250.234 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 234.250.178.107.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 09 Jan 2022 23:32:48 GMT
content-encoding: br
last-modified: Wed, 04 Aug 2021 03:52:13 GMT
server: nginx
age: 62082
etag: "96d23de5d1ede166c2abc188adf1ebd7"
vary: Accept-Encoding
x-cache: HIT Wed, 04 Aug 2021 04:04:18 GMT
content-type: application/x-javascript
via: 1.1 google
cache-control: public,max-age=3600
alt-svc: clear
content-length: 43093

Redirect headers

date: Mon, 10 Jan 2022 16:47:30 GMT
via: 1.1 google
server: nginx
vary: Accept-Encoding
location: https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
cache-control: public, max-age=269200
alt-svc: clear
x-served-by: 0-gc-euw1-10927

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 51ms
14ms Script
application/javascript 143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 06:55:53 GMT
content-encoding: gzip
etag: W/"1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 42566
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: mg0-2jtZ7sy6sm6HajZVj9T5Q2SAGKZjvnt1pDyyK-S5ZP0nYRayFQ==

GET
H2 200 a-012k.min.js Show response
b-code.liadm.com/ 26 KB
10 KB 75ms
22ms Script
application/javascript 2600:9000:2156:7600:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-012k.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7600:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: ZIO-Http /
Resource Hash: cab8f3bef8830763240eb9a41ad703180441a662ab0f1b3f20c2241e2fca8ed4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 14:41:17 GMT
via: 1.1 e6d97713eb9b65f883e0f86b833878dc.cloudfront.net (CloudFront)
server: ZIO-Http
age: 7573
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
content-encoding: gzip
x-amz-cf-id: A07psnHeyvco2AxmRw3dFt1Oz7YlZCT7BmSnu-Jc2pVVZGdVIcmuLg==

GET
H2 200 mparticle.js Show response
jssdkcdns.mparticle.com/js/v2/us1-8effeeabf3a9674f85c6c39bc2a9292e/ 184 KB
48 KB 91ms
19ms Script
application/javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdkcdns.mparticle.com/js/v2/us1-8effeeabf3a9674f85c6c39bc2a9292e/mparticle.js?env=0&plan_id=elko_test_plan&plan_version=4
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 8bf8e1f69f84e16d7c0b046cc032f092ed72c54438dea02e49b01e3f4a536ef7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
via: 1.1 varnish, 1.1 varnish
age: 544
x-origin-name: fastlyshield--shield_ssl_cache_iad_kiad7000162_IAD
x-cache: HIT, HIT
x-cache-hits: 3, 1
content-encoding: gzip
content-length: 48487
x-served-by: cache-iad-kiad7000162-IAD, cache-mxp6963-MXP
server: Kestrel
x-timer: S1641833250.199581,VS0,VE1
vary: Accept, Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 10 Jan 2022 17:38:26 GMT

GET
H/1.1

200
OK

iframe Show response
d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/ Frame D385
Redirect Chain

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

138 B
668 B

50ms
7ms

Document
text/html

143.204.97.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.97.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-97-29.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Last-Modified: Fri, 01 Oct 2021 23:50:10 GMT
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Server: AmazonS3
Date: Mon, 10 Jan 2022 05:33:51 GMT
Cache-Control: max-age=86400
ETag: "50351b1f6590b5c4886c111874e016a0"
X-Cache: Hit from cloudfront
Via: 1.1 bab8148a65b29113f79cf2725076287c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: _7iMEkxYM-EWCiTdpqPvEE0lxMVE1wzaisuMoBzRjAN7I9H0nsl-ow==
Age: 40998

Redirect headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-type: text/html; charset=UTF-8
content-length: 183
location: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 bl-0af0356-00d68a3d.js Show response
tagan.adlightning.com/leeenterprises/ Frame 9995 49 KB
21 KB 25ms
24ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9431906c144ff04557d4ff1107eb545d75fea2b444bc0cd460b06dd221a825fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 05:33:05 GMT
content-encoding: gzip
age: 40466
x-cache: Hit from cloudfront
content-length: 20780
x-amz-meta-git_commit: 0af0356
last-modified: Mon, 10 Jan 2022 04:48:01 GMT
server: AmazonS3
etag: "c185388bdd01082287deadf69e3be2da"
x-amz-version-id: jVbTEWnBqVR_VdrmKyx1Slc0SJFUOILo
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: jCpG2ZZpW4FHWEdhpqb_6cga4iQ_Ri5tu7o5n-lCQ-VqzS3TcdPJmA==

GET
H2 200 b-7b120a5-9b73d8fb.js Show response
tagan.adlightning.com/leeenterprises/ Frame 9995 73 KB
28 KB 28ms
28ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 12:36:33 GMT
content-encoding: gzip
age: 11333458
x-cache: Hit from cloudfront
content-length: 28059
x-amz-meta-git_commit: 7b120a5
last-modified: Tue, 03 Aug 2021 17:19:43 GMT
server: AmazonS3
etag: "afbaa3aad41d7158588b073852555441"
x-amz-version-id: UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: -FT8ixP37F_GdMMxfwwNtC1bJUqQRwdfTAzkFv1HDJ93Iypcp9G5tg==

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9995 120 KB
37 KB 40ms
18ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e78bac7c2d4ad157ca2d43d12d1cdc08ab7943d3535287108ed9e6b8ff9da523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37632
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641385868096614"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H2 200 otFloatingFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.2.0/assets/ 18 KB
3 KB 27ms
26ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.2.0/assets/otFloatingFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d8b76cb673b3af30f99448de96d4bfa03546c4e7808ce9c6ccaa9777efc90ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: LROBGyipCAjpSiLc19tFcQ==
age: 7232419
vary: Accept-Encoding
content-length: 2966
x-ms-lease-status: unlocked
last-modified: Fri, 26 Jun 2020 17:33:09 GMT
server: cloudflare
etag: 0x8D819F6FE6057CE
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f0663f76-001e-0152-397a-c48341000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6cb76335dce50211-ZRH

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.2.0/assets/ 100 KB
21 KB 26ms
24ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.2.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.2.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10ab566c9fb0560fc9b7690af2b2a06cb4ce5af583a6e9796d1ece57c702c5e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: uHciMKc/pvNFERq4hQBWgw==
age: 7232419
vary: Accept-Encoding
content-length: 20976
x-ms-lease-status: unlocked
last-modified: Fri, 26 Jun 2020 17:33:09 GMT
server: cloudflare
etag: 0x8D819F6FE54BCDE
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 207ae902-c01e-00ea-4d7a-c427e7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 6cb76335ece90211-ZRH

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 29 KB
12 KB 413ms
412ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2087137363529733&correlator=4012389700018118&output=ldjh&impl=fif&eid=31063918&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220110&iu_parts=8438%2Cbillingsgazette.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250%7C970x90%7C728x90&prev_scp=pos%3Dfixed-leaderboard-top%2Catf%2C50%26density%3Dstandard%26lee_group%3D7%26lee_hours%3D16%26lee_day%3D1%26fp%3D99%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=k%3Dbillings%252Cmontana%252CBig%2520sky%252Cwyoming%252Cbozeman%252Cyellowstone%252Cbig%2520timber%252Coutdoors%252Csports%252Chardin%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie=ID%3Da2defef40c79593a-22ad3d5c19cd009e%3AT%3D1641833250%3AS%3DALNI_MYtSrw0yrCBN5_YMgIFWVEed5GwtQ&bc=31&abxe=1&lmt=1641823412&dt=1641833250216&dlt=1641833249344&idt=341&frm=20&biw=1600&bih=1200&oid=2&adxs=315&adys=288&adks=822736253&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fbillingsgazette.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1584x250&msz=1584x250&psts=AGkb-H9-zhgtB813D7Vf50iM9rJV_2rDdMiwCKNuDYuHE4k7qfGTLRT8KNXb5Akzi7KVE6qlieNZFSqBduSsRQ&ga_vid=214812033.1641833250&ga_sid=1641833250&ga_hid=627010579&ga_fc=true&ga_cid=541294454.1641833250&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

7244ea19ffa4d9880dc077d518212cd7dba6df6ead5f937d7455ef3f44c3e4e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11981
x-xss-protection: 0
google-lineitem-id: 5858280426
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138376331140
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 381ms
380ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2087137363529733&correlator=2306462749166410&output=ldjh&impl=fif&eid=31063918&vrg=2022010407&ptt=17&sc=1&sfv=1-0-38&ecs=20220110&iu_parts=8438%2Cbillingsgazette.com%2Chomepage&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&prev_scp=pos%3Dfixed-big-ad-top%2Catf%2C50%26density%3Dstandard%26lee_group%3D3%26lee_hours%3D16%26lee_day%3D1%26fp%3D99%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=k%3Dbillings%252Cmontana%252CBig%2520sky%252Cwyoming%252Cbozeman%252Cyellowstone%252Cbig%2520timber%252Coutdoors%252Csports%252Chardin%26sub%3Dno%26page%3Dhomepage%252Capp-editorial%252Cmd_screen%26browser%3DChrome&cookie=ID%3Da2defef40c79593a-22ad3d5c19cd009e%3AT%3D1641833250%3AS%3DALNI_MYtSrw0yrCBN5_YMgIFWVEed5GwtQ&bc=31&abxe=1&lmt=1641823412&dt=1641833250221&dlt=1641833249344&idt=341&frm=20&biw=1600&bih=1200&oid=2&adxs=1180&adys=581&adks=1452497353&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fbillingsgazette.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x600&msz=300x600&psts=AGkb-H9-zhgtB813D7Vf50iM9rJV_2rDdMiwCKNuDYuHE4k7qfGTLRT8KNXb5Akzi7KVE6qlieNZFSqBduSsRQ&ga_vid=214812033.1641833250&ga_sid=1641833250&ga_hid=627010579&ga_fc=true&ga_cid=541294454.1641833250&fws=4&ohw=1600&btvi=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

a877e3e27c3463a7be513923b1df1bf31ffcee5b505310bd143eeb6646aaf2f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8434
x-xss-protection: 0
google-lineitem-id: 5715049106
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138352607686
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bl-0af0356-00d68a3d.js Show response
tagan.adlightning.com/leeenterprises/ Frame 94DA 49 KB
21 KB 27ms
26ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9431906c144ff04557d4ff1107eb545d75fea2b444bc0cd460b06dd221a825fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 05:33:05 GMT
content-encoding: gzip
age: 40466
x-cache: Hit from cloudfront
content-length: 20780
x-amz-meta-git_commit: 0af0356
last-modified: Mon, 10 Jan 2022 04:48:01 GMT
server: AmazonS3
etag: "c185388bdd01082287deadf69e3be2da"
x-amz-version-id: jVbTEWnBqVR_VdrmKyx1Slc0SJFUOILo
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: ByMTAvQ4n5JZxMixt3KwLocvDtJ1OdW81brLv-MpLtkXfTLLOIv6dQ==

GET
H2 200 b-7b120a5-9b73d8fb.js Show response
tagan.adlightning.com/leeenterprises/ Frame 94DA 73 KB
28 KB 30ms
29ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 12:36:33 GMT
content-encoding: gzip
age: 11333458
x-cache: Hit from cloudfront
content-length: 28059
x-amz-meta-git_commit: 7b120a5
last-modified: Tue, 03 Aug 2021 17:19:43 GMT
server: AmazonS3
etag: "afbaa3aad41d7158588b073852555441"
x-amz-version-id: UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: a0a-R3OlW6LJA3ZPomZolH50Rwco9ABKitCJKRkPqw5qohtYHOJZXQ==

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 94DA 120 KB
37 KB 39ms
23ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e78bac7c2d4ad157ca2d43d12d1cdc08ab7943d3535287108ed9e6b8ff9da523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37632
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641385868096614"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H2 200 61d9d4e432813.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/3/f7/3f7ff65a-e25d-55b5-a009-28d6e1b46ba6/ 3 KB
3 KB 17ms
17ms Image
image/webp 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/3/f7/3f7ff65a-e25d-55b5-a009-28d6e1b46ba6/61d9d4e432813.image.jpg?crop=1302%2C732%2C0%2C22&resize=150%2C84&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6fa2648646dd59fb7f79efab66fabce207453ea9c2c71271e2837368463a02ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept
cf-cache-status: HIT
age: 151540
cf-polished: qual=85, origFmt=jpeg, origSize=6253
last-modified: Sat, 08 Jan 2022 18:16:04 GMT
content-disposition: inline; filename="61d9d4e432813.webp"
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "498644eb6514952a557486ca5dc2ae31"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/webp
access-control-allow-origin: *
expires: Sun, 08 Jan 2023 18:18:32 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb76336680c6921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 611edaf3c2921.image.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/c/f0/cf08f962-e934-5a4d-a02b-3f86ff6ddb37/ 4 KB
4 KB 34ms
34ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/c/f0/cf08f962-e934-5a4d-a02b-3f86ff6ddb37/611edaf3c2921.image.jpg?crop=1762%2C991%2C0%2C92&resize=150%2C84&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

819515c05af1d0454abf5fea7f4f3caa34a53a25f153db25b95cc54a8c82825c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 166702
cf-polished: degrade=85, origSize=7050, status=webp_bigger
last-modified: Thu, 19 Aug 2021 22:28:04 GMT
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "a61fa4db64978342993e360b4ff1d4de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
expires: Sun, 08 Jan 2023 13:34:07 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb7633668116921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 sync-container.js Show response
b-code.liadm.com/ 6 KB
3 KB 7ms
7ms Script
application/javascript 2600:9000:2156:7600:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/sync-container.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:7600:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: CQKQeFXs_ero.dSxGj8yyrCkT6TzPcRS
content-encoding: gzip
etag: W/"ae5e94de938b0387eda6df8f20da811a"
last-modified: Wed, 02 Jun 2021 16:15:01 GMT
server: AmazonS3
age: 394740
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 e6d97713eb9b65f883e0f86b833878dc.cloudfront.net (CloudFront)
date: Thu, 06 Jan 2022 03:08:31 GMT
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: trG1RaXsL7ZXET8XYOe71rSUDTcxeqEdpOgUUVpbb8aN6-uUiTljbA==

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 49ms
27ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-54716522-2&cid=214812033.1641833250&jid=1715115866&gjid=1381527497&_gid=541294454.1641833250&_u=aHDAiUAjRAQCAE~&z=794534710

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Mon, 10 Jan 2022 16:47:30 GMT
content-type: text/plain
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 js Show response
www.google-analytics.com/gtm/ 92 KB
36 KB 18ms
18ms Script
application/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-TQ9PK73&t=gtm286&cid=214812033.1641833250

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

164025ad48f93b1da3a282660b3288481df3d3ba397d8f852b72008246b14dc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36427
x-xss-protection: 0
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
6ms Image
image/gif 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=627010579&t=pageview&_s=1&dl=https%3A%2F%2Fbillingsgazette.com%2F&ul=en-us&de=UTF-8&dt=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aHDAiUAjRAQCAE~&jid=1715115866&gjid=1381527497&cid=214812033.1641833250&tid=UA-54716522-2&_gid=541294454.1641833250&gtm=2wg150TDWDC2&cd1=desktop&cd2=billingsgazette.com&cd3=editorial&cd4=homepage&cd6=homepage&cd14=Undefined&cd17=null&cd20=anonymous&cd23=&cg1=&cd21=Billings&cd22=flex-editorial&cd30=33&cd31=Clear%2FWind&cd51=Billings&cd52=1&cd75=0&cd76=%20%20%20%20%20%20%20%20%20&cd79=&cd80=&cd81=No&cd82=&cd85=yes&cd86=no&cd102=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F97.0.4692.71%20safari%2F537.36&cd103=Undefined&cd104=Undefined%2C%20Undefined&cd105=3&cd106=Page%20View&cd107=0&cd111=undefined&cd115=notset&cd116=No&cd117=No&cd124=dsv2&cd89=214812033.1641833250&z=334631431

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 04:27:25 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 44405
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=10345586&ns__t=1641833250399&ns_c=UTF-8&cv=3.5&c8=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%...
https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1641833250399&ns_c=UTF-8&cv=3.5&c8=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana...

0
225 B

9ms
9ms

Image
text/plain

143.204.98.86
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1641833250399&ns_c=UTF-8&cv=3.5&c8=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&c7=https%3A%2F%2Fbillingsgazette.com%2F&c9=
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Server: 143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-86.fra50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
via: 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
etag: W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
x-amz-cf-id: hp9rZWEmCPHRl6EieOySnN7vpKh_KLdOm6Lq3UOXCe_GNKBn6tMnEw==
x-cache: Miss from cloudfront

Redirect headers

date: Mon, 10 Jan 2022 16:47:30 GMT
via: 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/b2?c1=2&c2=10345586&ns__t=1641833250399&ns_c=UTF-8&cv=3.5&c8=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&c7=https%3A%2F%2Fbillingsgazette.com%2F&c9=
content-length: 428
x-amz-cf-id: Ur9ibiJ16xcb-IW2DPxoeaU4KiB-YWmkLQ_lJZdFmANKswEatxwx-Q==

OPTIONS
H2 200 yy2
a.leetemplates.com/lee/ Frame 0
0 235ms
113ms Preflight 34.102.205.239
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.leetemplates.com/lee/yy2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.205.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 239.205.102.34.bc.googleusercontent.com
Software: akka-http/10.2.7 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://billingsgazette.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://billingsgazette.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 5
server: akka-http/10.2.7
date: Mon, 10 Jan 2022 16:47:30 GMT
content-length: 0
via: 1.1 google
alt-svc: clear

POST
H2 200 yy2 Show response
a.leetemplates.com/lee/ 2 B
341 B 4625ms
4611ms XHR
text/plain 34.102.205.239
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a.leetemplates.com/lee/yy2
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/lee-snowplow/static/sp-gzip-2-17-3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.205.239 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 239.205.102.34.bc.googleusercontent.com
Software: akka-http/10.2.7 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

date: Mon, 10 Jan 2022 16:47:35 GMT
via: 1.1 google
server: akka-http/10.2.7
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://billingsgazette.com
access-control-allow-credentials: true
content-type: text/plain; charset=UTF-8
alt-svc: clear
content-length: 2

GET
H3 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 31ms
16ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.48

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 20661
x-xss-protection: 0
pragma: public
x-fb-debug: b2tXcWPRrBPyWMNm0yLQDXtw2lEsMI+FnQsyJjgDvGjR9KAX4OsPRStD1WOkv8mE7RXYfZb6D1jEYYuBik8Wxg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 10 Jan 2022 16:47:30 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 961211893969940 Show response
connect.facebook.net/signals/config/ 309 KB
88 KB 43ms
28ms Script
application/x-javascript 2a03:2880:f02d:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/961211893969940?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3438ad0185e56faec50cbdacd8b7e8d701f4ce9315af72ab2b7b2c70b7d4c0c9

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 89983
x-xss-protection: 0
pragma: public
x-fb-debug: VjtUZdWFzLlIMW2gD7vod6M6OvHhH8ieG8jzBcwPsn69AGMxqs11mgzMY8ACyBpdBi7H7kWk5/LS/CJh00OHMA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 10 Jan 2022 16:47:30 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
161 B 23ms
23ms Ping
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-F8FFLLVDEZ&gtm=2oe150&_p=627010579&sr=1600x1200&_gaz=1&ul=en-us&cid=214812033.1641833250&_s=1&dl=https%3A%2F%2Fbillingsgazette.com%2F&dt=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&sid=1641833250&sct=1&seg=0&en=page_view&_fv=1&_ss=2&ep.asset_flag_array=false&ep.asset_tag_array=false&ep.domain=billingsgazette.com&ep.page_type=homepage&ep.platform=desktop&ep.application=editorial&ep.byline=Undefined&ep.syndication_domain=null&ep.blox_sections=&ep.url_fragment=&ep.bot=no&ep.author=Undefined&ep.eedition_viewtype=Page%20View&up.user_status=anonymous&up.user_subscription=No&up.lotame_id=6119&up.client_id=function(a)%7Bvar%20b%3Da.get(%22clientId%22)%3Ba.set(%22dimension%22%2Bc%2Cb)%3Bwindow.dataLayer.push(%7Bgoogle_client_id%3Ab%7D)%7D
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 27ms
26ms Ping
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-F8FFLLVDEZ&cid=214812033.1641833250&gtm=2oe150&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 72ms
33ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-F8FFLLVDEZ&cid=214812033.1641833250&gtm=2oe150&aip=1&z=549167331

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 identify
identity.mparticle.com/v1/ Frame 0
0 66ms
15ms Preflight 2a04:4e42::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-mp-key
Origin: https://billingsgazette.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: Kestrel
access-control-allow-headers: content-type,x-mp-key
access-control-allow-methods: POST
access-control-allow-origin: *
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
accept-ranges: bytes
date: Mon, 10 Jan 2022 16:47:30 GMT
via: 1.1 varnish
age: 383
x-served-by: cache-mxp6951-MXP
x-cache: HIT
x-cache-hits: 51
x-timer: S1641833251.522779,VS0,VE0
strict-transport-security: max-age=900

POST
H2 200 identify Show response
identity.mparticle.com/v1/ 176 B
278 B 129ms
128ms XHR
application/json 2a04:4e42::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.mparticle.com/v1/identify

Requested by

Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-8effeeabf3a9674f85c6c39bc2a9292e/mparticle.js?env=0&plan_id=elko_test_plan&plan_version=4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Kestrel /

Resource Hash

dbbd0a15e9bdf660f05a38c1dd90ad0dc31a5d5fa0c5e1a288ecb30927d80765

Security Headers

Name	Value
Strict-Transport-Security	max-age=900

Request headers

x-mp-key: us1-8effeeabf3a9674f85c6c39bc2a9292e
Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1641833251.539020,VS0,VE113
x-origin-name: 4PrgpUXX9K0sNAH1JImfyI--F_us1_origin
x-served-by: cache-mxp6951-MXP
vary: Accept-Encoding
x-cache: MISS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
strict-transport-security: max-age=900
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 /
insight.adsrvr.org/track/pxl/ Frame D385 70 B
260 B 35ms
35ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=nebsjkp&ct=0:21usqg2&fmt=3
Requested by: Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:30 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9995 0
0 41ms
41ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsudGul1qwETIvdYYnQvEROkzh3gC-xGh7L9nS7J9vDqDqVEcQu1i81wdsrozYzvCLu0V0y4bPP5TZSdTIgyyNHXcPN-SXDiKbUKlYhAf_N-ne5KLSJloRWdsOzpZVXta7TxMRYScGQcFmuZ6mGjj00emw5IRjKevtbOtTeUKSiW1Rh6rnPfZmF7JdwjNbmLwVFWJuVf6btMks9Byvo8aZCa7PTLvSDg1JPhYp-RsbBipi6_SmmbCMcpHxW4pzMqjzEbOONaSIhFNE2GNTJdGTNlHTEHIqSMyU3890cmV4MFv6aGV0hn4AFdaQt4a6hz_GMREXWgKPqnrn3-tg&sai=AMfl-YR1PbKvptZAN_Jztpo1YIDB6ojZ8rjnb2xPdmYj81rSsNBkLR6SfP9cGnaIYnmd-uZSOWDegOQe0Z8PpU_Un5ZkKt0eg4wKOPEmvHa_TVfrq2Q2CS27fqRDi7Fid8p5&sig=Cg0ArKJSzKMwyp6rmnmsEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/ 52 KB
4 KB 75ms
32ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css

Requested by

Host: bloximages.chicago2.vip.townnews.com
URL: https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 427538
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 3279
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:04:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d2a-ce35"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9QHyB0u%2BJNGXN378Bs0fnmLtthH6lAzllt%2BqOT7SxH7sxkoSVV9zbafCoeMaf%2B%2BO9UPSdGGYF2sXBm9%2BBeQ9Y0KmUxVjtKvo%2FcY4a0wBx0MQtLQBhdsp5d%2B%2FRhZkKNZP65QdfpAsdSJfwmjzNIx1dHh"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6cb763382c0383ba-MXP
expires: Sat, 31 Dec 2022 16:47:30 GMT

GET
H3

200

8459441215549788494
tpc.googlesyndication.com/simgad/
Redirect Chain

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDfvN_69gEQARgBMgjAoebjPzLc4Q
https://tpc.googlesyndication.com/simgad/8459441215549788494

394 KB
394 KB

37ms
12ms

Image
image/jpeg

2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8459441215549788494

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74d0c44f7a2f8ab81982b3e5e2bdf5a2510174bae99571bb42d057c8f4085526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 08:09:04 GMT
x-content-type-options: nosniff
age: 31106
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 403222
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 23:13:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Jan 2023 08:09:04 GMT

Redirect headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 08:09:03 GMT
x-content-type-options: nosniff
server: cafe
age: 31107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/8459441215549788494
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 09 Feb 2022 08:09:03 GMT

GET
H3

200

4800270700873086447
tpc.googlesyndication.com/simgad/
Redirect Chain

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgKDfvN-YJBABGAEyCGFvDQ_P-baD
https://tpc.googlesyndication.com/simgad/4800270700873086447

167 KB
167 KB

34ms
9ms

Image
image/jpeg

2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4800270700873086447

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

412d6e2fda83cb67eaa36214450083488293c1273f1542c717b524626cd2da6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 08:09:04 GMT
x-content-type-options: nosniff
age: 31106
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 171296
x-xss-protection: 0
last-modified: Thu, 06 Jan 2022 23:13:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 10 Jan 2023 08:09:04 GMT

Redirect headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 08:09:03 GMT
x-content-type-options: nosniff
server: cafe
age: 31107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/4800270700873086447
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 09 Feb 2022 08:09:03 GMT

GET
H2 200 / Show response
dn1i8v75r669j.cloudfront.net/v/ 67 B
342 B 44ms
18ms Script
application/json 2600:9000:2156:ca00:7:5031:dc0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dn1i8v75r669j.cloudfront.net/v/?w=i99g3gee
Requested by: Host: d81mfvml8p5ml.cloudfront.net
URL: https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:ca00:7:5031:dc0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 0aae37caeb1c5064881f16534e735f299658ad15ebe527cb1969e75d9ceb1c40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:03 GMT
via: 1.1 fb8c0300277bd0137c1693d3d64ab550.cloudfront.net (CloudFront)
age: 27
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=300
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: Lisg9FCcnq--0JewYGd40qF8OLzRvqIPbrVeOOY4olksd4eGYoX0PA==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9995 0
0 41ms
41ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvXgCJjDxvqdWfZFXAKTr7NZutaECT5RwYxubxean5LLqTLja3hcz4j0N3uEsvOJPbcS05r3dZ5KldqrLFSrZywrAGRJIPE7r7qGw5C2MSAkQa9nFQy92TFFQmAXmBUgr1XmyBGohxMeJ480J8h4e9IxgcW-CXFIVkDr-LgB7vA4xzHQFCQPEGYOD0lyxzSnkBDANgq9aSRf4FgQ5H9C76ZzoVffpzftolq8MVNIDm6MDPBiNqiIi1hxsHM1lhQy04vxBXGAWMnCXXK9XJUa-7CS55MX6jiYxOl-LtBctPvrS8N__62tLBjZU4riILWmdFkXGEbi41PEnNqYDym&sai=AMfl-YRE3J0oo1IIXYrnNNTipyxyIpUM_PXiV5qR3ROLoZSPcwicxjlnGQVo7ZLu4W_mBf0suPrbs7eryUaTZefKz6hyR7gT1aggR4n7Zd3214MeCHT3EargipVSvskWcXee&sig=Cg0ArKJSzItE0hJpSCg6EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 94DA 0
0 44ms
43ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuLnhtO1Y4zCFmyPUqPlfouujWWQ3RhwRyOBTP0obaxqyv-8nYwVc_cjsiBtDq-m4nTIGh6qDydDlg-6xW2AZrL8H9ylY-5zC-SmPhfPI675HTMEXm8M3GGAnGVKaP0da4-8Npmwy0xgHiOQHWkaXkgfd4e-irENTKkdT9mmYiUA3NLu4b33N128KbhxtYKY35lJvSfiuapDJ9ekq9WjUjKWmASD7bZh1BLY9AVkVvSYMWqRWPRsQOUuXtshe7enPP4P1i60_0gNWQrKXOYc7wy0vwF_gaHssM5QVVMmWPNb2JXjogzQ6YB6sjUMTd0EfJiISFrXTmXXRBn-xMwTy5uwPu76R8FM7FC&sai=AMfl-YRGKrUyE33E7zya7YJmmRwqSXT1QP1C3rd0MGirollX4PZjX0OFw3fjkxO1sbwkkrSR26eFhy5yqknU83fuQF-e8BIkq26CDmFkOTdh77IqAQx9eWz69vjoBAOg6G7v&sig=Cg0ArKJSzMh_PipeI11kEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:30 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 rciv.js Show response
cdn.tynt.com/ Frame 94DA 15 KB
6 KB 89ms
46ms Script
application/javascript 104.18.29.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tynt.com/rciv.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.29.199 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d018dfe8631f61492271d2c987e71f50805c4416ad0743d3fe1546aab43bf3de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 27 Aug 2021 20:58:45 GMT
server: cloudflare
age: 208890
etag: W/"61295205-3dbe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6cb763391ba8698b-FRA
expires: Thu, 13 Jan 2022 16:47:30 GMT

GET
DATA 200
OK truncated
/ Frame 94DA 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7091488a99ff5fed4f20893ba1d9c207916d8c72bb41d0f2c35d802de967b009

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 470ms
98ms Image
image/gif 52.71.198.250
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=pv&page=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&sec=homepage&pubname=Billings%20Gazette&ptype=homepage&metered=0%7C3&cms=townnews%2Fblox&arttype=editorial&tv=js-3.0.136&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=5&tvcfg=lee&tid=d9f3823f-5c98-44e5-a28f-24c08a8cfcae&pid=b17f55bb-19ec-4dde-a2fa-dd54c0b0249e&dtm=1641833250726&qnm=_matherq&visible=1&tabid=c9d83f9e-10fe-4dd3-9121-1c1a428ca691&url=https%3A%2F%2Fbillingsgazette.com%2F&vp=1600x1200&ds=1600x6962&tofa=1641833251&vid=1&lvidt=1641833251&duid=01a45c5c6e3d6563&fp=3441833202&cid=ma1527&mrk=725149304&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY0MTgzMzI0ODQxMCIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiI0NC43bWIiLCJoZWFwVCI6IjU2LjhtYiIsImZzdFBhaW50IjoiMTQ1MyIsImZldGNoUyI6IjIzMCIsImRvbWFpblMiOiIyMzAiLCJkb21haW5FIjoiNTAyIiwiY29ublMiOiI1MDIiLCJjb25uRSI6IjcxNCIsInNzbFMiOiI2MDYiLCJyZXF1UyI6IjcxNSIsInJlc3BTIjoiOTMxIiwicmVzcEUiOiIxMDM3IiwiZG9tTG9hZCI6IjkzNCIsImRvbUludGVyIjoiMTYxNiIsImRvbUxvYWRTIjoiMTYyMCIsImRvbUxvYWRFIjoiMTYyNCJ9LCJrZXl3b3JkcyI6WyJiaWxsaW5ncyIsIm1vbnRhbmEiLCJCaWcgc2t5Iiwid3lvbWluZyIsImJvemVtYW4iLCJ5ZWxsb3dzdG9uZSIsImJpZyB0aW1iZXIiLCJvdXRkb29ycyIsInNwb3J0cyIsImhhcmRpbiIsInJlZCBsb2RnZSIsImxhdXJlbCIsImxpdmluZ3N0b24iLCJtaWxlcyBjaXR5IiwieWVsbG93c3RvbmUgbmF0aW9uYWwgcGFyayIsImNvbHVtYnVzIiwiZ2lsbGV0dGUiLCJwb3dlbGwiLCJjb2R5Iiwic2hlcGhlcmQiLCJjYXJzIiwiYnVzaW5lc3MiLCJmaXNoaW5nIiwibGV3aXN0b3duIiwiaHVudGluZyIsIm5ld3MiLCJmb3JzeXRoIiwicmVhbCBlc3RhdGUiLCJza2lpbmciLCJyZW50YWxzIiwibWFya2V0cyIsImFic2Fyb2tlZSIsInZlaGljbGVzIiwicmVjcmVhdGlvbiIsIndlYXRoZXIiLCJpbmZvcm1hdGlvbiIsImNsYXNzaWZpZWRzIiwiaGVscCB3YW50ZWQiLCJqb2JzIiwiaG91c2VzIiwidXNlZCBjYXJzIiwidHJ1Y2tzIiwib2JpdHVhcmllcyIsIm9iaXRzIiwiZW50ZXJ0YWlubWVudCIsIjU5MTA1IiwiNTkxMDEiLCI1OTEwMiIsIjU5MTA2Il0sImlkZW50aXRpZXMiOlt7InR5cGUiOiJnYSIsImlkIjoiMjE0ODEyMDMzIiwicmVmVGltZSI6IjE2NDE4MzMyNTA3MjUifV19
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.71.198.250 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-71-198-250.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 10 Jan 2022 16:47:31 GMT
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Content-Length: 43
Content-Type: image/gif

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1641833250738&aid=a-012k&se=e30&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&tna=v2.3.0&pu=https%3A%2F%2Fbillingsgazette.com%2F&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3...
https://rp4.liadm.com/j?dtstmp=1641833250738&aid=a-012k&se=e30&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&tna=v2.3.0&pu=https%3A%2F%2Fbillingsgazette.com%2F&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY...

52 B
609 B

336ms
98ms

XHR
application/json

54.146.217.90
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1641833250738&aid=a-012k&se=e30&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&tna=v2.3.0&pu=https%3A%2F%2Fbillingsgazette.com%2F&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlJlYWQgQmlsbGluZ3MsIE1vbnRhbmEgYW5kIE1vbnRhbmEgYnJlYWtpbmcgbmV3cy4gR2V0IGxhdGVzdCBuZXdzLCBldmVudHMgYW5kIGluZm9ybWF0aW9uIG9uIE1vbnRhbmEgc3BvcnRzLCB3ZWF0aGVyLCBlbnRlcnRhaW5tZW50IGFuZCBsaWZlc3R5bGVzLiI-PHRpdGxlPlRoZSBCaWxsaW5ncyBHYXpldHRlIHwgTW9udGFuYSBXeW9taW5nIEJyZWFraW5nIE5lIHwgUmVhZCBCaWxsaW5ncywgTW9udGFuYSBhbmQgTW9udGFuYSBicmVha2luZyBuZXdzLiBHZXQgbGF0ZXN0IG5ld3MsIGV2ZW50cyBhbmQgaW5mb3JtYXRpb24gb24gTW9udGFuYSBzcG9ydHMsIHdlYXRoZXIsIGVudGVydGFpbm1lbnQgYW5kIGxpZmVzdHlsZXMuPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtMSI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTIiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0zIj5JbWFnZSBnYWxsZXJ5PC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtNCI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTUiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNiI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNyI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS02Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTciPlBERiBkaXNwbGF5IGFkPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtOCI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS05Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEwIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTExIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEyIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEzIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE0Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE1Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI4Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI5Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlPkJhY2sgQnV0dG9uPC90aXRsZT48dGl0bGU-U2VhcmNoIEljb248L3RpdGxlPjx0aXRsZT5GaWx0ZXIgSWNvbjwvdGl0bGU-PHRpdGxlPkFycm93PC90aXRsZT4&i6=MjAwMTphYzg6MjA6M2IwMDoxMDExOjlhNmI6ZTZhNTo0NDBj&n3pc=true

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Server

54.146.217.90 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-146-217-90.compute-1.amazonaws.com

Software

nginx/1.18.0 /

Resource Hash

0c3828f69b4c6cd9644d8b17c715b057619f97e1c596315457a0b1b087db3036

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
x-pixel-event-id: de7bea25-3385-450e-8f69-296f921d1fc9
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
request-time: 1
vary: Origin
content-length: 52
x-xss-protection: 1; mode=block
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/json
access-control-allow-origin: null
access-control-allow-credentials: true
trace-id: 3f366dd7f90560f7

Redirect headers

date: Mon, 10 Jan 2022 16:47:31 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
server: nginx/1.18.0
vary: Origin
location: https://rp4.liadm.com/j?dtstmp=1641833250738&aid=a-012k&se=e30&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&tna=v2.3.0&pu=https%3A%2F%2Fbillingsgazette.com%2F&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IlJlYWQgQmlsbGluZ3MsIE1vbnRhbmEgYW5kIE1vbnRhbmEgYnJlYWtpbmcgbmV3cy4gR2V0IGxhdGVzdCBuZXdzLCBldmVudHMgYW5kIGluZm9ybWF0aW9uIG9uIE1vbnRhbmEgc3BvcnRzLCB3ZWF0aGVyLCBlbnRlcnRhaW5tZW50IGFuZCBsaWZlc3R5bGVzLiI-PHRpdGxlPlRoZSBCaWxsaW5ncyBHYXpldHRlIHwgTW9udGFuYSBXeW9taW5nIEJyZWFraW5nIE5lIHwgUmVhZCBCaWxsaW5ncywgTW9udGFuYSBhbmQgTW9udGFuYSBicmVha2luZyBuZXdzLiBHZXQgbGF0ZXN0IG5ld3MsIGV2ZW50cyBhbmQgaW5mb3JtYXRpb24gb24gTW9udGFuYSBzcG9ydHMsIHdlYXRoZXIsIGVudGVydGFpbm1lbnQgYW5kIGxpZmVzdHlsZXMuPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtMSI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTIiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0zIj5JbWFnZSBnYWxsZXJ5PC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtNCI-SW1hZ2UgZ2FsbGVyeTwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTUiPkNvbGxlY3Rpb248L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNiI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS0xNyI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS02Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTciPlBERiBkaXNwbGF5IGFkPC90aXRsZT48dGl0bGUgaWQ9InRudC1zdmctdGl0bGUtOCI-UERGIGRpc3BsYXkgYWQ8L3RpdGxlPjx0aXRsZSBpZD0idG50LXN2Zy10aXRsZS05Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEwIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTExIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEyIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTEzIj5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE0Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTE1Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI4Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlIGlkPSJ0bnQtc3ZnLXRpdGxlLTI5Ij5QREYgZGlzcGxheSBhZDwvdGl0bGU-PHRpdGxlPkJhY2sgQnV0dG9uPC90aXRsZT48dGl0bGU-U2VhcmNoIEljb248L3RpdGxlPjx0aXRsZT5GaWx0ZXIgSWNvbjwvdGl0bGU-PHRpdGxlPkFycm93PC90aXRsZT4&i6=MjAwMTphYzg6MjA6M2IwMDoxMDExOjlhNmI6ZTZhNTo0NDBj&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://billingsgazette.com
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: master-only
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: beb172bd098290b1
request-time: 1
content-length: 0
x-content-type-options: nosniff

GET
H2 200 bl-0af0356-00d68a3d.js Show response
tagan.adlightning.com/leeenterprises/ Frame F35F 49 KB
21 KB 25ms
24ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9431906c144ff04557d4ff1107eb545d75fea2b444bc0cd460b06dd221a825fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 05:33:05 GMT
content-encoding: gzip
age: 40466
x-cache: Hit from cloudfront
content-length: 20780
x-amz-meta-git_commit: 0af0356
last-modified: Mon, 10 Jan 2022 04:48:01 GMT
server: AmazonS3
etag: "c185388bdd01082287deadf69e3be2da"
x-amz-version-id: jVbTEWnBqVR_VdrmKyx1Slc0SJFUOILo
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: Pz-szsSrKCP1EPEJKgt88warJtjMMs44Xpwn3gETk1dFbOl5br6Nww==

GET
H2 200 b-7b120a5-9b73d8fb.js Show response
tagan.adlightning.com/leeenterprises/ Frame F35F 73 KB
28 KB 28ms
28ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 12:36:33 GMT
content-encoding: gzip
age: 11333458
x-cache: Hit from cloudfront
content-length: 28059
x-amz-meta-git_commit: 7b120a5
last-modified: Tue, 03 Aug 2021 17:19:43 GMT
server: AmazonS3
etag: "afbaa3aad41d7158588b073852555441"
x-amz-version-id: UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: _vKuk7h3GxMkNMHta1t6PfchgASiOnao6xi2_bxyzcNrkrpe9Ux4Qw==

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F35F 120 KB
37 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e78bac7c2d4ad157ca2d43d12d1cdc08ab7943d3535287108ed9e6b8ff9da523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37632
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641385868096614"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H2 200 bl-0af0356-00d68a3d.js Show response
tagan.adlightning.com/leeenterprises/ Frame 53B8 49 KB
21 KB 28ms
27ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/bl-0af0356-00d68a3d.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9431906c144ff04557d4ff1107eb545d75fea2b444bc0cd460b06dd221a825fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 05:33:05 GMT
content-encoding: gzip
age: 40466
x-cache: Hit from cloudfront
content-length: 20780
x-amz-meta-git_commit: 0af0356
last-modified: Mon, 10 Jan 2022 04:48:01 GMT
server: AmazonS3
etag: "c185388bdd01082287deadf69e3be2da"
x-amz-version-id: jVbTEWnBqVR_VdrmKyx1Slc0SJFUOILo
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: xu0jwxJENsL5RPVticj1e5y2JFM4_8rIpzYOCtWpBaoConlkpjwUbg==

GET
H2 200 b-7b120a5-9b73d8fb.js Show response
tagan.adlightning.com/leeenterprises/ Frame 53B8 73 KB
28 KB 28ms
27ms Script
application/javascript 143.204.98.66
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.66 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-66.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 12:36:33 GMT
content-encoding: gzip
age: 11333458
x-cache: Hit from cloudfront
content-length: 28059
x-amz-meta-git_commit: 7b120a5
last-modified: Tue, 03 Aug 2021 17:19:43 GMT
server: AmazonS3
etag: "afbaa3aad41d7158588b073852555441"
x-amz-version-id: UwnBm7ykwrNr0B_E7_LAdvuY6BfIaOeW
via: 1.1 5f6905ea282e042ad3334bfed8a840ce.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: PyDDbJfB3srZvuxQsXBXfgPo5Ob-ayCSn4_9xbMb0SH78ETOfgKPvg==

GET
H3 200 6095104772110089837
tpc.googlesyndication.com/simgad/ Frame 53B8 189 KB
189 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6095104772110089837

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01e43d86d851f059e3e966e356c4a95eceaba7397437e1e34d15a9c0621a6cb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 08 Jan 2022 09:32:43 GMT
x-content-type-options: nosniff
age: 198887
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 193181
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 15:29:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 08 Jan 2023 09:32:43 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220104/r20110914/client/ Frame 53B8 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220104/r20110914/client/window_focus_fy2019.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a00a06d39ece4f2816e75b2e577c3b05a51ba196e19bd103d1124567f0c54f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:36:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 656
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1210
x-xss-protection: 0
server: cafe
etag: 9753579932288205849
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jan 2022 16:36:34 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 53B8 120 KB
37 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e78bac7c2d4ad157ca2d43d12d1cdc08ab7943d3535287108ed9e6b8ff9da523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37632
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641385868096614"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 53B8 0
0 133ms
16ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRO_lxeUSz40Usdj73z02FrQqm6Ykyins176fNT4u0qBi-gXsnT5P_RBr-xEVEBFjp7XGjWXcm0wzO_L8-uTj09iDRyAA
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

POST
H2 202 Events Show response
jssdks.mparticle.com/v2/JS/us1-8effeeabf3a9674f85c6c39bc2a9292e/ 42 B
286 B 144ms
32ms XHR
application/json 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdks.mparticle.com/v2/JS/us1-8effeeabf3a9674f85c6c39bc2a9292e/Events
Requested by: Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-8effeeabf3a9674f85c6c39bc2a9292e/mparticle.js?env=0&plan_id=elko_test_plan&plan_version=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 3ea73ee6a4b5fe1e707bd725d6eaf0a874ceef720ec8a9ee1b43b0661adfe513

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1641833251.014074,VS0,VE11
x-origin-name: 7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by: cache-mxp6959-MXP
vary: Accept-Encoding
x-cache: MISS
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

POST
H2 202 Events Show response
jssdks.mparticle.com/v2/JS/us1-8effeeabf3a9674f85c6c39bc2a9292e/ 42 B
138 B 176ms
65ms XHR
application/json 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdks.mparticle.com/v2/JS/us1-8effeeabf3a9674f85c6c39bc2a9292e/Events
Requested by: Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-8effeeabf3a9674f85c6c39bc2a9292e/mparticle.js?env=0&plan_id=elko_test_plan&plan_version=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 3ea73ee6a4b5fe1e707bd725d6eaf0a874ceef720ec8a9ee1b43b0661adfe513

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1641833251.014297,VS0,VE46
x-origin-name: 7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by: cache-mxp6959-MXP
vary: Accept-Encoding
x-cache: MISS
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

POST
H2 202 Events Show response
jssdks.mparticle.com/v2/JS/us1-8effeeabf3a9674f85c6c39bc2a9292e/ 42 B
139 B 143ms
33ms XHR
application/json 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://jssdks.mparticle.com/v2/JS/us1-8effeeabf3a9674f85c6c39bc2a9292e/Events
Requested by: Host: jssdkcdns.mparticle.com
URL: https://jssdkcdns.mparticle.com/js/v2/us1-8effeeabf3a9674f85c6c39bc2a9292e/mparticle.js?env=0&plan_id=elko_test_plan&plan_version=4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 3ea73ee6a4b5fe1e707bd725d6eaf0a874ceef720ec8a9ee1b43b0661adfe513

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
server: Kestrel
x-timer: S1641833251.014363,VS0,VE11
x-origin-name: 7arPuRjnqGEhiMyprEtnLk--F_us1_origin
x-served-by: cache-mxp6959-MXP
vary: Accept-Encoding
x-cache: MISS
content-type: application/json
access-control-allow-origin: *
accept-ranges: bytes
via: 1.1 varnish
x-cache-hits: 0

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
324 B 136ms
36ms Image
image/gif 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54716522-2&cid=214812033.1641833250&jid=1715115866&_u=aHDAiUAjRAQCAE~&z=1764783912

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 140ms
36ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54716522-2&cid=214812033.1641833250&jid=1715115866&_u=aHDAiUAjRAQCAE~&z=1764783912

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 61d8dddc89691.preview.jpg
bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/8/f4/8f4638e8-30cc-52e6-bb54-915d37baed8f/ 8 KB
8 KB 19ms
18ms Image
image/jpeg 104.18.130.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/billingsgazette.com/content/tncms/assets/v3/editorial/8/f4/8f4638e8-30cc-52e6-bb54-915d37baed8f/61d8dddc89691.preview.jpg?crop=1631%2C917%2C0%2C80&resize=225%2C127&order=crop%2Cresize

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.130.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7ec4b07230bb457e7af498c5330fb910f7e848a73c3b91b67bed563085e264d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:30 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 82889
cf-polished: origSize=7826, status=webp_bigger
last-modified: Sat, 08 Jan 2022 00:42:05 GMT
x-robots-tag: noarchive
x-vcache: MISS
server: cloudflare
etag: "893255a1a7b7e853555cefbf60224f04"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=604800
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 09 Jan 2023 13:31:21 GMT
cache-control: public, max-age=31536000
cf-ray: 6cb7633a39cd6921-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 a9JORiXIKr5BlZrkHcnnVW.js Show response
sc.tynt.com/script/sc/ Frame 94DA 937 B
910 B 65ms
41ms Script
text/javascript 104.18.29.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sc.tynt.com/script/sc/a9JORiXIKr5BlZrkHcnnVW.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.29.199 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4181c0c92f5fe530888ea697489e81b930fb71b373bf0bb71cb3ce97714a8140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 507499
status: 200 OK
x-xss-protection: 1; mode=block
x-request-id: 04f97c54-9d35-47a4-9a5c-b66492de6dec
x-runtime: 0.002739
x-content-digest: 3b706c5fd5f534271bfbfb54b8f4792de21ce79e
last-modified: Mon, 03 Jan 2022 15:08:26 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600, public, s-maxage=172800
cf-ray: 6cb7633a8f10698b-FRA
x-rack-cache: fresh
expires: Tue, 04 Jan 2022 07:26:26 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 341ms
113ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1641833250939&dn=RCIV&iso=0&us_privacy=1YYN&img=https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fbillingsgazette.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Fc72cf8ac-c550-11ea-86bd-3761faee86a6.jpg%3Fcrop%3D630%252C630%252C285%252C0%26resize%3D200%252C200%26order%3Dcrop%252Cresize&ct=billingsgazette.com%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&t=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&cu=https%3A%2F%2Fbillingsgazette.com%2F
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 i99g3gee_content_config_1627585676199.js Show response
dkpklk99llpj0.cloudfront.net/ 845 B
1 KB 61ms
12ms Script
application/javascript 2600:9000:2156:4400:e:98bf:5f00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_content_config_1627585676199.js
Requested by: Host: d81mfvml8p5ml.cloudfront.net
URL: https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4400:e:98bf:5f00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c564ab82eab3ab608280194eefcee40765ab7872e8ed349e806e3c3170c4631

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 29 Jul 2021 19:12:01 GMT
via: 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jul 2021 19:07:57 GMT
server: AmazonS3
age: 14247331
etag: "139043e0f27d6df6fda9a9005cd5c871"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 845
x-amz-cf-id: y6tMkIpc34XzKsTHJHY_wBig95_1SjunTpxHBEqr8FAlU_swqQYdkg==

GET
H2 200 i99g3gee_1606137453919.js Show response
dkpklk99llpj0.cloudfront.net/ 48 KB
15 KB 61ms
12ms Script
application/javascript 2600:9000:2156:4400:e:98bf:5f00:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Requested by: Host: d81mfvml8p5ml.cloudfront.net
URL: https://d81mfvml8p5ml.cloudfront.net/i99g3gee.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:4400:e:98bf:5f00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 19ee3ded1fe83e848e9b5cb0831689460e07c7d3d867fc692c84dc1106086293

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 16 Apr 2021 04:54:05 GMT
content-encoding: gzip
last-modified: Mon, 23 Nov 2020 13:17:46 GMT
server: AmazonS3
age: 23284407
etag: W/"c1157a2d0ff0aa862fb2fbffb06ab4d1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
via: 1.1 5ad96647558bd4911f05189f8afefd98.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: vY6t7bEnGPVclQZ9Gh9aAzLWGFKOnc0RytZb_wF19ayybCq6LX9EDw==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F35F 0
0 44ms
43ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvuBdnsCqMWxdid4sFjZXmoR78O-YqS4J8xbGFPy3cTVhyXAAhGS0zaQk-W3JBn5L3VvByAQjhov1LFGINxljco4siuoksJ3kSVHWWLR2wa3hJdvsYiEUidBfTtK32xaMTgrDO4RNuBQddtsW9yi4tMojMZDfNh9xvE3fSX8YF778zemwXnEyYnywtbTdQ9R_q-n1_l9lFE4n96sGZG_S3BIVQeMQPi4zi8F9uRchpghKBcZa47VfPvb1r3MzolmG-3eaNXzUPDtLIw3oKeTByfgIUkztmglRLQangSMCDbUBuwA7H_ipCgINgvh1bCSK1cFYqsQf_G9wAJsw&sig=Cg0ArKJSzJHFVMCONHA2EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 401
Unauthorized zone
serving.roimediaconsultants.com/servlet/view/banner/javascript/ Frame F35F 0
0 616ms
97ms Script
text/html 159.89.191.251
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://serving.roimediaconsultants.com/servlet/view/banner/javascript/zone?zid=2460&friendly=friendly_1488548298&pid=9&fr=60&frlm=1&rmpid=true&random=1488548298&origin=https%3A%2F%2Fbillingsgazette.com&referrer=https://billingsgazette.com
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.89.191.251 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: roimedia-nyc-07.advertserve.org
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 /
www.facebook.com/tr/ 44 B
408 B 24ms
7ms Image
image/gif 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=961211893969940&ev=Domain&dl=https%3A%2F%2Fbillingsgazette.com%2F&rl=&if=false&ts=1641833251073&cd[custom_param]=billingsgazette.com&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1641833251039.309915464&it=1641833250411&coo=false&exp=p0&rqm=GET

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Mon, 10 Jan 2022 16:47:31 GMT

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 6283 0
18 B 16ms
7ms Document
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://billingsgazette.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://billingsgazette.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Mon, 10 Jan 2022 16:47:31 GMT

GET
H2 200 sic.js Show response
cdn-sic.33across.com/1/javascripts/ Frame 94DA 417 KB
112 KB 63ms
21ms Script
application/javascript 104.18.14.222
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-sic.33across.com/1/javascripts/sic.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-7b120a5-9b73d8fb.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.14.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Love
Resource Hash: 23da666ed29810ec4d906afc121a3853e6db58296b859836072a1ecd929591f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 13 Oct 2021 15:42:53 GMT
server: cloudflare
age: 407040
x-powered-by: Love
etag: W/"6166fe7d-683be"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=3600
cf-ray: 6cb7633bbd5b6973-FRA
expires: Mon, 10 Jan 2022 17:47:31 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 53B8 0
0 41ms
41ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst-e-RpBpRXr-Oe77yScKL6CvyQkGJVtk3qUfRhwSq62WrOYOFZO-iXN4dhxiKOtpPUjRTp7teveSoUKD0-qEGdqNRoAKmVAMUqsk1gm7eDPd83yie2Ji8s2-E2K-HSDVyNp8Qzgf38dFNgVo53mwz5Wb_A_Egmf3hYgeQzaqK6e8jZw_zOx_xcEuow6R3ZPWukyqR5T76v4fmJI6iIVoQFLNlGjTCJ2IgplrYCbjiyGez7uEqWTfKsX4-_AnqPR4Kys345iii5iqD2kppkoOYDk3zE35YfrIvrs2NPG4dLeTPcRDBggco42JPSOQLHWIwYxgeZr4jqwb0hNQ&sig=Cg0ArKJSzIDBp69DypQSEAE&uach_m=[UACH]&adurl=

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 53B8 0
0 42ms
42ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuaV4kqTuvQBFvKyoJsSMsPLp5TTkPDTXCoJ43UX9x4acYMj9Ctvc5XAOoE0snwutrBKuA6IvfjF5yUQgb0hVPwF9GvwXusNQwPSD2bddn9EHg1uo-spsfcpYOLsKB12gHYBB-xGw5-Ug0kpEjyOAfYaws5OgitE4wojOcBapWK7puA6rcVzTB6hVZa55l8f_IMBi1UMDvgXUUdsRz7l0TM_JIqRVMa342zM2HVfX8Hqx2LVWf9L3R2pgSW0K02ng92AEKpLGJBxNZy3oRcDirimEn0S-WVqtde5R31VWV2uGLM8-D9n9uPaAQseYDri060W9dAG68M-2ZBS74Z&sig=Cg0ArKJSzEWxjKPXEYKrEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 10 Jan 2022 16:47:31 GMT

GET
DATA 200
OK truncated
/ Frame 53B8 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 74b338358b894f617ddf4fbabf85172e38af881578af6a5dce02a6a6f8025b02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 /
billingsgazette.com/tncms/tracking/tncms-dmp/audience-extraction/ 0
161 B 107ms
106ms Ping
application/octet-stream 192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/tncms/tracking/tncms-dmp/audience-extraction/?d=%7B%22name%22%3A%22client%22%2C%22value%22%3A6881%7D&i=1641833250034,
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/shared-content/art/tncms/tracking.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

real-hostname: billingsgazette.com
x-vcache: MISS
age: 0
date: Mon, 10 Jan 2022 16:47:31 GMT
content-type: application/octet-stream
cache-control: s-maxage=0, private, no-cache
accept-ranges: bytes
content-length: 0

GET
H2

200

challenge
billingsgazette.com/_services/v1/client_captcha/
Redirect Chain

https://billingsgazette.com/tncms/tracking/classifieds/featured/?i=0ada0bb8-b89d-5a3b-8435-7a5cf033defc,
https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwyTnNZWE56YVdacFpXUnpMMlpsWVhSMWNtVmtMejlwUFRCaFpHRXdZbUk0TFdJNE9XUXROV0V...

3 KB
3 KB

105ms
105ms

Ping
text/html

192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwyTnNZWE56YVdacFpXUnpMMlpsWVhSMWNtVmtMejlwUFRCaFpHRXdZbUk0TFdJNE9XUXROV0V6WWkwNE5ETTFMVGRoTldObU1ETXpaR1ZtWXl3OjE2NDE4MzMyNTE6MHg2NGEwYTU0ZDE2YzFkODVhYWEyZTkyNzBmMDFiNDBmMDEwNDgwYmY0
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: 10077710e68b9491d9ce42ae5a38394b56d4997317e452573c8710597ccc064f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: no-cache
age: 0
accept-ranges: bytes
content-length: 3156
content-type: text/html; charset=utf-8

Redirect headers

location: /_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwyTnNZWE56YVdacFpXUnpMMlpsWVhSMWNtVmtMejlwUFRCaFpHRXdZbUk0TFdJNE9XUXROV0V6WWkwNE5ETTFMVGRoTldObU1ETXpaR1ZtWXl3OjE2NDE4MzMyNTE6MHg2NGEwYTU0ZDE2YzFkODVhYWEyZTkyNzBmMDFiNDBmMDEwNDgwYmY0
date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: no-cache, no-store
content-length: 17

GET
H2

200

challenge
billingsgazette.com/_services/v1/client_captcha/
Redirect Chain

https://billingsgazette.com/tncms/tracking/business/block/?i=1e1ca81b-e88e-53e0-82e5-041b756b3e0f,ee0021c8-b247-5a77-9ba5-816ebb2448ea,757dc4ca-ebbd-59f5-9afe-1546bf452851,
https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwySjFjMmx1WlhOekwySnNiMk5yTHo5cFBURmxNV05oT0RGaUxXVTRPR1V0TlRObE1DMDRNbVU...

3 KB
3 KB

105ms
105ms

Ping
text/html

192.104.182.209
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://billingsgazette.com/_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwySjFjMmx1WlhOekwySnNiMk5yTHo5cFBURmxNV05oT0RGaUxXVTRPR1V0TlRObE1DMDRNbVUxTFRBME1XSTNOVFppTTJVd1ppeGxaVEF3TWpGak9DMWlNalEzTFRWaE56Y3RPV0poTlMwNE1UWmxZbUl5TkRRNFpXRXNOelUzWkdNMFkyRXRaV0ppWkMwMU9XWTFMVGxoWm1VdE1UVTBObUptTkRVeU9EVXhMQToxNjQxODMzMjUxOjB4YTAyMDA5NGQzZGVlNmRkZDk2NzVhMWJiNmE5Y2NjYmNlNjlmMWRmMw
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Server: 192.104.182.209 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.chicago2.vip.townnews.com
Software: /
Resource Hash: a6e66efd92cdb72e8ee71ab01fb4e6f77969075ebe1e62cda282dc24524ab6e1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: no-cache
age: 0
accept-ranges: bytes
content-length: 3278
content-type: text/html; charset=utf-8

Redirect headers

location: /_services/v1/client_captcha/challenge?request=X2xiX3JhdGVfZm9yZWlnbjpMM1J1WTIxekwzUnlZV05yYVc1bkwySjFjMmx1WlhOekwySnNiMk5yTHo5cFBURmxNV05oT0RGaUxXVTRPR1V0TlRObE1DMDRNbVUxTFRBME1XSTNOVFppTTJVd1ppeGxaVEF3TWpGak9DMWlNalEzTFRWaE56Y3RPV0poTlMwNE1UWmxZbUl5TkRRNFpXRXNOelUzWkdNMFkyRXRaV0ppWkMwMU9XWTFMVGxoWm1VdE1UVTBObUptTkRVeU9EVXhMQToxNjQxODMzMjUxOjB4YTAyMDA5NGQzZGVlNmRkZDk2NzVhMWJiNmE5Y2NjYmNlNjlmMWRmMw
date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: no-cache, no-store
content-length: 17

GET
H2 500 / Show response
am.freshrelevance.com/tpc/ Frame 80CE 0
67 B 113ms
31ms Document
text/plain 34.245.255.87
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://am.freshrelevance.com/tpc/
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.245.255.87 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-245-255-87.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
access-control-allow-origin: *

GET
H2 200 / Show response
c8.dycdn.net/i99g3gee/s/Temporary-Stop-Reminder/ 114 B
444 B 82ms
47ms XHR
application/json 2600:9000:2156:1600:16:f02f:46c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c8.dycdn.net/i99g3gee/s/Temporary-Stop-Reminder/?k=huymc65&format=full&user_state=anonymous&d=c96x2x4kh8&url=https%3A%2F%2Fbillingsgazette.com%2F&sbr=billingsgazette&curr=USD&lang=en
Requested by: Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1600:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d3ac1ce74d996fd1d5eb2f34feae5f87a3afa267474dc38308bf28a2f2462b9a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length: 114
x-amz-cf-id: MWUWsruILQ-SgKiQtu5Cfft_zwbPpE8Rw9ePU0MTEqC3B9cEhk6ngQ==

GET
H2 200 / Show response
c8.dycdn.net/i99g3gee/s/Recently-Cancelled-90-Days-Ago/ 121 B
451 B 90ms
56ms XHR
application/json 2600:9000:2156:1600:16:f02f:46c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c8.dycdn.net/i99g3gee/s/Recently-Cancelled-90-Days-Ago/?k=huymc65&format=full&user_state=anonymous&d=c96x2x4kh8&url=https%3A%2F%2Fbillingsgazette.com%2F&sbr=billingsgazette&curr=USD&lang=en
Requested by: Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1600:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 3e4515f504b3f855b5fa765e6201f1adc54882fdea7717665d5f86252937c40d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length: 121
x-amz-cf-id: f5J-Omdue1x-jgAStDfjm1dyEMcvTz-EjMc-teGVFw93wVA8Qp3NHw==

GET
H2 200 / Show response
c8.dycdn.net/i99g3gee/s/New-Subscribers-Who-Are-Not-Digitally-Activated-Yet/ 142 B
473 B 97ms
63ms XHR
application/json 2600:9000:2156:1600:16:f02f:46c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c8.dycdn.net/i99g3gee/s/New-Subscribers-Who-Are-Not-Digitally-Activated-Yet/?k=huymc65&format=full&user_state=anonymous&d=c96x2x4kh8&url=https%3A%2F%2Fbillingsgazette.com%2F&sbr=billingsgazette&curr=USD&lang=en
Requested by: Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1600:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: c7dd5e1772037fc42030a3f4102640364b8cc6ad696c549fa95f3d7f13041cb0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length: 142
x-amz-cf-id: bz1Z4xqETLDn54SRJb4XoLbiFR5kMUbgcOykNkds5YkJHBB7HEYVMQ==

GET
H2 200 / Show response
c8.dycdn.net/i99g3gee/s/Update-account-to-EZ-Pay/ 115 B
446 B 85ms
52ms XHR
application/json 2600:9000:2156:1600:16:f02f:46c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c8.dycdn.net/i99g3gee/s/Update-account-to-EZ-Pay/?k=huymc65&format=full&user_state=anonymous&d=c96x2x4kh8&url=https%3A%2F%2Fbillingsgazette.com%2F&sbr=billingsgazette&curr=USD&lang=en
Requested by: Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1600:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 28c34bd50c348323ceb8c44c6cbf5d3b5efdfcfa54b7fe00cbb7f5d0ea708bbf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length: 115
x-amz-cf-id: jF1n4CsWpYMul4F5WyWNfe5K5xa7ZKEjWbp_BGugc3HQ-KCylFy5TQ==

GET
H2 200 / Show response
c8.dycdn.net/i99g3gee/s/Registered-Not-Subscribed-Special-Offer/ 130 B
460 B 92ms
60ms XHR
application/json 2600:9000:2156:1600:16:f02f:46c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c8.dycdn.net/i99g3gee/s/Registered-Not-Subscribed-Special-Offer/?k=huymc65&format=full&user_state=anonymous&d=c96x2x4kh8&url=https%3A%2F%2Fbillingsgazette.com%2F&sbr=billingsgazette&curr=USD&lang=en
Requested by: Host: dkpklk99llpj0.cloudfront.net
URL: https://dkpklk99llpj0.cloudfront.net/i99g3gee_1606137453919.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:1600:16:f02f:46c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f216ada54fdf038b59f1a7ce80cc58cec13915002dacab7cfea2add06d3b420d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83128.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=20, must-revalidate, stale-while-revalidate=40, stale-if-error=40
content-length: 130
x-amz-cf-id: w03V2wFticB88TN6-6b8gY99b843LfpZGOOVQWxc3LT-Ypb6TWGu8A==

GET
H2 200 v2 Show response
de.tynt.com/deb/ 4 B
202 B 343ms
113ms Script
application/javascript 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?id=a9JORiXIKr5BlZrkHcnnVW&dn=RCIV&cc=1&r=&us_privacy=1YYN
Requested by: Host: cdn.tynt.com
URL: https://cdn.tynt.com/rciv.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: max-age=86400
content-type: application/javascript
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length: 4
expires: Tue, 11 Jan 2022 16:47:31 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 94DA 0
0 47ms
47ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvqWiB6QZBmSdRiBmauwTzlVNI_LKVaqflnPIfjaP0vyqT1DyY0_FWvAYzMLHOlzHR1UFJ2PEWZmzKsewM8u4SMLO9FbWCr-F_8HrnMT3ORlD-cdT5fxF07GLIdu_hJdL61reDuCp_nnGHbVHlYdjHe8pPQukzbmhsPYEdBOXoeeI1hiyW-7oSIHk1AP5AwFjri1SrNfsWnYvsaqHJreP7bJluwPLt742aSG7EjAyq3sfE1oyxBhfufksxFV6UZik1Y4sxLPVzLp7qFKsTIxwbxbTDvtmkaX8AoP9a3sEAnNKtxe2ii8vIwshxmnE75ESDWZHCnpKzbHTDkp6bh&sai=AMfl-YR43EfHxp7r83DLhaS2mHpfmaF_cQOisAWQzlFECsgfn8hbutKQx5Z8ZjxFDrdjAcoY0b-Rt-AZrCSFEeccknmKnnqCLDei9FJ8runHHPY2ug4L7FOl8SZ9PWx9NknA&sig=Cg0ArKJSzO4qWOfQGAJlEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 10 Jan 2022 16:47:31 GMT

GET
H2 200 sic.css
cdn-sic.33across.com/1/stylesheets/ 7 KB
2 KB 24ms
23ms Stylesheet
text/css 104.18.14.222
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-sic.33across.com/1/stylesheets/sic.css
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.14.222 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Love
Resource Hash: 4c821f2d169369324022057e9948ed8f9d45794d18b6c8c3fbbba900bb65158c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Wed, 13 Oct 2021 15:42:53 GMT
server: cloudflare
age: 433813
x-powered-by: Love
etag: W/"6166fe7d-1c90"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3600
cf-ray: 6cb7633caf956973-FRA
expires: Mon, 10 Jan 2022 17:47:31 GMT

GET
H/1.1 200
OK ast.js Show response
acdn.adnxs.com/ast/ Frame 2659 90 KB
32 KB 71ms
19ms Script
application/javascript 2.18.232.130
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ast/ast.js
Requested by: Host: cdn-sic.33across.com
URL: https://cdn-sic.33across.com/1/javascripts/sic.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.130 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-130.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a876f7590c4f5401126a7f86a487411e1edb22b7750b8d7e10dbc2fe1178939d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 10 Jan 2022 16:47:31 GMT
Content-Encoding: gzip
Last-Modified: Wed, 08 Dec 2021 15:43:06 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "61b0d28a-169ff"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Length: 32042
Expires: Tue, 11 Jan 2022 16:47:33 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 878B 134 KB
36 KB 11ms
11ms Script
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn-sic.33across.com
URL: https://cdn-sic.33across.com/1/javascripts/sic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: Server /
Resource Hash: de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: qkOcdGsoDUMvfWusL4m2BAijBZa3LkSN
content-encoding: gzip
etag: 1e39d25f07f5619925357b752ab10d04
age: 310
x-cache: Hit from cloudfront
server: Server
x-amz-rid: 1N5660MRJCVXZ7J6PY16
date: Mon, 10 Jan 2022 16:42:21 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 a267c4458d5587daaaf85f1d134a02d4.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: aFg4YhS6xeRcQAFWZeTQmqY-Fv7MZ8MWfm4lpkBf9Ebfhzr7U4A4gQ==

GET
H2 200 authorize Show response
sic.33across.com/ 2 KB
1 KB 361ms
115ms Script
text/javascript 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL

https://sic.33across.com/authorize?usPrivacy=1YYN&version=3.19.0&agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F97.0.4692.71%20Safari%2F537.36&product=inview&userId=&lexId=&sessionId=&publisherURL=https%3A%2F%2Fbillingsgazette.com%2F&referrerURL=&publisherId=a9JORiXIKr5BlZrkHcnnVW&publisher=lee728.net&maxTouchPoints=0&navigatorPropsCount=61&viewportWidth=1600&viewportHeight=1200&screenWidth=1600&screenHeight=1200&screenAvailHeight=1200&devicePixelRatio=1&scrollX=0&scrollY=0&pageVisibility=visible&pageWidth=1600&pageHeight=7212&_=1641833251313&callback=_tynt_jp.aipd8udiu

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

67.202.105.22 , United States, ASN32748 (STEADFAST, US),

Reverse DNS

ip22.67-202-105.static.steadfastdns.net

Software

/ Love

Resource Hash

1c21c3719bc99c619e47f5ed25b0f346cb8a67a38bf71cc45957753ace65162f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200 OK
x-powered-by: Love
etag: W/"625-+lBQ9D4OTev3ushHNeVaVSyNqyY"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
access-control-allow-origin: *
access-control-allow-credentials: true
content-type: text/javascript; charset=utf-8
access-control-allow-headers: X-Requested-With, Authorization

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 112ms
112ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1641833250939&dn=RCIV&iso=0&us_privacy=1YYN&img=https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fbillingsgazette.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Fc72cf8ac-c550-11ea-86bd-3761faee86a6.jpg%3Fcrop%3D630%252C630%252C285%252C0%26resize%3D200%252C200%26order%3Dcrop%252Cresize&ct=billingsgazette.com%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&t=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&cu=https%3A%2F%2Fbillingsgazette.com%2F
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 878B 6 KB
3 KB 9ms
8ms XHR
application/javascript 143.204.95.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-95-188.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-amz-version-id: L2_MRp8KwiUR7xIWXZFooLHRBfnaqY96
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 31330
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 22 Dec 2021 01:41:37 GMT
server: AmazonS3
date: Mon, 10 Jan 2022 08:05:22 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 1f49a084ca923f375f74b42fa36ef428.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: g5ChXL9JkPJ-_nMVP3M0CKF3OgZQwNmkQ3P57NuAVU8ovVx1S8jTnw==

GET
H2 200 v2 Show response
de.tynt.com/deb/ 4 B
202 B 200ms
112ms Script
application/javascript 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&id=a9JORiXIKr5BlZrkHcnnVW&dn=RCIV&cc=1&r=&us_privacy=1YYN
Requested by: Host: cdn.tynt.com
URL: https://cdn.tynt.com/rciv.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: max-age=86400
content-type: application/javascript
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length: 4
expires: Tue, 11 Jan 2022 16:47:31 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 110ms
110ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1641833250939&dn=RCIV&iso=0&us_privacy=1YYN&img=https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fbillingsgazette.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Fc72cf8ac-c550-11ea-86bd-3761faee86a6.jpg%3Fcrop%3D630%252C630%252C285%252C0%26resize%3D200%252C200%26order%3Dcrop%252Cresize&ct=billingsgazette.com%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.&t=The%20Billings%20Gazette%20%7C%20Montana%20Wyoming%20Breaking%20Ne%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1 200
OK a-012k Show response
i.liadm.com/s/c/ Frame E6E4 1 KB
1 KB 424ms
114ms Document
text/html 3.229.102.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://i.liadm.com/s/c/a-012k?s=&cim=&ps=true&ls=true&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.229.102.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-229-102-111.compute-1.amazonaws.com

Software

Resource Hash

81bf0b6e3e2a2dc2bc0f62484bd9f55bc163714a8fa868f0537eafae60097d9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

Cache-Control: private, no-cache, max-age=0
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 10 Jan 2022 16:47:31 GMT
ETag: 1.61803398874
Strict-Transport-Security: max-age=31536000; includeSubDomains
trace-id: cb835eb3fd878917
Vary: Accept-Encoding
Content-Length: 639
Connection: keep-alive

GET
H/1.1 200
OK baker
sli.billingsgazette.com/ 19 B
372 B 172ms
44ms Image
image/gif 2.16.186.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sli.billingsgazette.com/baker?dtstmp=1641833251450
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 10 Jan 2022 16:47:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Expires: Mon, 10 Jan 2022 16:47:31 GMT
Connection: keep-alive
Content-Length: 19
Content-Type: image/gif

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 110ms
109ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1641833250939&dn=RCIV&iso=0&us_privacy=1YYN&img=https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fbillingsgazette.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Fc72cf8ac-c550-11ea-86bd-3761faee86a6.jpg%3Fcrop%3D630%252C630%252C285%252C0%26resize%3D200%252C200%26order%3Dcrop%252Cresize&ct=billingsgazette.com%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

POST
H3 200 / Show response
www.facebook.com/tr/ Frame A7F5 0
15 B 9ms
9ms Document
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: billingsgazette.com
URL: https://billingsgazette.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://billingsgazette.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://billingsgazette.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Mon, 10 Jan 2022 16:47:31 GMT

GET
H3 200 adv-banner.315px;) Show response
fundingchoicesmessages.google.com/f/AGSKWxVB-d_cDELT3DZGr4U1sKTVGcliA-B0J7BCbfhFIYSX0mubRo-wDnBogR-LTg8qNIHEtqZT9Wwi4tVH4dXwtSMjx11L6tDO6vQhBpPCmGn5220gAo38ueqMNqRAlNBJqk_cr9z6Qt4xjjTyX2otsJwZgOe3v... 54 B
106 B 26ms
26ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVB-d_cDELT3DZGr4U1sKTVGcliA-B0J7BCbfhFIYSX0mubRo-wDnBogR-LTg8qNIHEtqZT9Wwi4tVH4dXwtSMjx11L6tDO6vQhBpPCmGn5220gAo38ueqMNqRAlNBJqk_cr9z6Qt4xjjTyX2otsJwZgOe3vor4wh-vSoeFtS6uf53N6pf3wAe1kNuN1AMCIEId1jo1xh7dd4LeJP8iR0F9cQQDqk6BGRDRTvyBibYZag==/_/advideo./ad_blog./cdn.ad./adv-banner.315px;)

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b85a278f4bbab557fee88a1c3cb741b891c524c9dc185eb494994316da56e25a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Uq4kN54KjX1ooH5zlVQBew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Uq4kN54KjX1ooH5zlVQBew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'report-sample' 'nonce-Uq4kN54KjX1ooH5zlVQBew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-Uq4kN54KjX1ooH5zlVQBew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lidar.js Show response
pagead2.googlesyndication.com/pagead/js/ 77 KB
28 KB 34ms
7ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/lidar.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

5e92504ef4eb27d944b38d96e7a191387eb3e4bb982527f6ad4fa463ff723d87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 15:51:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3342
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28735
x-xss-protection: 0
server: cafe
etag: 7402466414900716808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 10 Jan 2022 16:51:49 GMT

POST
H3 204 AGSKWxWJg3wiyu0YB3TdBxIM1nMoGuRDHFqXtPVX2LP4DnTAFVI9jgWkKEbSc5uy9H400W2Un7Trgt6Awss7sAa8ZlfufCDihYRlToSHBqeJnOh2mKDcamNceQrd3bQCSYcqDmlNnNqI2r7RRh6KJVPtwsTmkFki0BZNRKRPNjc0jbQPJ9UKNZKytWfo5X0= Show response
fundingchoicesmessages.google.com/el/ 0
26 B 37ms
22ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxWJg3wiyu0YB3TdBxIM1nMoGuRDHFqXtPVX2LP4DnTAFVI9jgWkKEbSc5uy9H400W2Un7Trgt6Awss7sAa8ZlfufCDihYRlToSHBqeJnOh2mKDcamNceQrd3bQCSYcqDmlNnNqI2r7RRh6KJVPtwsTmkFki0BZNRKRPNjc0jbQPJ9UKNZKytWfo5X0=

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.P4_i3SKTBvs.es5.O/d=1/exm=kernel_loader/rs=AJlcJMxOqacJ6_pWnnZmCd5Nfl53OCQZSg/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uI7pjdwDz6jDKZ41zyAJXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-uI7pjdwDz6jDKZ41zyAJXA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-uI7pjdwDz6jDKZ41zyAJXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-uI7pjdwDz6jDKZ41zyAJXA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame F35F 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 00e56cfdfbca341d88157faf25f3861da10e0cface78a8a0b662ba42601c723c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame F35F 0
0 42ms
42ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvX1ohojnmQVkKNIGhVEegfklfhBjoACbgZI-_ZafOjLuF8dGw4HawC2cxi8iCzHNyejtWESG_Bi0rqNgnN2YZ5zc3Oe7myz4aqG9Zr4NUMVwgzb9UctzHMvEGIhiuU-ZwIzSWhrTDGCH4ndtsCqvBc7gTL0zHd0cpcteYAbASbRsV3k_lusyHbnVH9sFUckI87Ifv8fGtziCWhbnHQazJCNllhJcYyjIWvKhW3CsHiJHE4LzZBD7a5GZN33irSKBRmx8SeyzG2HcMDg4exi6529Y7wiBgPjGWdzps3k-VK7Mw0hx71UKHCNNN5M1OmdkbNdM2k-OVm7zOIeLTt&sig=Cg0ArKJSzLVFBRRira69EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 10 Jan 2022 16:47:31 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 113ms
113ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1641833250939&dn=RCIV&iso=0&us_privacy=1YYN&img=https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fbillingsgazette.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Fc72cf8ac-c550-11ea-86bd-3761faee86a6.jpg%3Fcrop%3D630%252C630%252C285%252C0%26resize%3D200%252C200%26order%3Dcrop%252Cresize&ct=billingsgazette.com%20%7C%20Read%20Billings%2C%20Montana%20and%20Montana%20breaking%20news.%20Get%20latest%20news%2C%20events%20and%20information%20on%20Montana%20sports%2C%20weather%2C%20entertainment%20and%20lifestyles.
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

POST
H3 204 AGSKWxWJg3wiyu0YB3TdBxIM1nMoGuRDHFqXtPVX2LP4DnTAFVI9jgWkKEbSc5uy9H400W2Un7Trgt6Awss7sAa8ZlfufCDihYRlToSHBqeJnOh2mKDcamNceQrd3bQCSYcqDmlNnNqI2r7RRh6KJVPtwsTmkFki0BZNRKRPNjc0jbQPJ9UKNZKytWfo5X0= Show response
fundingchoicesmessages.google.com/el/ 0
25 B 33ms
33ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AOrN+zLfMfposII+bKztLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AOrN+zLfMfposII+bKztLw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AOrN+zLfMfposII+bKztLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AOrN+zLfMfposII+bKztLw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame AB17 78 KB
26 KB 31ms
30ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn-sic.33across.com
URL: https://cdn-sic.33across.com/1/javascripts/sic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

3f9015c499bd1271c846320ce7319c22a88caa022a240e8c9b2cc62d3a4361a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26983
x-xss-protection: 0
server: sffe
etag: "1097 / 909 of 1000 / last-modified: 1641807575"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 10 Jan 2022 16:47:31 GMT

POST
H3 204 AGSKWxWJg3wiyu0YB3TdBxIM1nMoGuRDHFqXtPVX2LP4DnTAFVI9jgWkKEbSc5uy9H400W2Un7Trgt6Awss7sAa8ZlfufCDihYRlToSHBqeJnOh2mKDcamNceQrd3bQCSYcqDmlNnNqI2r7RRh6KJVPtwsTmkFki0BZNRKRPNjc0jbQPJ9UKNZKytWfo5X0= Show response
fundingchoicesmessages.google.com/el/ 0
25 B 31ms
31ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5iht/hjbJe97c2G1r1uvdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-5iht/hjbJe97c2G1r1uvdw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-5iht/hjbJe97c2G1r1uvdw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-5iht/hjbJe97c2G1r1uvdw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxWJg3wiyu0YB3TdBxIM1nMoGuRDHFqXtPVX2LP4DnTAFVI9jgWkKEbSc5uy9H400W2Un7Trgt6Awss7sAa8ZlfufCDihYRlToSHBqeJnOh2mKDcamNceQrd3bQCSYcqDmlNnNqI2r7RRh6KJVPtwsTmkFki0BZNRKRPNjc0jbQPJ9UKNZKytWfo5X0= Show response
fundingchoicesmessages.google.com/el/ 0
25 B 59ms
59ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oQcKOO7N5C5p/0EUqD11Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-oQcKOO7N5C5p/0EUqD11Ow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: script-src 'report-sample' 'nonce-oQcKOO7N5C5p/0EUqD11Ow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-oQcKOO7N5C5p/0EUqD11Ow' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxVYjtRaXSTTe-Sxbg754ueX6pUcbj-RT-1_G3zloFYz9gV-w6Ep8av1HbrisO-dpv8pMRnNrQR1SudXGylWhm_aTqqNa-vhB6eabOpOaVEO_qZc_h2rq43GaiDnlORdZ11NojfMdIYnooZygjOE68Uzu8PTZodscBQyTEEUN6w9i1eRUElJbe1NQgU= Show response
fundingchoicesmessages.google.com/f/ 38 KB
14 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVYjtRaXSTTe-Sxbg754ueX6pUcbj-RT-1_G3zloFYz9gV-w6Ep8av1HbrisO-dpv8pMRnNrQR1SudXGylWhm_aTqqNa-vhB6eabOpOaVEO_qZc_h2rq43GaiDnlORdZ11NojfMdIYnooZygjOE68Uzu8PTZodscBQyTEEUN6w9i1eRUElJbe1NQgU=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjQxODMzMjUxLDcwNTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDEsMSxudWxsLG51bGwsMV0sImh0dHBzOi8vYmlsbGluZ3NnYXpldHRlLmNvbS8iLG51bGwsW11d

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

811f32067597fd2dd573e14aec7c2f4256ae30808aa95e3a0edb9d713dfd183c

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-iSLuMc+AxBbM8Vu1Fs48qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-iSLuMc+AxBbM8Vu1Fs48qg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-iSLuMc+AxBbM8Vu1Fs48qg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-iSLuMc+AxBbM8Vu1Fs48qg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2022010407.js Show response
securepubads.g.doubleclick.net/gpt/ Frame AB17 352 KB
118 KB 27ms
26ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

d4d964d6d34df7fde3554039d33b468b74afee14d6526a87b926688f0fc8d93c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120967
x-xss-protection: 0
last-modified: Tue, 04 Jan 2022 16:13:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 10 Jan 2022 16:47:31 GMT

POST
H3 204 AGSKWxUrMit73yT3Ttt71peb1hkVuGfpwEGEBMdml5v4I-bQRUXXCB6sNtAkvdQJNRJz5oEB0pqbqm8Ob8WCGMzP9auph-jCfmcQs2zHwmzCH7054BnzQOw_1gR5Be3jAnzS1ifBg8uzR4NJ1pm4irWo_MWivUznTZvi_Vh84zatbnpSd-F2x1tzbEqhCMQ= Show response
fundingchoicesmessages.google.com/el/ 0
26 B 29ms
29ms XHR
text/html 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUrMit73yT3Ttt71peb1hkVuGfpwEGEBMdml5v4I-bQRUXXCB6sNtAkvdQJNRJz5oEB0pqbqm8Ob8WCGMzP9auph-jCfmcQs2zHwmzCH7054BnzQOw_1gR5Be3jAnzS1ifBg8uzR4NJ1pm4irWo_MWivUznTZvi_Vh84zatbnpSd-F2x1tzbEqhCMQ=

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingCookieRefreshClientJs.de.6Mu4u9ddccc.es5.O/d=1/rs=AJlcJMxAVbpACsG-n5sfV9lYuJ-Ie7tX9g/m=cookie_refresh

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-QTNACngO0Pb/a9irS4tvvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-QTNACngO0Pb/a9irS4tvvQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://billingsgazette.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://billingsgazette.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-QTNACngO0Pb/a9irS4tvvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-QTNACngO0Pb/a9irS4tvvQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 110ms
109ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1641833250939&dn=RCIV&iso=0&us_privacy=1YYN&img=https%3A%2F%2Fbloximages.chicago2.vip.townnews.com%2Fbillingsgazette.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2Fc72cf8ac-c550-11ea-86bd-3761faee86a6.jpg%3Fcrop%3D630%252C630%252C285%252C0%26resize%3D200%252C200%26order%3Dcrop%252Cresize
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1

200
OK

e2ce32418a5e43c89ec419ab06b5c751
i.liadm.com/s/e/a-012k/0/ Frame E6E4
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-012k%2F0%2Fe2ce32418a5e43c89ec419ab06b5c751%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&d153adc3-f42d-4d65-b977-40b...
https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=7156&muid=fb0f61dc-6323-4f00-89ac-0d5e8a118117

43 B
285 B

99ms
99ms

Image
image/gif

3.229.102.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=7156&muid=fb0f61dc-6323-4f00-89ac-0d5e8a118117

Requested by

Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-012k?s=&cim=&ps=true&ls=true&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Protocol

HTTP/1.1

Server

3.229.102.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-229-102-111.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 10 Jan 2022 16:47:31 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 41c3b9e8ea89ed83
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Date: Mon, 10 Jan 2022 16:47:31 GMT
Server: MT3 4133 baa842e master cdg-pixel-x13 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=7156&muid=fb0f61dc-6323-4f00-89ac-0d5e8a118117
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 10 Jan 2022 16:47:30 GMT

GET
H/1.1

200
OK

35759
i6.liadm.com/s/ Frame E6E4
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=liveintent&ttd_tpi=1
https://i.liadm.com/s/35759?bidder_id=44489&bidder_uuid=b02ca7f6-f198-4367-a14a-a4eef8dba124
https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=b02ca7f6-f198-4367-a14a-a4eef8dba124

43 B
447 B

584ms
122ms

Image
image/gif

2600:1f18:444a:4680:469d:1ee7:c700:42a5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=b02ca7f6-f198-4367-a14a-a4eef8dba124

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:444a:4680:469d:1ee7:c700:42a5 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 10 Jan 2022 16:47:32 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 9e18649c94b14b38
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/35759?bidder_id=44489&bidder_uuid=b02ca7f6-f198-4367-a14a-a4eef8dba124
Date: Mon, 10 Jan 2022 16:47:31 GMT
Connection: keep-alive
trace-id: 40edcbf672d02e78
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

e2ce32418a5e43c89ec419ab06b5c751
i.liadm.com/s/e/a-012k/0/ Frame E6E4
Redirect Chain

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-012k%2F0%2Fe2ce32418a5e43c89ec419ab06b5c751%3Fmpid%3D82775%26muid%3D%2...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-012k%2F0%2Fe2ce32418a5e43c89ec419ab06b5c751%3Fmp...
https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=82775&muid=66770858859221020563657393955851330132

43 B
285 B

271ms
177ms

Image
image/gif

3.229.102.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=82775&muid=66770858859221020563657393955851330132

Requested by

Protocol

HTTP/1.1

Server

3.229.102.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-229-102-111.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 10 Jan 2022 16:47:32 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 4dc3377987da4450
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

DCS: dcs-prod-irl1-1-v026-0de66d8e8.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 1vmBBnUhTvA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://i.liadm.com/s/e/a-012k/0/e2ce32418a5e43c89ec419ab06b5c751?mpid=82775&muid=66770858859221020563657393955851330132
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

live_intent_sync
x.dlx.addthis.com/e/ Frame E6E4
Redirect Chain

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=d153adc3-f42d-4d65-b977-40b60bb563d1
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=d153adc3-f42d-4d65-b977-40b60bb563d1&rd=Y

43 B
603 B

292ms
291ms

Image
image/gif

104.111.215.191
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=d153adc3-f42d-4d65-b977-40b60bb563d1&rd=Y

Requested by

Protocol

Server

104.111.215.191 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-215-191.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:32 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 10 Jan 2022 16:47:32 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

Redirect headers

location: https://x.dlx.addthis.com/e/live_intent_sync?na_exid=d153adc3-f42d-4d65-b977-40b60bb563d1&rd=Y
pragma: no-cache
date: Mon, 10 Jan 2022 16:47:32 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Mon, 10 Jan 2022 16:47:32 GMT

GET
H/1.1

200
OK

52176
i6.liadm.com/s/ Frame E6E4
Redirect Chain

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7
https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7

43 B
447 B

528ms
92ms

Image
image/gif

2600:1f18:444a:4680:469d:1ee7:c700:42a5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:444a:4680:469d:1ee7:c700:42a5 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 10 Jan 2022 16:47:32 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: f10e5610b7fc46d2
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/52176?bidder_id=5298&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7
Date: Mon, 10 Jan 2022 16:47:31 GMT
Connection: keep-alive
trace-id: f566b43b436af886
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H/1.1

200
OK

52164
i.liadm.com/s/ Frame E6E4
Redirect Chain

https://x.bidswitch.net/sync?ssp=liveintent&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1
https://x.bidswitch.net/ul_cb/sync?ssp=liveintent&user_id=d153adc3-f42d-4d65-b977-40b60bb563d1
https://sync.srv.stackadapt.com/sync?nid=50&gdpr=&gdpr_consent=&gdpr_pd=&ssp=liveintent
https://x.bidswitch.net/sync?dsp_id=188&user_id=uUSb5RFUTFpWib4-lr5ey9lAlwM&user_group=1&ssp=liveintent
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7

43 B
447 B

124ms
124ms

Image
image/gif

3.229.102.111
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7

Requested by

Protocol

HTTP/1.1

Server

3.229.102.111 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-229-102-111.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Mon, 10 Jan 2022 16:47:31 GMT
Cache-Control: no-store
Connection: keep-alive
trace-id: 0fd6996858214ae4
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: //i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=f955a6c9-397c-4ae3-8a72-a1741674c0e7
Date: Mon, 10 Jan 2022 16:47:32 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 /
trc.taboola.com/sg/liveintent/1/cm/ Frame E6E4 43 B
231 B 92ms
48ms Image
image/gif 2a04:4e42:600::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/liveintent/1/cm/
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-012k?s=&cim=&ps=true&ls=true&duid=e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-vcl-time-ms: 28
pragma: no-cache
date: Mon, 10 Jan 2022 16:47:31 GMT
via: 1.1 varnish
server: nginx
x-timer: S1641833252.942170,VS0,VE28
x-served-by: cache-mxp6940-MXP
x-cache: MISS
cache-control: no-cache, no-store
accept-ranges: bytes
x-cache-hits: 0

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 111ms
111ms Image
text/plain 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=a9JORiXIKr5BlZrkHcnnVW&lm=6&ts=1641833250939&dn=RCIV&iso=0&us_privacy=1YYN
Requested by: Host: billingsgazette.com
URL: https://billingsgazette.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:31 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 53B8 42 B
64 B 91ms
91ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuUH9hMPzq4aQwmkcj4fBoqh5F6d_EDvySdxicMwB3HmW1WhEIXz9ixwAzhkcCJGIkjtVLQE_GZLK3rEYTcd6R-sVGs2yJSMkP8DiN0gkaQLzPhrXUh&sig=Cg0ArKJSzImQRq9DTBfsEAE&id=lidar2&mcvt=1000&p=288,315,538,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220105&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=822736253&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1641833250835&rpt=386&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 94DA 42 B
64 B 100ms
99ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvdB71JgjQM9ROgzojEU3TzAn_et_1E45LauhtfbP1ZIqUtUb6bcy72mgzJO-OcGbhltZ753fna-jHDQXfJZcbsi-3YyHW6ejT8MQIp_vUPnHB8C7-n&sig=Cg0ArKJSzClZQ2IpnprYEAE&id=lidar2&mcvt=1000&p=1,800,2,801&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220105&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=4005652246&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1641833250283&rpt=1012&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F35F 42 B
64 B 65ms
64ms Fetch
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstIjk6vH80a7Tt_IL1QBx0SNKlAR5tkT2Uyyp2cEM829XS_wW0XLrpqB45fitJYQbzBVjkb1Spu0yKpOxSIvdBGHAKQhhMrOBflvtGYKxESLA7eak_V&sig=Cg0ArKJSzPFmf29QekbFEAE&id=lidar2&mcvt=1001&p=873,1180,1123,1480&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20220105&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=19&adk=1452497353&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1641833250750&rpt=908&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rt=ifr Show response
bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Tota... Frame 2E33
Redirect Chain

https://bcp.crwdcntrl.net/5/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20T...
https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3...

929 B
2 KB

76ms
75ms

Document
text/html

52.19.22.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.19.22.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-19-22-209.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: bf315a90b3e6ad33a41c22576dac9faf7107d43c8c7728ec17a4ba676b5dffcc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

date: Mon, 10 Jan 2022 16:47:33 GMT
content-type: text/html;charset=utf-8
content-length: 929
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.23.61
access-control-allow-origin: *
server: Jetty(9.4.38.v20210224)

Redirect headers

date: Mon, 10 Jan 2022 16:47:32 GMT
content-length: 0
location: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
cache-control: no-cache
pragma: no-cache
expires: 0
x-server: 10.45.29.124
server: Jetty(9.4.38.v20210224)

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 19ms
19ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022010407&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022010407.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

619471924b1651c4f02e2da75dbe219f3a3306b5704c6a65db1616fb7cf1391a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8706
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 186ms
185ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 10 Jan 2022 16:47:33 GMT

GET
H2 404 insync
thrtle.com/ Frame 2E33 0
0 301ms
99ms Image
text/html 3.211.7.2
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://thrtle.com/insync?vxii_pid=10014&vxii_pdid=dea71a9141598ee40878d1bd557244ef
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.7.2 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-7-2.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H2 200 382416.gif
idsync.rlcdn.com/ Frame 2E33 42 B
419 B 39ms
15ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/382416.gif?partner_uid=dea71a9141598ee40878d1bd557244ef&gdpr=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 10 Jan 2022 16:47:33 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2

204

/
loadm.exelator.com/load/ Frame 2E33
Redirect Chain

https://loadm.exelator.com/load/?p=204&g=260&buid=dea71a9141598ee40878d1bd557244ef&j=0
https://loadm.exelator.com/load/?p=204&g=260&buid=dea71a9141598ee40878d1bd557244ef&j=0&xl8blockcheck=1

0
751 B

31ms
31ms

Image
text/plain

34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=260&buid=dea71a9141598ee40878d1bd557244ef&j=0&xl8blockcheck=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
Protocol: H2
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:33 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Mon, 10 Jan 2022 16:47:33 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=260&buid=dea71a9141598ee40878d1bd557244ef&j=0&xl8blockcheck=1
cache-control: no-cache
access-control-allow-credentials: true
content-type: image/gif
content-length: 0

GET
H/1.1 200
OK utsync.ashx
ml314.com/ Frame 2E33 43 B
422 B 140ms
32ms Image
image/gif 34.247.104.176
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?eid=50146&et=0&fp=dea71a9141598ee40878d1bd557244ef&gdpr=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.104.176 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-104-176.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 10 Jan 2022 16:47:32 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0,Tue, 11 Jan 2022 11:47:33 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 2E33 70 B
264 B 28ms
28ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=lotame&ttd_tpi=1&gdpr=1
Requested by: Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:33 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 2E33 170 B
502 B 68ms
34ms Image
image/png 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=lotame_dmp&google_hm=ZGVhNzFhOTE0MTU5OGVlNDA4NzhkMWJkNTU3MjQ0ZWY

Requested by

Host: bcp.crwdcntrl.net
URL: https://bcp.crwdcntrl.net/5/ct=y/c=6894/rand=521663621/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20billingsgazette%20%3A%20Total%20Site%20Traffic/rb=%7B%22meta_tag%22%3A%22billings%2C%20montana%2C%20Big%20sky%2C%20wyoming%2C%20bozeman%2C%20yellowstone%2C%20big%20timber%2C%20outdoors%2C%20sports%2C%20hardin%2C%20red%20lodge%2C%20laurel%2C%20livingston%2C%20miles%20city%2C%20yellowstone%20national%20park%2C%20columbus%2C%20gillette%2C%20powell%2C%20cody%2C%20shepherd%2C%20cars%2C%20business%2C%20fishing%2C%20lewistown%2C%20hunting%2C%20news%2C%20forsyth%2C%20real%20estate%2C%20skiing%2C%20rentals%2C%20markets%2C%20absarokee%2C%20vehicles%2C%20recreation%2C%20billings%2C%20weather%2C%20information%2C%20classifieds%2C%20help%20wanted%2C%20jobs%2C%20houses%2C%20used%20cars%2C%20trucks%2C%20obituaries%2C%20obits%2C%20entertainment%2C%2059105%2C%2059101%2C%2059102%2C%2059106%22%7D/rt=ifr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcp.crwdcntrl.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:33 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 1956 13 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

cross-origin-resource-policy: cross-origin
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Mon, 10 Jan 2022 16:31:02 GMT
expires: Tue, 10 Jan 2023 16:31:02 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 991
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0929 783 B
535 B 34ms
18ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

be67794464a4420f322b92151d64d59f0c86130dc922caa5d5e173aea8a80270

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qhUqm3WQyoojYcPUgIDXlw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 10 Jan 2022 16:47:33 GMT
date: Mon, 10 Jan 2022 16:47:33 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-qhUqm3WQyoojYcPUgIDXlw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js Show response
pagead2.googlesyndication.com/bg/ Frame 1956 35 KB
13 KB 6ms
6ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/94IealOMwR7kxf6jS-jGG0uIjJYzj28NIr5mtVGcdhU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

f7821e6a538cc11ee4c5fea34be8c61b4b888c96338f6f0d22be66b5519c7615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 15:48:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3541
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13400
x-xss-protection: 0
last-modified: Tue, 21 Dec 2021 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 10 Jan 2023 15:48:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0929 0
0 55ms
54ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022010407&jk=2087137363529733&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 1956 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?dg83hw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 10 Jan 2022 16:47:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
21 B 42ms
42ms Image
image/gif 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022010407&jk=2087137363529733&bg=!KCulK2_NAAbDtiZlw7Y7ACkAdvg8WrN0kGxESvndVHo366wbBCRXFxMoCpcfMDFu9oUeVRHHlEBMIQIAAABqUgAAAAhoAQcKAA2tRW-0HpkWERSIGsRNmQJ39hk-u-JmKQqe_Vik88-7CxBHhsMODdduLGDTLrHISSgx-x6dmmS8mAvbdqhAyhYxmmUOtoVuapSCVBeiwslMw7C-Vqqw9amR2QaNFSN4WzxbY6A3Y_CRmU1-jSQylFxafgViOpm93MZk2-ayOqUTssI8ek-tTwL1aFndIWldgoJ3EUrjIe7jOu17fnsPMiKD6D_WkwGQKq1mkL40A4SA5mo63rBaiURLEcgfeBoA85XGZq4TPUb6lRPm-QwOuPQlzPZrgouwC8rqF7C4Itnwqq3oKE5Venf-0CU4toD4un0LNUDK44MOHDfQ0i2Fvl3Em9xvOSutD9lUmPmncGyCf2qCh1iPBs7XA_3pmkb1Gri428tvA-KcaGi7BSHZ-UL-buSRpEPyIiqGu_-RBX3TRQXWP5O6nqqxibtnZCmBgCjByF5lLG9RiZDC1jTli5BDbeBe2GX1BH3biOmP8SF3KouCkrVrHG7IKMrhlRJrS9TKNfwRkUU5WGxCYi1cfUj2jewx6KntezM_oYTktjqPYktI65_kLoDPCgW7vBnqUiyMpIMC3S3q80yPg5humBF_a7g88Bh9_tPxeL52jMdf0f77R0VAJiXU6fNcjuwfy94dAkn_IRgoF22J7_6CO_gtLwU1-GVAMG4GX9kNjWHPNijAPtoa8QqVSU_LsC0dEQ2tqTUoxK67q1D7eFNVmOQ_g_SB3ZAs1evzbffP6Wis7rGDki74SEsgVXhmhP-V-7lloi3FQLqtw0NJ4TQE_oojU_XcF_tRRUvfkbPVrNSTS2-USGDq26vlC-BJj3D4n0BuV8HxdYjdoNtNEeBQj1PyNAX-jwD5rw

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://billingsgazette.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Jan 2022 16:47:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

166 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
i.liadm.com/s	1970-01-20 00:47:05	Name: _li_ss Value: MgUIBhCoETIFCAoQqBEyBQh-EKcRMgYIiwEQqBEyBQgLEKgRMgUIDBCoETIFCHkQpxEyCQj_____BxCoEQ
click1.email.lee.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: BB27BCB0546F459042631F0B466DBE34
.google.com/	1970-01-20 04:27:24	Name: NID Value: 511=AsGr-Hu4ZDvAO96WqiuVNFtg7VoAjFirotz5oayLukGDputj3Xu08VGc_tU1uvmvo1XI0Y63NzKFsG1pCip-Si1pl3InEpXPlIsCQtSTrAoU1X7RTo20RTVUUz0DpFLkSB0GQqdPssGmSeEXRWUGcCWxPdnYNeivl6dehZswPSQ
.billingsgazette.com/	1970-01-20 00:03:56	Name: AMP_TOKEN Value: %24NOT_FOUND
.billingsgazette.com/	1970-01-20 00:05:19	Name: _gid Value: GA1.2.541294454.1641833250
.billingsgazette.com/	1970-01-20 00:03:53	Name: _dc_gtm_UA-54716522-7 Value: 1
.billingsgazette.com/	1970-01-20 17:35:05	Name: _ga_NFTGWT90ER Value: GS1.1.1641833249.1.0.1641833249.0
.billingsgazette.com/	1970-01-20 00:03:53	Name: _dc_gtm_UA-54716522-2 Value: 1
.billingsgazette.com/	1970-01-20 00:03:55	Name: spses.fcc6 Value: *
.billingsgazette.com/	1970-01-20 17:35:05	Name: spid.fcc6 Value: 4c4bad18-9062-49e9-a7a8-e99d15713e6f.1641833250.1.1641833250.1641833250.24d206bd-d02f-4db7-af53-8880f43113f2
.scorecardresearch.com/	1970-01-20 17:20:41	Name: UID Value: 1UR9IBIJ16XCBIW2DPXOEAg1641833250
.billingsgazette.com/	1970-01-20 17:35:05	Name: _ga_F8FFLLVDEZ Value: GS1.1.1641833250.1.0.1641833250.60
.billingsgazette.com/	1970-01-20 17:35:05	Name: _ga Value: GA1.1.214812033.1641833250
.billingsgazette.com/	1970-01-20 08:49:29	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Jan+10+2022+16%3A47%3A30+GMT%2B0000+(GMT)&version=6.2.0&landingPath=https%3A%2F%2Fbillingsgazette.com%2F&groups=C0002%3A1%2CC0001%3A1&hosts=&legInt=
.doubleclick.net/	1970-01-20 09:25:29	Name: IDE Value: AHWqTUknJmOPayz-ncEyTAVOfoGtwbUkLHmv3oNORQl-Vy02J5jgkff964hl-UBx23k
.billingsgazette.com/	1970-01-20 17:35:05	Name: _ml_id Value: 01a45c5c6e3d6563.1641833251.1.1641833251.1641833251
.billingsgazette.com/	1970-01-20 00:03:55	Name: _ml_ses Value: *
billingsgazette.com/	1970-01-20 08:49:29	Name: usprivacy Value: 1YYN
.billingsgazette.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .billingsgazette.com
.billingsgazette.com/	1970-01-20 17:35:05	Name: _lc2_fpi Value: e33b083e4625--01fs2e6fxg6pdpgdmym35d1sd9
.billingsgazette.com/	1970-01-20 09:25:29	Name: __gads Value: ID=a2defef40c79593a:T=1641833250:S=ALNI_MZAT7PcC886kzRbvU4scyvJKzFYYA
.billingsgazette.com/	1970-01-20 02:13:29	Name: _fbp Value: fb.1.1641833251039.309915464
.facebook.com/	1970-01-20 02:13:29	Name: fr Value: 0MfN2ZDlFLUVr9wPO..Bh3GMj...1.0.Bh3GMj.
.liadm.com/	1970-01-20 17:35:05	Name: lidid Value: d153adc3-f42d-4d65-b977-40b60bb563d1
billingsgazette.com/	1970-01-20 13:30:17	Name: tms_VisitorID Value: c96x2x4kh8
billingsgazette.com/	1970-01-20 00:03:53	Name: _liChk Value: 0.4575436413816729
serving.roimediaconsultants.com/	1970-01-20 08:49:29	Name: AVPUID Value: 3b765f8bbdadbd4a949fe6c6c1333ec2
sic.33across.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: dsic-013-chi~k0af46en-dim5cfmu-66dr93iv-6q2su0vc
.billingsgazette.com/	1970-01-20 08:49:29	Name: FCNEC Value: [["AKsRol_ioCW8p9XVy5NsIhZwg3F8qFSpDHsS8JXHfDNQMpkBYdCRdRwDb2ZQMWxBD9aDW5s3Azt95LjTd99_QvI49QcDZElw6iQqBkD4dRC_lSI1JXPBfk42r3cqW_0ByVAPiYudDTcw9mJ2j7lN4BKbGMbJ2A89Kw=="],null,[]]
.adsrvr.org/	1970-01-20 08:49:29	Name: TDID Value: b02ca7f6-f198-4367-a14a-a4eef8dba124
.mathtag.com/	1970-01-20 09:29:48	Name: uuid Value: fb0f61dc-6323-4f00-89ac-0d5e8a118117
.adsrvr.org/	1970-01-20 08:49:29	Name: TDCPM Value: CAESGQoKbGl2ZWludGVudBILCNL46NndmKo6EAUYBSABKAIyCwiW-s-G9JiqOhAFOAE.
.bidswitch.net/	1970-01-20 08:49:29	Name: c Value: 1641833251
.bidswitch.net/	1970-01-20 08:49:29	Name: tuuid_lu Value: 1641833251
.bidswitch.net/	1970-01-20 08:49:29	Name: tuuid Value: f955a6c9-397c-4ae3-8a72-a1741674c0e7
.demdex.net/	1970-01-20 04:23:05	Name: demdex Value: 66770858859221020563657393955851330132
.dpm.demdex.net/	1970-01-20 04:23:05	Name: dpm Value: 66770858859221020563657393955851330132
.addthis.com/	1970-01-20 09:34:07	Name: na_id Value: 2022011016473200034648903202
.addthis.com/	1970-01-20 09:34:07	Name: na_tc Value: Y
.addthis.com/	1970-01-20 09:34:07	Name: uid Value: 61dc632443295410
.addthis.com/	1970-01-20 09:34:07	Name: ouid Value: 61dc63240001e467341677943a9d9f0a421dbba9d4288725da54
.dlx.addthis.com/	1970-01-20 00:47:05	Name: na_sc_x Value: 1
sync.srv.stackadapt.com/	1970-01-20 08:49:29	Name: sa-user-id Value: s%3A0-b9449be5-1154-4c5a-5689-be3e96be5ecb.FPfwZdEfkW2XVK3joHpqypHQzi19il3dJ545gpYJIr8
.srv.stackadapt.com/	1970-01-20 08:49:29	Name: sa-user-id-v2 Value: s%3A0-b9449be5-1154-4c5a-5689-be3e96be5ecb%24ip%24217.64.151.3.5VO9IRncRFY29t3XJ%2FXWctl2KbwUDzxprwefgW9CHrU
.crwdcntrl.net/	1970-01-20 06:32:39	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 06:32:39	Name: _cc_id Value: dea71a9141598ee40878d1bd557244ef
.crwdcntrl.net/	1970-01-20 06:32:41	Name: _cc_cc Value: "ACZ4XmNQSElNNDdMtDQ0MTS1tEhNNTGwMLdIMUxKMTU1NzIxSU1jAILEO8mq%2F4GAH8QBA%2BXvH%2FrkGN%2BZMvxnZGR42%2FBWAMZuWjwRLr5vzRtZmPiibxPg4rd2ToKzexYg1Jxfsocbpv7HIYSap2sR4suOIMTXbkOwv31FmL%2B0%2F4QOzJzpq4%2FD2a0fEWrm%2FUG4%2F8k6hBtavyPU9P5CsK%2F3HIK7bdMlhN7Z3f1wvzw7iHDP8U1TWGBu%2BPjZEsZ8tngOXHj5n0KY8PGjh5hh7N37LsND80PDfTj7MJLW6SfUYcrfLUGYOOPaJbhnAdxtp3I%3D"
.crwdcntrl.net/	1970-01-20 06:32:41	Name: _cc_aud Value: "ABR4XmNgYGBIvJOsCqQggIWBcd0sEJNZYxeIYtwgDqbWzQeSAIkuBg4%3D"
.rlcdn.com/	1970-01-20 08:49:29	Name: rlas3 Value: RmXlHXjKyOn9YvZVHKOLw+Nbw1brDQTdxQYp84VOcMA=
.rlcdn.com/	1970-01-20 01:30:17	Name: pxrc Value: CAA=
.exelator.com/	1970-01-20 02:56:41	Name: EE Value: "cfb997bd7d0e7e10b2a0505dd21e6288"
.exelator.com/	1970-01-20 02:56:41	Name: ud Value: "eJxrXxzq6XKLQSE5LcnS0jwpxTzFINU81dAgySjRwNTANCXFyDDVzMjCYnFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yNJ8SX5RZvoiF9fFRSlpDItKik8F71cqAgCVaint"
.leetemplates.com/	1970-01-20 08:49:29	Name: sp Value: d33b403b-3127-4af5-b74a-c4d7d5fba467

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://billingsgazette.com/(Line 227) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://billingsgazette.com/(Line 227) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487(Line 89) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://survey.g.doubleclick.net/insights/consumersurveys/static/440635153187323431/prompt_embed_static__de.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487(Line 89) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://survey.g.doubleclick.net/insights/consumersurveys/static/440635153187323431/prompt_embed_static__de.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487(Line 82) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://adservice.google.de/adsid/integrator.sync.js?domain=billingsgazette.com, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487(Line 90) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://survey.g.doubleclick.net/gk/prompt?site=_rdjlrtrrurmuy&t=1&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249558&ref=&token=, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://survey.g.doubleclick.net/survey?site=_rdjlrtrrurmuy&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249487(Line 90) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://survey.g.doubleclick.net/gk/prompt?site=_rdjlrtrrurmuy&t=1&url=https%3A%2F%2Fbillingsgazette.com%2F&cid=everything&random=1641833249558&ref=&token=, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://am.freshrelevance.com/tpc/ Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://serving.roimediaconsultants.com/servlet/view/banner/javascript/zone?zid=2460&friendly=friendly_1488548298&pid=9&fr=60&frlm=1&rmpid=true&random=1488548298&origin=https%3A%2F%2Fbillingsgazette.com&referrer=https://billingsgazette.com Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: https://thrtle.com/insync?vxii_pid=10014&vxii_pdid=dea71a9141598ee40878d1bd557244ef Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

98f02a78e754ebda3aed7126cb8a8a0c.safeframe.googlesyndication.com
a.leetemplates.com
acdn.adnxs.com
ad.crwdcntrl.net
adservice.google.com
adservice.google.de
am.freshrelevance.com
ampcid.google.com
ampcid.google.de
analytics.google.com
b-code.liadm.com
bcp.crwdcntrl.net
billingsgazette.com
bloximages.chicago2.vip.townnews.com
c.amazon-adsystem.com
c8.dycdn.net
cdn-sic.33across.com
cdn.cookielaw.org
cdn.tynt.com
cdnjs.cloudflare.com
click1.email.lee.net
cm.g.doubleclick.net
connect.facebook.net
contributor.google.com
d1eoo1tco6rr5e.cloudfront.net
d81mfvml8p5ml.cloudfront.net
de.tynt.com
dkpklk99llpj0.cloudfront.net
dn1i8v75r669j.cloudfront.net
dpm.demdex.net
fundingchoicesmessages.google.com
geolocation.onetrust.com
i.liadm.com
i6.liadm.com
ic.tynt.com
identity.mparticle.com
idsync.rlcdn.com
insight.adsrvr.org
js.matheranalytics.com
jssdkcdns.mparticle.com
jssdks.mparticle.com
loadm.exelator.com
match.adsrvr.org
ml314.com
pagead2.googlesyndication.com
rp.liadm.com
rp4.liadm.com
sb.scorecardresearch.com
sc.tynt.com
securepubads.g.doubleclick.net
serving.roimediaconsultants.com
sic.33across.com
sli.billingsgazette.com
stats.g.doubleclick.net
storage.googleapis.com
survey.g.doubleclick.net
sync.mathtag.com
sync.srv.stackadapt.com
tagan.adlightning.com
tags.crwdcntrl.net
thrtle.com
tpc.googlesyndication.com
trc.taboola.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.i.matheranalytics.com
x.bidswitch.net
x.dlx.addthis.com
104.111.215.191
104.18.130.43
104.18.14.222
104.18.29.199
107.178.250.234
142.250.184.194
142.250.185.130
143.204.95.188
143.204.97.29
143.204.98.104
143.204.98.66
143.204.98.86
159.89.191.251
18.157.225.191
185.29.134.248
192.104.182.209
2.16.186.193
2.18.232.130
2600:1f18:444a:4680:469d:1ee7:c700:42a5
2600:1f18:730:b130:4896:6298:98c:bff0
2600:9000:2156:1600:16:f02f:46c0:93a1
2600:9000:2156:3600:2:36a1:2f40:21
2600:9000:2156:4400:e:98bf:5f00:21
2600:9000:2156:7600:8:8845:1500:93a1
2600:9000:2156:ca00:7:5031:dc0:21
2606:4700:10::6814:b944
2606:4700::6810:135e
2606:4700::6810:9540
2a00:1450:4001:801::200e
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2010
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:4001:828::200e
2a00:1450:4001:829::2001
2a00:1450:4001:829::2003
2a00:1450:4001:829::2011
2a00:1450:4001:82a::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c07::9b
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
2a04:4e42:200::645
2a04:4e42:600::300
2a04:4e42::645
3.211.7.2
3.229.102.111
34.102.205.239
34.245.255.87
34.247.104.176
34.254.143.3
34.255.247.61
35.244.174.68
52.19.22.209
52.223.40.198
52.30.14.23
52.71.198.250
54.146.217.90
54.81.207.173
67.202.105.22
67.202.105.32
67.202.105.33
74.214.203.11
00e56cfdfbca341d88157faf25f3861da10e0cface78a8a0b662ba42601c723c
01e43d86d851f059e3e966e356c4a95eceaba7397437e1e34d15a9c0621a6cb0
059bc42513157b8af9033f063157dffd7a9a1c6bbc9e4f2b3bc75d52be38863d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
099e517fbae7720fe1684cd93c76299d211cd0d6c6877f1b60e4938f6aaabfdb
09b7ece464c01f640c13fdceb08bb12ab4a2db787f36a8253c109ea3d4f7d9f5
0a98bc21dd0c0778b31dc535a85bec35a92a9baa51eda9b20591e066453b67f1
0aae37caeb1c5064881f16534e735f299658ad15ebe527cb1969e75d9ceb1c40
0ac4a1580edb443420c38896152a03c80c8fa8e5f1f09853896b810d87309a80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c3828f69b4c6cd9644d8b17c715b057619f97e1c596315457a0b1b087db3036
0c564ab82eab3ab608280194eefcee40765ab7872e8ed349e806e3c3170c4631
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0e987cd9863ecef803b7aeb4c497c16d40158d0a73f64a1c4a405da9d1778771
0f43f4ee69c1e53622d634119250c9ecc2b189983c3e9dcf6bca4c59523b2b4e
0fd429b95adc1755ffb3f7d831ac7e33dad31379239750f32c49c98f7019e45f
10077710e68b9491d9ce42ae5a38394b56d4997317e452573c8710597ccc064f
10ab566c9fb0560fc9b7690af2b2a06cb4ce5af583a6e9796d1ece57c702c5e8
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625
164025ad48f93b1da3a282660b3288481df3d3ba397d8f852b72008246b14dc2
165f2224fdb220f295f4c441bad7dfc35fd9ef57cb56af722285137944f598a7
18eadbed616a1c6d3afcf2750befa4c653869688479efbfdb0020c7c836d718b
19ee3ded1fe83e848e9b5cb0831689460e07c7d3d867fc692c84dc1106086293
1c21c3719bc99c619e47f5ed25b0f346cb8a67a38bf71cc45957753ace65162f
1ddd466f2537ff1e7c620b9f5d3c50229baa530655c61abbdc412cf7b6c7fd5e
1de200150f4a5054f7c603b8889e3ec83c3c7d1cf27932ce2a97e2dbd361c17d
23da666ed29810ec4d906afc121a3853e6db58296b859836072a1ecd929591f8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28c34bd50c348323ceb8c44c6cbf5d3b5efdfcfa54b7fe00cbb7f5d0ea708bbf
295b9a4cba84a09093cb392460e4f1ef5f33f00915d56234ba452b1f8b5ec503
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435
2ff30298cb08600b21e18d99439aab14c6616c4436c5183aeeb1b47f68994448
321fb426ca5f214a70f2faf9f9ded0e9332a1d134c0279983cb821d50c94b7f2
3438ad0185e56faec50cbdacd8b7e8d701f4ce9315af72ab2b7b2c70b7d4c0c9
3a00a06d39ece4f2816e75b2e577c3b05a51ba196e19bd103d1124567f0c54f5
3c9a2d086d47148ae23b40fb16fa13a5bd578e40aa7ee5acabd1ad9d3c958ecf
3e4515f504b3f855b5fa765e6201f1adc54882fdea7717665d5f86252937c40d
3ea73ee6a4b5fe1e707bd725d6eaf0a874ceef720ec8a9ee1b43b0661adfe513
3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447
3f9015c499bd1271c846320ce7319c22a88caa022a240e8c9b2cc62d3a4361a5
412d6e2fda83cb67eaa36214450083488293c1273f1542c717b524626cd2da6d
4181c0c92f5fe530888ea697489e81b930fb71b373bf0bb71cb3ce97714a8140
44702be1639664bacb614533634885305265099666aeb0215ae5b72480319b4f
4c821f2d169369324022057e9948ed8f9d45794d18b6c8c3fbbba900bb65158c
4d2a74d8b25e1ccd4b1294b0b937804bc24aeea7f46edad3f3c1f91604d2708c
4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5893bd080d50d15706acc7a4a216160ed89641c7f7ef286418a57ca2d684d744
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
5a2f10e09cd6e81eb686dbca9e6056ed485e87d3869bac347455547c294cb036
5cb84e065b17dc762b882ccfe563a396ae3c433f39d0c0f20c08394928615e50
5e92504ef4eb27d944b38d96e7a191387eb3e4bb982527f6ad4fa463ff723d87
614f1494504a07c7a69e7eccefe353b4013e7506873257f38f2d768d5e50a745
619471924b1651c4f02e2da75dbe219f3a3306b5704c6a65db1616fb7cf1391a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
644304fe15c7f17a6ab07588fa14318ebce8730a85eb17b3a0fddca16fe9bae6
6507fd39f6e7d0d8757281cfd08b11de1579d2ad4504048afd60d6655a46ece5
656a62e7cfbd270352bfa0ccf580e3b84cb18ff2256277c699a9144edae5db21
68bf61530a1fa0a4b3f8cdc648776cd6dbff579d7131736a57d937e22471b38d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d0ba9d47d03d591f279f96405e23a9cc5c6d9dbc8d894e190f95a841698f966
6d8b76cb673b3af30f99448de96d4bfa03546c4e7808ce9c6ccaa9777efc90ac
6fa2648646dd59fb7f79efab66fabce207453ea9c2c71271e2837368463a02ea
7091488a99ff5fed4f20893ba1d9c207916d8c72bb41d0f2c35d802de967b009
7169b20ff9116852953e326ad3776ac06c0f14a5a21a3e07f3fb8b5c46418a61
7244ea19ffa4d9880dc077d518212cd7dba6df6ead5f937d7455ef3f44c3e4e3
7402309ea1e862428f75607361831adb6416d6985d4e6a36f34e1650948bf274
74b338358b894f617ddf4fbabf85172e38af881578af6a5dce02a6a6f8025b02
74d0c44f7a2f8ab81982b3e5e2bdf5a2510174bae99571bb42d057c8f4085526
7510df1cacbb425f5a1f8890a01d80c2a33bb0c3e5919009c8ec8c2e304cabce
75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0
7baffa7d286eb3e6d0dd2ef8027608fb2de46f761cfdce3d0195af8281c02db6
7bb1c6330bed1ba8179bbac6962a39a05db8c1269b1bc5d0f66c7c94e3e3c64f
7d6bc5ccc0d04e6ccfbecd2bd5775b3604995e5196b4e08c179d0885e7e94925
811f32067597fd2dd573e14aec7c2f4256ae30808aa95e3a0edb9d713dfd183c
819515c05af1d0454abf5fea7f4f3caa34a53a25f153db25b95cc54a8c82825c
81bf0b6e3e2a2dc2bc0f62484bd9f55bc163714a8fa868f0537eafae60097d9e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88f85d0f9e975d4313c570d4bf3733be6b97615f6127c5db5d3580a434a02017
8bf8e1f69f84e16d7c0b046cc032f092ed72c54438dea02e49b01e3f4a536ef7
8d1887e4f70793333d6111a12ea112f6463a1d35c14011d22586167cb2e15b42
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66
8ea9df9aa296a2eac3fe1a8b6972fecea49c7295f723cf9c93356ff9301a09ec
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
91d2a62e14528d89f4144bdb64fc307d91638f0d9ce99f1612fced16928f0b44
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235
9431906c144ff04557d4ff1107eb545d75fea2b444bc0cd460b06dd221a825fe
9476713709bfb2efbef10bee7267250bd6ef908f0f31927fc3f55d0d801a60d5
95947d06941689a90b7c24049358663b52af9fdef2e5532bc74e8a342b1fff23
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9fcd21f6a170f68c4d9214fcc867042f2ae8aee9973d23acafbc1f51ad3aac67
a146b9af7ea8c29e3c2f62b0f438fc01c26483728acbec71d96094c33eea6192
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a620dcbc90bb1b40ec6c877aa722e507930cb49a1a36f477292f6b46e5e21d0b
a6e66efd92cdb72e8ee71ab01fb4e6f77969075ebe1e62cda282dc24524ab6e1
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a769d4bf461200d7c95adb57e300810ce0c5e61951f031755e91aad1329c4691
a7ec4b07230bb457e7af498c5330fb910f7e848a73c3b91b67bed563085e264d
a876f7590c4f5401126a7f86a487411e1edb22b7750b8d7e10dbc2fe1178939d
a877e3e27c3463a7be513923b1df1bf31ffcee5b505310bd143eeb6646aaf2f8
b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600
b140866a13c2eeca9a0ad91f4bf8e505a0fa237279f9d6616c3c21329139f1de
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b2bedb8d9b818971c16b394180d1decd7e9993d6d6bcc0656637fa4a2e0ef191
b3a9a6006e4c01d6d84a49eecf07cf36a818779ff4e99bbff22850f02de9c7a8
b6c42adbbed5052468fe24de92d778f49aecdfcca1d696dd06b8319410b5a3fa
b85a278f4bbab557fee88a1c3cb741b891c524c9dc185eb494994316da56e25a
bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332
bc40838a707dba656095bdce002939c726b0fe7de618b613ff3a29a39aef0938
be67794464a4420f322b92151d64d59f0c86130dc922caa5d5e173aea8a80270
bf315a90b3e6ad33a41c22576dac9faf7107d43c8c7728ec17a4ba676b5dffcc
c020f54c248a55614e1dbe7002ac03e4a6ed263a6e9d460621b4894add76efcd
c7dd5e1772037fc42030a3f4102640364b8cc6ad696c549fa95f3d7f13041cb0
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cab8f3bef8830763240eb9a41ad703180441a662ab0f1b3f20c2241e2fca8ed4
cac51215c7891c57555d96a1e25ab8e65bf3c4fbb2de26598b756f31e372fbe4
d018dfe8631f61492271d2c987e71f50805c4416ad0743d3fe1546aab43bf3de
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d3ac1ce74d996fd1d5eb2f34feae5f87a3afa267474dc38308bf28a2f2462b9a
d4d964d6d34df7fde3554039d33b468b74afee14d6526a87b926688f0fc8d93c
d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d87c4aa69c2b59db656928e424f66e08b7fd45654d4fd1674d9422cc72eae482
d9af544bca7998f6fbb9e9fcff9cef9d9f69881812cda8fe6ee4edfafd1b8cbb
da46bc766028c67f94e34c39ecf0c36513fd5ffffe1e126ce09908ebcd671eb6
da9f4d68c82d5f141d9322bd69714d94101d649cf9b85ce3c6ae8b75dbe015ab
dbbd0a15e9bdf660f05a38c1dd90ad0dc31a5d5fa0c5e1a288ecb30927d80765
ddbc1a158d7d13b63c0fda8fd2ece421016468e9e88914d2b81d3e8929c19df1
ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c
de80309d98405d566c6fb1912811b24c8ad3a8380f6819d26a6c1eac5cd99185
e31c42447e764b1195ff393437950867800ce2465dd3724c95640f4f5b34487c
e3382b5f78c7613fc13d4de00f9ed387f50663cc9d1c76118e55ea4ab3f1c5a7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e78bac7c2d4ad157ca2d43d12d1cdc08ab7943d3535287108ed9e6b8ff9da523
e88570c7cd2e82b2082bdbf7bb0618159d9161d4b932855fe2039777ae11b4c6
eb922fc9d2ef402af3db9b4879dcad632b88249698df4f2807961f5fab27e192
ecd697028fbf41cfe81ec787d9a4d5238c5034e85620d74fcbe0b4a952b02a36
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efcbf6ba62c22cb133e6783ec03ac1e1b3900d36abf731732450bede0365bde1
f216ada54fdf038b59f1a7ce80cc58cec13915002dacab7cfea2add06d3b420d
f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c
f7821e6a538cc11ee4c5fea34be8c61b4b888c96338f6f0d22be66b5519c7615
f98e8196d88bff2a006872a05d79c2d695f6dda36e0aecdd0ace020207809f40
fe5d23d415187d71dfa026db8852418f98513ef7f7a1c3e1321bc95d6d6a0f5f
fe83bf4d90f17ac9ecb4808ffe059d64d79d5cf6752859c37a8113584e959c2a

billingsgazette.com Open in urlscan Pro 192.104.182.209 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

221 Requests

93 %HTTPS

45 %IPv6

43 Domains

73 Subdomains

61 IPs

6 Countries

3813 kBTransfer

9108 kBSize

53 Cookies

19 Outgoing links

Page URL History

Redirected requests

221 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

billingsgazette.com Open in urlscan Pro
192.104.182.209 Public Scan

Screenshot
Live screenshot

Full Image

221
Requests

93 %
HTTPS

45 %
IPv6

43
Domains

73
Subdomains

61
IPs

6
Countries

3813 kB
Transfer

9108 kB
Size

53
Cookies

221 HTTP transactions
5 data transactions